promotisu.bid Open in urlscan Pro
2606:4700:3036::6815:8c8 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
Effective URL:
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473...
Submission: On January 20 via api (January 20th 2024, 9:07:24 pm UTC) from US — Scanned from US

Summary HTTP 32 Redirects Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 7 domains to perform 32 HTTP transactions. The main IP is 2606:4700:3036::6815:8c8, located in United States and belongs to CLOUDFLARENET, US. The main domain is promotisu.bid.
TLS certificate: Issued by E1 on January 2nd 2024. Valid for: 3 months.

This is the only time promotisu.bid was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Scam (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 2	185.140.54.135 185.140.54.135	200514 (KNOWNSRV) (KNOWNSRV)
1 1	50.115.174.138 50.115.174.138	32875 (VIRP) (VIRP)
2 19	2606:4700:303... 2606:4700:3036::6815:8c8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:93bc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e4:... 2606:4700:e4::ac40:a507	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4006:816::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700:303... 2606:4700:3037::6815:4392	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	45.55.126.207 45.55.126.207	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
2	20.50.64.3 20.50.64.3	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
32	9

2 185.140.54.135 (Kyiv, Ukraine) 1 redirects

ASN200514 (KNOWNSRV, GB)

jinxmux.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.115.174.138 (United States) 1 redirects

ASN32875 (VIRP, US)
PTR: kralizec.es

quberty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2606:4700:3036::6815:8c8 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

promotisu.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:93bc (United States)

ASN13335 (CLOUDFLARENET, US)

kit.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e4::ac40:a507 (United States)

ASN13335 (CLOUDFLARENET, US)

ka-f.fontawesome.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:816::200a (Colchester, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3037::6815:4392 (United States)

ASN13335 (CLOUDFLARENET, US)

virtualpushplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 45.55.126.207 (Clifton, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

beacon.promotisu.bid	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.50.64.3 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pushvisit.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	promotisu.bid 2 redirects promotisu.bid beacon.promotisu.bid	1 MB
4	fontawesome.com kit.fontawesome.com — Cisco Umbrella Rank: 1448 ka-f.fontawesome.com — Cisco Umbrella Rank: 3140	24 KB
3	virtualpushplatform.com virtualpushplatform.com — Cisco Umbrella Rank: 392976	5 KB
2	pushvisit.xyz pushvisit.xyz — Cisco Umbrella Rank: 348541	2 KB
2	jinxmux.com 1 redirects jinxmux.com	653 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	849 B
1	quberty.com 1 redirects quberty.com	632 B
32	7

	Domain	Requested by
19	promotisu.bid	2 redirects jinxmux.com promotisu.bid
4	beacon.promotisu.bid	promotisu.bid
3	virtualpushplatform.com	promotisu.bid virtualpushplatform.com
3	ka-f.fontawesome.com	kit.fontawesome.com
2	pushvisit.xyz	virtualpushplatform.com
2	jinxmux.com	1 redirects
1	fonts.googleapis.com	promotisu.bid
1	kit.fontawesome.com	promotisu.bid
1	quberty.com	1 redirects
32	9

This site contains no links.

Subject Issuer	Validity	Valid
jinxmux.com Sectigo RSA Domain Validation Secure Server CA	`2023-09-20` - `2024-09-19`	a year	crt.sh
promotisu.bid E1	`2024-01-02` - `2024-04-01`	3 months	crt.sh
*.fontawesome.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-04` - `2025-01-03`	a year	crt.sh
ka-f.fontawesome.com GTS CA 1P5	`2024-01-06` - `2024-04-05`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
virtualpushplatform.com Cloudflare Inc ECC CA-3	`2024-01-14` - `2024-12-31`	a year	crt.sh
beacon.promotisu.bid R3	`2024-01-13` - `2024-04-12`	3 months	crt.sh
pushvisit.xyz Sectigo RSA Domain Validation Secure Server CA	`2023-08-02` - `2024-08-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Frame ID: D92C9DFA81042F00EC96AAB28B251B30
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Costco

Page URL History Show full URLs

http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 HTTP 302
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 Page URL
https://quberty.com/r/a3501303-1549-4168-88e0-7a84e1875424/473183/1437133294/1_22066 HTTP 302
https://promotisu.bid/sf/tpl9?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-... HTTP 301
http://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747... HTTP 301
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747... Page URL

