car.omantec.net Open in urlscan Pro
108.167.183.254 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u.to/1w84Fw
Effective URL:
https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
Submission: On January 14 via manual (January 14th 2020, 4:21:33 am UTC) from US

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 21 HTTP transactions. The main IP is 108.167.183.254, located in Houston, United States and belongs to UNIFIEDLAYER-AS-1 - Unified Layer, US. The main domain is car.omantec.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 6th 2020. Valid for: 3 months.

This is the only time car.omantec.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
5	195.216.243.155 195.216.243.155	29226 (MASTERTEL...) (MASTERTEL-AS Moscow)
1	2600:9000:21f... 2600:9000:21f3:d000:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 8	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
1	2600:9000:21f... 2600:9000:21f3:b400:19:9934:6a80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
3	108.167.183.254 108.167.183.254	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer)
21	7

5 195.216.243.155 (Moscow, Russian Federation)

ASN29226 (MASTERTEL-AS Moscow, Russia, RU)
PTR: s5.unet.com

u.to	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:d000:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

oihkm.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:6b8::1:119 (Moscow, Russian Federation) 1 redirects

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:b400:19:9934:6a80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

vaexm.app.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.167.183.254 (Houston, United States)

ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: serviciocorreo.com

car.omantec.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	yandex.ru 1 redirects mc.yandex.ru	279 KB
5	u.to u.to	3 KB
3	omantec.net car.omantec.net	72 KB
3	yadro.ru counter.yadro.ru Failed	1 KB
2	app.link oihkm.app.link vaexm.app.link	3 KB
21	5

	Domain	Requested by
8	mc.yandex.ru	1 redirects u.to mc.yandex.ru
5	u.to	oihkm.app.link vaexm.app.link
3	car.omantec.net	u.to car.omantec.net
3	counter.yadro.ru
1	vaexm.app.link	u.to
1	oihkm.app.link	u.to
21	6

This site contains no links.

Subject Issuer	Validity	Valid
u.to Sectigo RSA Domain Validation Secure Server CA	`2019-08-23` - `2021-08-22`	2 years	crt.sh
appipv4.link Amazon	`2019-08-19` - `2020-09-19`	a year	crt.sh
mc.yandex.ru Yandex CA	`2019-09-23` - `2020-09-22`	a year	crt.sh
counter.yadro.ru COMODO ECC Domain Validation Secure Server CA	`2018-04-09` - `2020-04-08`	2 years	crt.sh
omantec.net Let's Encrypt Authority X3	`2020-01-06` - `2020-04-05`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
Frame ID: C767FE6EADE5079D9FF4DD917F1EDBF6
Requests: 19 HTTP requests in this frame

Frame: https://u.to/AA44Fw://open?link_click_id=745484900027861047
Frame ID: A8E05BDDBE0CA71D7897E1B95C1FE625
Requests: 1 HTTP requests in this frame

Frame: https://u.to/HfU3Fw://open?link_click_id=745484900027861047
Frame ID: 8B0C8D83D2EC175418E61E0BEF8F2D85
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://u.to/1w84Fw Page URL
https://oihkm.app.link/tlYsxxb4d3 Page URL
https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing Page URL
https://vaexm.app.link/Y8KYRQ13d3 Page URL
https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing Page URL
https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

21
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

356 kB
Transfer

1234 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u.to/1w84Fw Page URL
https://oihkm.app.link/tlYsxxb4d3 Page URL
https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing Page URL
https://vaexm.app.link/Y8KYRQ13d3 Page URL
https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing Page URL
https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/1w84Fw;1578975676937 HTTP 302
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/1w84Fw;1578975676937

Request Chain 4

https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975677%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A492753871%3Ahid%3A556808856%3Ads%3A0%2C216%2C79%2C0%2C0%2C0%2C0%2C%2C%2C301%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975677%3Au%3A1578975677382758275%3At%3ARedirecting HTTP 302
https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975677%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A492753871%3Ahid%3A556808856%3Ads%3A0%2C216%2C79%2C0%2C0%2C0%2C0%2C%2C%2C301%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975677%3Au%3A1578975677382758275%3At%3ARedirecting

Request Chain 11

https://counter.yadro.ru/hit;utostat?rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706 HTTP 302
https://counter.yadro.ru/hit;utostat?q;rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Cookie set 1w84Fw Show response
u.to/ 980 B
1008 B 295ms
79ms Document
text/html 195.216.243.155
MASTERTEL-AS Moscow

General

Check archive.org

Show headers Download Go to

Full URL: https://u.to/1w84Fw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS: s5.unet.com
Software: nginx/1.8.0 /
Resource Hash: b69f5036af543c5d40c5e43fafc729cad9a39fdeb7db6f4dbcd5a642a2ce93fc

Request headers

Host: u.to
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

Server: nginx/1.8.0
Date: Tue, 14 Jan 2020 04:21:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Set-Cookie: lng=en; path=/; expires=Wed, 13-Jan-2021 04:21:16 GMT; domain=.u.to;
Cache-Control: no-cache no-store
Pragma: no-cache
Vary: host
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set tlYsxxb4d3 Show response
oihkm.app.link/ 2 KB
1 KB 364ms
326ms Document
text/html 2600:9000:21f3:d000:19:9934:6a80:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://oihkm.app.link/tlYsxxb4d3
Requested by: Host: u.to
URL: https://u.to/1w84Fw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:d000:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: 3053093448517233ebb8adef77dbd3c861ca0ac03bb2b8cd3c5ff761137a0133

Request headers

Host: oihkm.app.link
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://u.to/1w84Fw
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://u.to/1w84Fw

Response headers

Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: openresty/1.13.6.2
Date: Tue, 14 Jan 2020 04:21:17 GMT
X-Powered-By: Express
Set-Cookie: _s=SNDD0zXRzBuutReiuo%2F7s7iL1xtg9cCLWfQXvsNRuj0xKvUjPkG6Ux8uOCLhtDVl; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Wed, 13 Jan 2021 04:21:17 GMT
Last-Modified: Tue, 14 Jan 2020 04:21:17 GMT
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 71dbd5706c5b0c7b733248e1171f2d4f.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: Ibs9JsHGUJ56xP_v5jnoX2gICSg34D6ZDejkl6kH7yTASiItwI8zrw==

GET
H/1.1 200
OK tag.js
mc.yandex.ru/metrika/ 362 KB
92 KB 162ms
79ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: u.to
URL: https://u.to/1w84Fw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://u.to/1w84Fw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 14 Jan 2020 04:21:17 GMT
Content-Encoding: br
Last-Modified: Thu, 26 Dec 2019 10:39:25 GMT
Server: nginx/1.14.2
ETag: "5e048ddd-16ddd"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 93661
Expires: Tue, 14 Jan 2020 05:21:17 GMT

GET

hit;utostat
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;utostat?r;s1600*1200*24;uhttps%3A//u.to/1w84Fw;1578975676937
https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/1w84Fw;1578975676937

0
0

GET
H/1.1

302
Found

1
mc.yandex.ru/watch/51604940/
Redirect Chain

https://mc.yandex.ru/watch/51604940?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3...
https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101...

0
-1 B

40ms
40ms

XHR

2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975677%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A492753871%3Ahid%3A556808856%3Ads%3A0%2C216%2C79%2C0%2C0%2C0%2C0%2C%2C%2C301%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975677%3Au%3A1578975677382758275%3At%3ARedirecting

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://u.to/1w84Fw
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
Last-Modified: Tue, 14-Jan-2020 04:21:17 GMT
Server: nginx/1.14.2
Location: /watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975677%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A492753871%3Ahid%3A556808856%3Ads%3A0%2C216%2C79%2C0%2C0%2C0%2C0%2C%2C%2C301%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975677%3Au%3A1578975677382758275%3At%3ARedirecting
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Origin: https://u.to
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Tue, 14-Jan-2020 04:21:17 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
Last-Modified: Tue, 14-Jan-2020 04:21:17 GMT
Server: nginx/1.14.2
Access-Control-Allow-Origin: https://u.to
Strict-Transport-Security: max-age=31536000
Location: /watch/51604940/1?wmode=7&page-url=https%3A%2F%2Fu.to%2F1w84Fw&charset=utf-8&browser-info=ti%3A10%3Ans%3A1578975676636%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975677%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A492753871%3Ahid%3A556808856%3Ads%3A0%2C216%2C79%2C0%2C0%2C0%2C0%2C%2C%2C301%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975677%3Au%3A1578975677382758275%3At%3ARedirecting
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block
Expires: Tue, 14-Jan-2020 04:21:17 GMT