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
kit\.fontawesome\.com/([0-9a-z]+).js

Page Statistics

32
Requests

100 %
HTTPS

56 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

1215 kB
Transfer

10180 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 HTTP 302
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 Page URL
https://quberty.com/r/a3501303-1549-4168-88e0-7a84e1875424/473183/1437133294/1_22066 HTTP 302
https://promotisu.bid/sf/tpl9?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 HTTP 301
http://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 HTTP 301
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23 HTTP 302
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23

32 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

23
jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/
Redirect Chain

http://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23

147 B
445 B

819ms
497ms

Document
text/html

185.140.54.135
KNOWNSRV

General

Check archive.org

Show headers Download Go to

Full URL: https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.140.54.135 Kyiv, Ukraine, ASN200514 (KNOWNSRV, GB),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Content-Length: 147
Content-Type: text/html; charset=UTF-8
Date: Sat, 20 Jan 2024 21:07:14 GMT
Server: Apache

Redirect headers

Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 20 Jan 2024 21:07:13 GMT
Location: https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
Server: Apache

GET
H2

200

Primary Request / Show response
promotisu.bid/sf/tpl9/
Redirect Chain

https://quberty.com/r/a3501303-1549-4168-88e0-7a84e1875424/473183/1437133294/1_22066
https://promotisu.bid/sf/tpl9?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
http://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294

13 KB
4 KB

42ms
41ms

Document
text/html

2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Requested by: Host: jinxmux.com
URL: https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0e9774ab96c1ecac6a1069547fbcda58e9ec2ee24a0445b99a5fc421a6f6ecff

Request headers

Referer: https://jinxmux.com/100835e568cff1bd800/1_22066/3803_183065/23
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 848a49431eba4bd5-BUF
content-encoding: br
content-type: text/html
date: Sat, 20 Jan 2024 21:07:17 GMT
last-modified: Thu, 04 Jan 2024 19:38:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QBRhxU7uzSdCi%2FHCY0uV%2Fc6tLVUg70ari0KHIk%2F1OsFU1UUrlaIsCQqto9XW4TVnvU3t%2FALNylWtnJRYQdpyQw1B7j%2B90ESUQ96pAGsGSofu2XZ2pYt6XW0HIu4NXL69shnmQ1HfCiZARrU0"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-robots-tag: noindex

Redirect headers

CF-RAY: 848a4942ee6b4bd5-BUF
Cache-Control: max-age=3600
Connection: keep-alive
Date: Sat, 20 Jan 2024 21:07:17 GMT
Expires: Sat, 20 Jan 2024 22:07:17 GMT
Location: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cx6MnPd%2BcPsjJfvFy%2BdHuRy9w9ZzjE%2BUaWX5u0UW8ybrkD1w3khUF%2B3ubO5x3BIADfXw5Qfjb5c3Ay88I3ahkgsM5YEVKzoohaYcTTIR%2BeB6jOf7VFV3KRaeebJdPhHSyRzUpY38C7mzevfu"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400

GET
H2 200 268a7048dd.js Show response
kit.fontawesome.com/ 12 KB
5 KB 149ms
39ms Script
text/javascript 2606:4700:4400::ac40:93bc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://kit.fontawesome.com/268a7048dd.js
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::ac40:93bc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3bd0bb9c81300549973c534de26accf7b6104bed7bee20c8bf0371022dd7c2e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 47
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
access-control-max-age: 3000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
content-type: text/javascript
cache-control: max-age=60, public, stale-while-revalidate=30
cf-ray: 848a494429486aed-BUF
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
x-request-id: F6Oc9CsrB9FOHvwJJLzB

GET
H2 200 bundle.e20945059b52412df364.css
promotisu.bid/sf/tpl9/ 9 MB
857 KB 45ms
44ms Stylesheet
text/css 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promotisu.bid/sf/tpl9/bundle.e20945059b52412df364.css?t=1704397049752
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 022ed52cc9b74e014777c23c71c8af5cecba0f4cca91e1716fa07e70a1a961dc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Jan 2024 19:38:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 190663
etag: W/"65970934-882cc2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EiBiIjtSgf9YwUTrRPHemPm6PiVxA%2BXWQxPOSeDvxYw2bTMeu3YE%2BV%2FuHvym%2FakB04%2FNGCw2ilXyRYA4q4D%2Fd8aZ9nKC1tWRpr3ZwNoqr7rde5ozU9h8ZkFXLGTOghxNs47g6vgSY2CQgUNj"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=31536000
cf-ray: 848a49437f134bd5-BUF
alt-svc: h3=":443"; ma=86400
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H2 200 img-4.png
promotisu.bid/sf/tpl9/public/ 2 KB
3 KB 38ms
37ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-4.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3124
alt-svc: h3=":443"; ma=86400
content-length: 2542
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-9ee"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ioeUYq1rc7h6NKjScU8INzCnMpLIfK2dNgwsOPcrxo%2BfU0H4JochsF1D8f1CMkkuOC6L6cVX3ZtE8SrrqhalTiWS7tK4G3bG7hwoirjpMZlua9J%2F%2FkYz0ZyWe%2FhEBYv4xWtYc11wQJ%2FQPh3%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a49437f154bd5-BUF
expires: Sun, 19 Jan 2025 20:15:13 GMT

GET
H3 200 like.png
promotisu.bid/sf/tpl9/public/ 466 B
959 B 49ms
44ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/like.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 119916
alt-svc: h3=":443"; ma=86400
content-length: 466
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-1d2"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ID5fWx6%2BD3MI5SsE%2FqCtnnWXtlM5t1MsdDnxomtauhLu2sOL0BA%2BEoytLau23C3IupcCH08ZYLTln15hlcnysnIPt8bM%2FwrHmUlERJpsN%2FwaH74Qum%2FRJHdkii1AGWjLMtlmHu4g3ivAH5NN"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aab54bcc-BUF
expires: Sat, 18 Jan 2025 11:48:41 GMT

GET
H2 200 img-5.png
promotisu.bid/sf/tpl9/public/ 2 KB
2 KB 43ms
42ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-5.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 1691
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-69b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MT%2BWbVygR9sfWEFWWik%2B4vtlY4oz8PjQK%2B%2BJJC%2F3cEH71iopouuTvd0%2BTJ%2BRsIxAZFZyhwXPzmS0NtL1CA1ARKxiDFKfCs8dYRPuI%2B5henyReXsm0ABrqRJh5iBynrC9yM3p%2B4hKNVInYS%2Fz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a49437f174bd5-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-6.png
promotisu.bid/sf/tpl9/public/ 2 KB
3 KB 42ms
39ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-6.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 2491
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-9bb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FHMGytuozpdhzsPY8Q5o2EAo1flxDccwVt1o7XyV%2FA4338EvSWc4Iglqb1zlJc6jUmZ0r6gCD81nD1Z89W39Huqz5qUcwMgAy6qa7nFLfTMYRCXDmXSZo6o473DMsdua8m2uk%2BdPXFFEccKp"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aa9c4bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-7.png
promotisu.bid/sf/tpl9/public/ 3 KB
3 KB 45ms
39ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-7.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 2997
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-bb5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AzqTFVv0MEiNImmzCF7CdYZ%2FprsZ0qw7FW2%2BexI9D1a%2FsK1rIcbxl0wV8Zwwq77%2FEFD3TEOMaYjYAkKG1Gf4MvdMspJD8XRaLDDn7S1lNt1%2B3h9JflR4taPvTyo7aG3Ob%2FhlFAHtmq9n9RST"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aab14bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-3.png
promotisu.bid/sf/tpl9/public/ 3 KB
3 KB 47ms
41ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-3.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4516421
alt-svc: h3=":443"; ma=86400
content-length: 2891
last-modified: Tue, 21 Nov 2023 12:58:19 GMT
server: cloudflare
etag: "655ca96b-b4b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=16MbLf4n6gcMzFcikHyDSaK1j9P6of8XEmxf2AgpEIE4wr4RGQedfgf0A%2FcVNd02QydZGGvlvBEQZDBtmn%2Bb2%2Fx0C8D6XsYWGuGXvv5DR9XYJZ969tMfHyYVi66SSJ2j7MLAxJDPCIX03MFF"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aab24bcc-BUF
expires: Thu, 28 Nov 2024 14:33:22 GMT