GET advert.gif
mc.yandex.ru/metrika/ 0
0

GET
H/1.1 200
OK 1
mc.yandex.ru/watch/51604940/ 152 B
692 B 45ms
45ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://u.to/1w84Fw
Origin: https://u.to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14-Jan-2020 04:21:17 GMT
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://u.to
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 152
X-XSS-Protection: 1; mode=block
Expires: Tue, 14-Jan-2020 04:21:17 GMT

GET
H/1.1 404
Not Found open
u.to/AA44Fw:// Frame A8E0 0
0 79ms
79ms Document
text/html 195.216.243.155
MASTERTEL-AS Moscow

General

Check archive.org

Show headers Download Go to

Full URL: https://u.to/AA44Fw://open?link_click_id=745484900027861047
Requested by: Host: oihkm.app.link
URL: https://oihkm.app.link/tlYsxxb4d3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS: s5.unet.com
Software: nginx/1.8.0 /
Resource Hash

Request headers

Host: u.to
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://oihkm.app.link/tlYsxxb4d3
Accept-Encoding: gzip, deflate, br
Cookie: lng=en; _ym_uid=1578975677382758275; _ym_d=1578975677; _ym_visorc_51604940=w
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://oihkm.app.link/tlYsxxb4d3

Response headers

Server: nginx/1.8.0
Date: Tue, 14 Jan 2020 04:21:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5ce7c62b-1a75"
Content-Encoding: gzip

GET
H/1.1 200
OK AA44Fw Show response
u.to/ 980 B
928 B 79ms
79ms Document
text/html 195.216.243.155
MASTERTEL-AS Moscow

General

Check archive.org

Show headers Download Go to

Full URL: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Requested by: Host: oihkm.app.link
URL: https://oihkm.app.link/tlYsxxb4d3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS: s5.unet.com
Software: nginx/1.8.0 /
Resource Hash: e7c1de7cba005a5a1af87b5cb28be91d2912e6982d5b43aa15d40b840a83f98a

Request headers

Host: u.to
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://oihkm.app.link/tlYsxxb4d3
Accept-Encoding: gzip, deflate, br
Cookie: lng=en; _ym_uid=1578975677382758275; _ym_d=1578975677; _ym_visorc_51604940=w; _ym_visorc_27365672=w; _ym_isad=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://oihkm.app.link/tlYsxxb4d3

Response headers

Server: nginx/1.8.0
Date: Tue, 14 Jan 2020 04:21:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache no-store
Pragma: no-cache
Vary: host
Content-Encoding: gzip

GET
H/1.1 200
OK Cookie set Y8KYRQ13d3 Show response
vaexm.app.link/ 2 KB
1 KB 278ms
238ms Document
text/html 2600:9000:21f3:b400:19:9934:6a80:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vaexm.app.link/Y8KYRQ13d3
Requested by: Host: u.to
URL: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:b400:19:9934:6a80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: openresty/1.13.6.2 / Express
Resource Hash: c580cc22320ba1c854537dd354bc1f8100e644e320b5c24d3e9e7350a9924404

Request headers

Host: vaexm.app.link
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Accept-Encoding: gzip, deflate, br
Cookie: _s=SNDD0zXRzBuutReiuo%2F7s7iL1xtg9cCLWfQXvsNRuj0xKvUjPkG6Ux8uOCLhtDVl
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing

Response headers

Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: openresty/1.13.6.2
Date: Tue, 14 Jan 2020 04:21:17 GMT
X-Powered-By: Express
Set-Cookie: _s=SNDD0zXRzBuutReiuo%2F7s7iL1xtg9cCLWfQXvsNRuj0xKvUjPkG6Ux8uOCLhtDVl; Max-Age=31536000; Domain=.app.link; Path=/; Expires=Wed, 13 Jan 2021 04:21:17 GMT
Last-Modified: Tue, 14 Jan 2020 04:21:17 GMT
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 2b2e2811e641703aebf776da39317b9c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
X-Amz-Cf-Id: O9qhRaG4HN9jNP9xVSkIigzAPIzLvHrpA_M8qDJWRrZVK1e3RtbMKA==

GET
H/1.1 200
OK tag.js
mc.yandex.ru/metrika/ 362 KB
92 KB 40ms
40ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: u.to
URL: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 14 Jan 2020 04:21:17 GMT
Content-Encoding: br
Last-Modified: Thu, 26 Dec 2019 10:39:25 GMT
Server: nginx/1.14.2
ETag: "5e048ddd-16ddd"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 93661
Expires: Tue, 14 Jan 2020 05:21:17 GMT

GET
H/1.1

200
OK

hit;utostat
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;utostat?rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706
https://counter.yadro.ru/hit;utostat?q;rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706

43 B
399 B

70ms
70ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://counter.yadro.ru/hit;utostat?q;rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS: host204.rax.ru
Software: nginx/1.11.1 /
Resource Hash

Request headers

Referer: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
Server: nginx/1.11.1
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 13 Jan 2019 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
Server: nginx/1.11.1
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Location: https://counter.yadro.ru/hit;utostat?q;rhttps%3A//oihkm.app.link/tlYsxxb4d3;s1600*1200*24;uhttps%3A//u.to/AA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975677706
Cache-control: no-cache
Connection: keep-alive
Content-Type: text/html
Content-Length: 32
Expires: Sun, 13 Jan 2019 21:00:00 GMT

POST
H/1.1 200
OK 51604940
mc.yandex.ru/watch/ 152 B
692 B 40ms
40ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/51604940?wmode=7&page-ref=https%3A%2F%2Foihkm.app.link%2FtlYsxxb4d3&page-url=https%3A%2F%2Fu.to%2FAA44Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing&charset=utf-8&browser-info=ti%3A10%3Avc%3Aw%3Ans%3A1578975677615%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052117%3Aet%3A1578975678%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A558076880%3Ahid%3A656394132%3Ads%3A0%2C0%2C79%2C1%2C0%2C0%2C0%2C%2C%2C94%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975678%3Au%3A1578975677382758275%3At%3ARedirecting

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://u.to/AA44Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Origin: https://u.to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:17 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14-Jan-2020 04:21:17 GMT
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://u.to
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 152
X-XSS-Protection: 1; mode=block
Expires: Tue, 14-Jan-2020 04:21:17 GMT

GET
H/1.1 404
Not Found open
u.to/HfU3Fw:// Frame 8B0C 0
0 78ms
78ms Document
text/html 195.216.243.155
MASTERTEL-AS Moscow

General

Check archive.org

Show headers Download Go to

Full URL: https://u.to/HfU3Fw://open?link_click_id=745484900027861047
Requested by: Host: vaexm.app.link
URL: https://vaexm.app.link/Y8KYRQ13d3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS: s5.unet.com
Software: nginx/1.8.0 /
Resource Hash

Request headers

Host: u.to
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: nested-navigate
Referer: https://vaexm.app.link/Y8KYRQ13d3
Accept-Encoding: gzip, deflate, br
Cookie: lng=en; _ym_uid=1578975677382758275; _ym_d=1578975677; _ym_visorc_51604940=w; _ym_visorc_27365672=w; _ym_isad=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://vaexm.app.link/Y8KYRQ13d3

Response headers

Server: nginx/1.8.0
Date: Tue, 14 Jan 2020 04:21:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
ETag: W/"5ce7c62b-1a75"
Content-Encoding: gzip

GET
H/1.1 200
OK HfU3Fw Show response
u.to/ 1019 B
952 B 80ms
80ms Document
text/html 195.216.243.155
MASTERTEL-AS Moscow