GET
H3 200 img-8.png
promotisu.bid/sf/tpl9/public/ 4 KB
4 KB 53ms
48ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-8.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3124
alt-svc: h3=":443"; ma=86400
content-length: 3700
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-e74"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VVxcycBpiuNG2tjHb8j921CGc%2FUZkV0twq0tCDCeW7fWsFPwny3lG5bbiE106z3XIQG0hkE4igD90IuqZlBfWtgihJ5%2FuFMWX%2BmY8EmCXyYUb%2FTTm7j6Qw8UHFefC1hND%2FsjT3D9oNml9Ef%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aab64bcc-BUF
expires: Sun, 19 Jan 2025 20:15:13 GMT

GET
H3 200 img-9.png
promotisu.bid/sf/tpl9/public/ 3 KB
4 KB 194ms
189ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-9.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 3286
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-cd6"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YdgXSZ5htcQHw0Riwvri4wzEfk100TSyZIWvLC4Apxcn0zfc%2B2n%2F9gdUJ5VOfKzhF8yfGZMlCtwpIH3PR8odq5pQzbOJwEC%2BietWiDZrO5%2BlAK9qp5YBeMaF1%2F7D5Qe5m7ZNPn08AXXW6V48"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943aab74bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-10.png
promotisu.bid/sf/tpl9/public/ 1 KB
2 KB 194ms
183ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-10.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 1292
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-50c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7tJ02u6wZQfUiUzkmtxQmK%2Fshs%2BNyutVngppMNe8r4leODH3L4nF0GYiRpu5ovyVZ9uNYthW2B%2BkDF9PukhIi49hcLZ2oJnUJksjARyPMZiGXVZXgXar5QYHGGGlPN0k6K1YnNRkcY3QY54"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943babd4bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-11.png
promotisu.bid/sf/tpl9/public/ 2 KB
3 KB 195ms
185ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-11.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 2282
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-8ea"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4Mtct0CzJnUT6VdAKVk5GLLUwToRa6fOvLQ1XkKaqFpbyub92XdNlTuD5Ub%2BRz8%2Fy80nLGDclx9n68jrm95TcsGymXFmZqtofF48ZcJOIGv0CAUKHmIcOAdCAkqF705zGPpRVNTDDUz7cs%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943babe4bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 img-12.png
promotisu.bid/sf/tpl9/public/ 875 B
1 KB 196ms
186ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/img-12.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 190663
alt-svc: h3=":443"; ma=86400
content-length: 875
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-36b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mYzrBC%2BGJBj5D8F7T4sUvdcPE7X2Ai2qm%2FWIwh3AKkSGtKy%2FBXO9grT0uR74BqV28S6XWc3eEAGrzsi%2FA83g9n%2FiiS6IUpTElcBUlbhF1Scf6maPQl63cIIdXcvg7mpn%2ByZnT4RdcwtUhr%2Fz"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a4943babf4bcc-BUF
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 13.c7cb0d34.chunk.js Show response
promotisu.bid/sf/tpl9/js/ 390 KB
126 KB 70ms
64ms Script
application/javascript 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promotisu.bid/sf/tpl9/js/13.c7cb0d34.chunk.js
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b95042810433c28c6811c0dc12a09d17d0975527cf1286afc89c73f7bef98930

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Jan 2024 19:38:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 190663
etag: W/"65970934-616be"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNRR4tZEOpLJWqBIo6NUuM4MgNr%2BOeN%2BaAllDKnJy%2BPJb%2BJvFYm7cq9X70vCXhz8Tao4NxtY%2Bq%2Bci26x1%2B50r4BSMJG0UnVTe6S0kUcDWX6KVf4V6Z6kDwQqO214K2yifYxiNIKivG%2Fvqamv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 848a4943aab34bcc-BUF
alt-svc: h3=":443"; ma=86400
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H3 200 app.7be75b3f.js Show response
promotisu.bid/sf/tpl9/js/ 886 KB
148 KB 138ms
133ms Script
application/javascript 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://promotisu.bid/sf/tpl9/js/app.7be75b3f.js
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff214ede87812bf3e599c1ee64eec782239874c03b53888692fbe95cee2b2d29