General

Check archive.org

Show headers Download Go to

Full URL: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Requested by: Host: vaexm.app.link
URL: https://vaexm.app.link/Y8KYRQ13d3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 195.216.243.155 Moscow, Russian Federation, ASN29226 (MASTERTEL-AS Moscow, Russia, RU),
Reverse DNS: s5.unet.com
Software: nginx/1.8.0 /
Resource Hash: 221d059930fc3c27773b2914c1000fa74fc3f72dd9ff78f139d82ae9d70fecc2

Request headers

Host: u.to
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://vaexm.app.link/Y8KYRQ13d3
Accept-Encoding: gzip, deflate, br
Cookie: lng=en; _ym_uid=1578975677382758275; _ym_d=1578975677; _ym_visorc_51604940=w; _ym_visorc_27365672=w; _ym_isad=2
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://vaexm.app.link/Y8KYRQ13d3

Response headers

Server: nginx/1.8.0
Date: Tue, 14 Jan 2020 04:21:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=15
Cache-Control: no-cache no-store
Pragma: no-cache
Vary: host
Content-Encoding: gzip

GET
H2 200 Primary Request / Show response
car.omantec.net/.well-known/acme-challenge/boa2020update-verify/ 513 B
587 B 1100ms
714ms Document
text/html 108.167.183.254
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
Requested by: Host: u.to
URL: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 108.167.183.254 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: serviciocorreo.com
Software: Apache /
Resource Hash: f178e4c61f0d54464f4fa862cc861e84bb994414451a78b6be3724e63b550d71

Request headers

:method: GET
:authority: car.omantec.net
:scheme: https
:path: /.well-known/acme-challenge/boa2020update-verify/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing

Response headers

status: 200
date: Tue, 14 Jan 2020 04:21:18 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
set-cookie: cazanova=380c0ceeca77e67886c0bf668a4fd0c74bee47cc; expires=Tue, 14-Jan-2020 06:21:19 GMT; path=/; HttpOnly
vary: Accept-Encoding
content-encoding: gzip
content-length: 325
content-type: text/html; charset=UTF-8

GET
H/1.1 200
OK tag.js
mc.yandex.ru/metrika/ 362 KB
92 KB 131ms
90ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: u.to
URL: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date: Tue, 14 Jan 2020 04:21:18 GMT
Content-Encoding: br
Last-Modified: Thu, 26 Dec 2019 10:39:25 GMT
Server: nginx/1.14.2
ETag: "5e048ddd-16ddd"
Strict-Transport-Security: max-age=31536000
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Content-Length: 93661
Expires: Tue, 14 Jan 2020 05:21:18 GMT

GET
H/1.1 200
OK hit;utostat
counter.yadro.ru/ 43 B
273 B 71ms
71ms Image
image/gif 88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://counter.yadro.ru/hit;utostat?rhttps%3A//vaexm.app.link/Y8KYRQ13d3;s1600*1200*24;uhttps%3A//u.to/HfU3Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing;1578975678388
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS: host204.rax.ru
Software: nginx/1.11.1 /
Resource Hash

Request headers

Referer: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:18 GMT
Server: nginx/1.11.1
Content-Type: image/gif
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Sun, 13 Jan 2019 21:00:00 GMT

POST
H/1.1 200
OK 51604940
mc.yandex.ru/watch/ 152 B
692 B 48ms
48ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/51604940?wmode=7&page-ref=https%3A%2F%2Fvaexm.app.link%2FY8KYRQ13d3&page-url=https%3A%2F%2Fu.to%2FHfU3Fw%3F_branch_match_id%3D745484900027861047%26utm_medium%3Dmarketing&charset=utf-8&browser-info=ti%3A10%3Avc%3Aw%3Ans%3A1578975678301%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Aadb%3A2%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A1600x1200%3Az%3A60%3Ai%3A20200114052118%3Aet%3A1578975679%3Aen%3Autf-8%3Ac%3A1%3Ala%3Aen-us%3Apv%3A1%3Arn%3A50938530%3Ahid%3A157163458%3Ads%3A0%2C0%2C79%2C1%2C0%2C0%2C0%2C%2C%2C88%2C%2C%2C%3Agdpr%3A14%3Av%3A1795%3Awv%3A2%3Ast%3A1578975679%3Au%3A1578975677382758275%3At%3ARedirecting