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 04 Jan 2024 19:38:28 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 190663
etag: W/"65970934-dd80b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2FoJYfcWS7z7XTbbU%2ByPmgB1lAJ5VgFNoTDrblXsUEzdEnq98A81ft8Ykpazj3quWooexmjlbECFl%2FvOej4k4uNq3CmRkUPC5%2B2R%2Bwu7FQfitGAHFChFQ4CT40ZM0t8dAAtnrmlhWFcenrOn"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=31536000
cf-ray: 848a4943aab44bcc-BUF
alt-svc: h3=":443"; ma=86400
expires: Fri, 17 Jan 2025 16:09:34 GMT

GET
H2 200 free.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 59 KB
13 KB 122ms
41ms Fetch
text/css 2606:4700:e4::ac40:a507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
via: 1.1 d9904d2a7eb0a13ec208dbdb43366b78.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P8
age: 1558143
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=67BqN%2BFNyRibmNiPCY52PP8UUkIcTcXgYrX0aW09huiwTTihcz0dIMeScuVPdoxrnvWORthUW9CL%2BC1m4zOIB0qaEMQB9cu5FNkIlG3euWoXBDKm474DcmiAi9uw4jBe9edQlSoKusr%2ByWN%2FpkgPWG69cg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 848a4944fdda1906-EWR
access-control-allow-headers: fa-kit-token
x-amz-cf-id: yBGwKgJ3nL1Et6KXVHxvnVNVGWPZsR3bLqu8LY2PXzlsKnsLzj87Rw==

GET
H2 200 free-v4-shims.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 26 KB
5 KB 117ms
39ms Fetch
text/css 2606:4700:e4::ac40:a507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
via: 1.1 7aea4d81c29185bd2784c2f86062007a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P8
age: 1558143
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9k64ZixpbAFJwg6HT9Oe749Qyc5rQUE7xl4PNScMYY4D4NWW2dwcTVy7xdmMj3ZKySpmgC5%2F88gqCFAIKItSDQd%2FaCY2nHYVNCbY%2FuPpWgx9ZyQepDuxgUxKvFlmkhKJpdk5q5WtQeHwoWlVsNltkNXPg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 848a4944fdde1906-EWR
access-control-allow-headers: fa-kit-token
x-amz-cf-id: bPprFnzswquN53CdhSGd-OHq62bGuBvvQrFNr9mP1QMCWI7rG30NLA==

GET
H2 200 free-v4-font-face.min.css Show response
ka-f.fontawesome.com/releases/v5.15.4/css/ 3 KB
1 KB 121ms
44ms Fetch
text/css 2606:4700:e4::ac40:a507
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-font-face.min.css?token=268a7048dd
Requested by: Host: kit.fontawesome.com
URL: https://kit.fontawesome.com/268a7048dd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e4::ac40:a507 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
via: 1.1 7082f41e4415fb7199f3ca9b16b5849a.cloudfront.net (CloudFront)
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop: JFK50-P8
age: 394707
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
server: cloudflare
etag: W/"f2e0b2680d9b0bcb6e0039c4424e5a59"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jRgQs7O1OyrbOj4uusz0CHhhSQaKv%2Bn4uKkejBAPyx1VGW4VjrJ7j%2Fp%2FL5CGJMpkTF%2BT%2BjrDxWJD6x9ZAqS0R8WgNEEHJoD03sslLLqOx7jOipodZ7zJ1bbsdtb4loTHKXI1Wqe19U9DFMrKyNd0mrJ3uA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31556926
vary: Accept-Encoding
cf-ray: 848a4944fddb1906-EWR
access-control-allow-headers: fa-kit-token
x-amz-cf-id: 89VxEDUHvmqvgKzYxhlbfYftbdbgv3Oyjk9lmIgOhIwflWaY3VYZmQ==

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
849 B 105ms
40ms Stylesheet
text/css 2607:f8b0:4006:816::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:wght@400;700;900&display=swap

Requested by

Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/bundle.e20945059b52412df364.css?t=1704397049752

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200a Colchester, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

0cee972f52f443216ed569505738e89b08925201f31b5d7a51783ee9a0dcc785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 20 Jan 2024 20:10:22 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Jan 2024 21:07:17 GMT