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/tag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

nginx/1.14.2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://u.to/HfU3Fw?_branch_match_id=745484900027861047&utm_medium=marketing
Origin: https://u.to
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 14 Jan 2020 04:21:18 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 14-Jan-2020 04:21:18 GMT
Server: nginx/1.14.2
Strict-Transport-Security: max-age=31536000
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://u.to
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 152
X-XSS-Protection: 1; mode=block
Expires: Tue, 14-Jan-2020 04:21:18 GMT

GET
H2 200 captcha.js Show response
car.omantec.net/.well-known/acme-challenge/boa2020update-verify//assets/js/ 123 KB
54 KB 194ms
193ms Script
application/javascript 108.167.183.254
Unified Layer

General

Check archive.org

Show headers Download Go to

Full URL: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify//assets/js/captcha.js
Requested by: Host: car.omantec.net
URL: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 108.167.183.254 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: serviciocorreo.com
Software: Apache /
Resource Hash: abda937cf2741f8b08acc1fa946f155ee91073120f8de3dbcd26f70fc24f698b

Request headers

Referer: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 04:21:19 GMT
content-encoding: gzip
last-modified: Tue, 08 Oct 2019 00:02:48 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
status: 200
accept-ranges: bytes

GET
H2 200 captcha.png
car.omantec.net/.well-known/acme-challenge/boa2020update-verify// 17 KB
17 KB 455ms
455ms Image
image/png 108.167.183.254
Unified Layer

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify//captcha.png?_1578975681927
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 108.167.183.254 Houston, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US),
Reverse DNS: serviciocorreo.com
Software: Apache /
Resource Hash: e66d5bcd37a909b0e1b41a9e7e9ccabceabd8a41ddf69641a65e092a7592cae8

Request headers

Referer: https://car.omantec.net/.well-known/acme-challenge/boa2020update-verify/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Jan 2020 04:21:21 GMT
content-encoding: gzip
server: Apache
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: counter.yadro.ru
URL: https://counter.yadro.ru/hit;utostat?q;r;s1600*1200*24;uhttps%3A//u.to/1w84Fw;1578975676937

Domain: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/advert.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			car.omantec.net/	1970-01-19 06:36:22	Name: cazanova Value: 380c0ceeca77e67886c0bf668a4fd0c74bee47cc

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

car.omantec.net
counter.yadro.ru
mc.yandex.ru
oihkm.app.link
u.to
vaexm.app.link
counter.yadro.ru
mc.yandex.ru
108.167.183.254
195.216.243.155
2600:9000:21f3:b400:19:9934:6a80:93a1
2600:9000:21f3:d000:19:9934:6a80:93a1
2a02:6b8::1:119
88.212.201.204
221d059930fc3c27773b2914c1000fa74fc3f72dd9ff78f139d82ae9d70fecc2
3053093448517233ebb8adef77dbd3c861ca0ac03bb2b8cd3c5ff761137a0133
abda937cf2741f8b08acc1fa946f155ee91073120f8de3dbcd26f70fc24f698b
b69f5036af543c5d40c5e43fafc729cad9a39fdeb7db6f4dbcd5a642a2ce93fc
c580cc22320ba1c854537dd354bc1f8100e644e320b5c24d3e9e7350a9924404
e66d5bcd37a909b0e1b41a9e7e9ccabceabd8a41ddf69641a65e092a7592cae8
e7c1de7cba005a5a1af87b5cb28be91d2912e6982d5b43aa15d40b840a83f98a
f178e4c61f0d54464f4fa862cc861e84bb994414451a78b6be3724e63b550d71

car.omantec.net Open in urlscan Pro 108.167.183.254 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

90 %HTTPS

50 %IPv6

5 Domains

6 Subdomains

7 IPs

2 Countries

356 kBTransfer

1234 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

1 Cookies

Indicators

car.omantec.net Open in urlscan Pro
108.167.183.254 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

90 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

7
IPs

2
Countries

356 kB
Transfer

1234 kB
Size

1
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!