GET
H2 200 ace-push.js Show response
virtualpushplatform.com/ 13 KB
5 KB 211ms
126ms Script
text/javascript 2606:4700:3037::6815:4392
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://virtualpushplatform.com/ace-push.js
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/js/app.7be75b3f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5b817d86aff80a58f7440cbf3f6e24eeab0c41cef66274d6972a465106af99fc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:18 GMT
content-encoding: br
cf-cache-status: BYPASS
last-modified: Fri, 12 Jan 2024 11:47:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"1da454d22d4494b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c2WQyZzloXUksisN%2BHeW3S6gdoCdTYi1ctQGYccX0nfPjMDxFo3RbDY2JDRXMojmDMu9EbALXrP0s2cLz%2F4tDbO9J6OSAR932vsoPC5GQuzB5aTUUey7oV9nBIZY9fqRIDNKaqzLqVr8nLyx8iKH8zEJ5dZvag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cf-ray: 848a49488e3b4bcd-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 summary Show response
beacon.promotisu.bid/geo/ 126 B
580 B 126ms
36ms XHR
application/json 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.promotisu.bid/geo/summary

Requested by

Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/js/13.c7cb0d34.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

23533ed27dc1885253298758edd58bc3bfd0aba83da72ef332fc444ccace958d

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://promotisu.bid/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: gzip
strict-transport-security: max-age=2592000
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

GET
H3 200 costco.png
promotisu.bid/sf/tpl9/public/costco/ 6 KB
6 KB 38ms
36ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/costco/costco.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ccb0012003dab50823fce820de11c5930b427c0dc9203b574bd69b889b8951b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1051095
alt-svc: h3=":443"; ma=86400
content-length: 6091
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-17cb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VSjNHmbtXViaT2Ki%2BOZVXi77zwK6ZDGAtCZXNhbAyK%2FTlpNe3SMK6IxkTJqMKbY58QCEvaROnEIVw9VV3lZN545qn79hiEdAMyyxy7m3IhHoddJxi%2B4X%2BRlUerdG5vidrnDj%2Fj52DKjjwMUP"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a494848514bcc-BUF
expires: Tue, 07 Jan 2025 17:09:03 GMT

GET
H3 200 cart.png
promotisu.bid/sf/tpl9/public/costco/ 2 KB
2 KB 39ms
37ms Image
image/png 2606:4700:3036::6815:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://promotisu.bid/sf/tpl9/public/costco/cart.png
Requested by: Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3036::6815:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fc48a6a88ccc0344ca9768de457004af880f9a59defc48691c3ec8709efe4947

Request headers

accept-language: en-US,en;q=0.9
Referer: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:18 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 104699
alt-svc: h3=":443"; ma=86400
content-length: 1581
last-modified: Sat, 11 Nov 2023 12:14:08 GMT
server: cloudflare
etag: "654f7010-62d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WE0wIVh8q8stbKHWrP4uOIrRucfW9prcMZ3sJwep1tzdCvdIasDMGurqNnufim0MJcJI1%2FnTRmU0wfyvBwB7a%2BSAoSDh5wcupnqDJgNNiDVbDYqH5pc5byGrodFGb1I8dwBHWlgH12a63Tl9"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 848a494848524bcc-BUF
expires: Sat, 18 Jan 2025 16:02:19 GMT

GET
H2 200 0aa1ed35-047c-44e4-a211-47dc2b9c1be9 Show response
beacon.promotisu.bid/g/ 113 B
582 B 133ms
45ms XHR
text/plain 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.promotisu.bid/g/0aa1ed35-047c-44e4-a211-47dc2b9c1be9?logo=costco&c1=473183&c2=1437133294&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&item=Q9MI&logo=37c&pub=FXTK_473183

Requested by

Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/js/13.c7cb0d34.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4409414f7e2d21567df75696ae82d51a08563913103680af2d048be64381b7e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://promotisu.bid/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: gzip
strict-transport-security: max-age=2592000
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

GET
H2 200 9803f154-47cf-4893-8b8f-050abdccfd99 Show response
beacon.promotisu.bid/s/ 19 KB
10 KB 42ms
40ms XHR
text/plain 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://beacon.promotisu.bid/s/9803f154-47cf-4893-8b8f-050abdccfd99?requestid=7W7rpgbqwC&destinationid=3287958709&c1=473183&c2=1437133294&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&item=Q9MI&logo=37c&pub=FXTK_473183

Requested by

Host: promotisu.bid
URL: https://promotisu.bid/sf/tpl9/js/13.c7cb0d34.chunk.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e8f6c96d3a54549641340194881aaab5294bf1bb91e645e9ee579d8fa8938bfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: application/json, text/plain, */*
Referer: https://promotisu.bid/
X-Requested-With: /sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date: Sat, 20 Jan 2024 21:07:17 GMT
content-encoding: gzip
strict-transport-security: max-age=2592000
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization

OPTIONS
H2 200 9803f154-47cf-4893-8b8f-050abdccfd99
beacon.promotisu.bid/s/ 0
0 35ms
33ms Preflight 45.55.126.207
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

45.55.126.207 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Accept: */*
Access-Control-Request-Headers: x-requested-with
Access-Control-Request-Method: GET
Origin: https://promotisu.bid
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Origin, Accept, Cache-Control, If-Modified-Since, Keep-Alive, Range, DNT, X-Requested-With, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization
access-control-allow-methods: GET, POST, OPTIONS, PATCH, HEAD
access-control-allow-origin: *
content-length: 0
date: Sat, 20 Jan 2024 21:07:17 GMT
server: Kestrel
strict-transport-security: max-age=2592000

POST
H2 200 visit Show response
pushvisit.xyz/api/v1/ 2 KB
2 KB 103ms
102ms Fetch
application/json 20.50.64.3
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pushvisit.xyz/api/v1/visit
Requested by: Host: virtualpushplatform.com
URL: https://virtualpushplatform.com/ace-push.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.50.64.3 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Kestrel /
Resource Hash: 6b4e33dc9ef0b1336575b8ed8cda708f4547ff5c230fb5f1793e35ed46476644

Request headers

Referer: https://promotisu.bid/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/json

Response headers

access-control-allow-origin: *
date: Sat, 20 Jan 2024 21:07:18 GMT
server: Kestrel
content-length: 1551
content-type: application/json; charset=utf-8

OPTIONS
H2 200 visit
pushvisit.xyz/api/v1/ 0
0 463ms
92ms Preflight 20.50.64.3
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pushvisit.xyz/api/v1/visit
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 20.50.64.3 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://promotisu.bid
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-origin: *
content-length: 0
date: Sat, 20 Jan 2024 21:07:18 GMT

GET
DATA 200
OK truncated
/ 9 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6e5c0a74e6badb5493cfe21658c43ac319e5b21270b73a0a22192895fce91235

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type: image/jpeg

POST
H3 200 log-client-error
virtualpushplatform.com/api/v1/visit/ 0
0 119ms
119ms Fetch 2606:4700:3037::6815:4392
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://virtualpushplatform.com/api/v1/visit/log-client-error
Requested by: Host: virtualpushplatform.com
URL: https://virtualpushplatform.com/ace-push.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://promotisu.bid/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-type: application/json

Response headers

date: Sat, 20 Jan 2024 21:07:20 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAeGB91024V8YAGAV5b7eNo4RNGvWM9JXGUvv09%2Fq%2Bsr50TanpO1M9OAB5E7CHSbqrEsrTj611nDhtMmJcIzFC%2Bxu5Lhp4mug9cJs%2B2oyhCppY3acpoCF5RzflT4f2rfnFYh5zUaQXDVkH87drRGr8k%2BGYq9aw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 848a49542c954bcf-BUF
alt-svc: h3=":443"; ma=86400
content-length: 0

OPTIONS
H3 200 log-client-error
virtualpushplatform.com/api/v1/visit/ 0
0 506ms
472ms Preflight 2606:4700:3037::6815:4392
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://virtualpushplatform.com/api/v1/visit/log-client-error
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3037::6815:4392 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://promotisu.bid
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 848a4951ca284bcf-BUF
content-length: 0
date: Sat, 20 Jan 2024 21:07:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FzuNvRTkccWy6scLwpi7CjOk3npLvhPfE%2F%2BBu%2FUPwDkVaYFFPTkH9EKZbkoQzNuEfBV4TpLpnycNEOIdYS18mmGJRB%2FnybUwGDCvpZWk7Qq5Jn%2Bfd%2FhgVGcHOyfqkMDyF3hGqbfDEK%2Bwo7jvJSeHwc%2FQEDLdmw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Scam (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
jinxmux.com/	1970-01-20 18:11:20	Name: uid25815 Value: 1437133294-20240120150714-d588f8077f55b058e90b31f0c0e39f86-4878
.virtualpushplatform.com/	1970-01-20 17:49:48	Name: TiPMix Value: 99.3849330590135
.virtualpushplatform.com/	1970-01-20 17:49:48	Name: x-ms-routing-name Value: self

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	error	URL: https://promotisu.bid/sf/tpl9/?logo=37c&item=Q9MI&pub=FXTK_473183&click_id=077b595b-dc5e-47f1-9747-e5974d11817b&c1=473183&c2=1437133294 Message: Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

beacon.promotisu.bid
fonts.googleapis.com
jinxmux.com
ka-f.fontawesome.com
kit.fontawesome.com
promotisu.bid
pushvisit.xyz
quberty.com
virtualpushplatform.com
185.140.54.135
20.50.64.3
2606:4700:3036::6815:8c8
2606:4700:3037::6815:4392
2606:4700:4400::ac40:93bc
2606:4700:e4::ac40:a507
2607:f8b0:4006:816::200a
45.55.126.207
50.115.174.138
01ff0a6dfebce308d517e495941065eb38cc8b37a7b2bf67df272aea25f69c40
022ed52cc9b74e014777c23c71c8af5cecba0f4cca91e1716fa07e70a1a961dc
0ca3bcdc244a011cff113f873678ee9de68479a7f6c7f360b171c3edbc96dd1a
0cee972f52f443216ed569505738e89b08925201f31b5d7a51783ee9a0dcc785
0e9774ab96c1ecac6a1069547fbcda58e9ec2ee24a0445b99a5fc421a6f6ecff
182600ef12499261e2e971331530eb1caacd6c2106c4c864d158ac9c4a9a2327
18f551911c68e079ef629648f47ad743c99d47e9d5c0d5a475c7392a1f0ab248
23533ed27dc1885253298758edd58bc3bfd0aba83da72ef332fc444ccace958d
4409414f7e2d21567df75696ae82d51a08563913103680af2d048be64381b7e0
4ba90609efbf3e11565b8b9005e57d80f53a8837ce693c9023ccb0626461d212
5b817d86aff80a58f7440cbf3f6e24eeab0c41cef66274d6972a465106af99fc
6b4e33dc9ef0b1336575b8ed8cda708f4547ff5c230fb5f1793e35ed46476644
6dea47458a4cd7cd7312cc780a53c62e0c8b3ccc8d0b13c1ac0ea6e3dfcecea8
6e5c0a74e6badb5493cfe21658c43ac319e5b21270b73a0a22192895fce91235
73cb358bf47ed149f8fd7e3eada678166cfab77538c313ba72cb6e38d13253fa
7adac1888791ad42f547c97c9c9dad37faee15dfb5e76f20eabc8a0a0b6168e9
7f8b63bff49fba3c5bae30f4eb39f2fd6d088fbe9d7292bdf37b0ef4a1ec68d6
845a5200eb01a02833e74b09ab84d6ec2aab5ee16211ee1a31b7eb6a4bb61ecc
8ccb0012003dab50823fce820de11c5930b427c0dc9203b574bd69b889b8951b
9b17d1bc53a49edcab5f29c232dde056d8ad18b6c948ad908134b64130eb2606
b0c40a3ef77aea7e48c710fa701af1d074224846ebf30cd9d82b7596c15da2c1
b95042810433c28c6811c0dc12a09d17d0975527cf1286afc89c73f7bef98930
e3bd0bb9c81300549973c534de26accf7b6104bed7bee20c8bf0371022dd7c2e
e8f6c96d3a54549641340194881aaab5294bf1bb91e645e9ee579d8fa8938bfd
fba1dafda080b2bf2c0074fc8eb29203c48f2afa916065df41a0a76e48f63987
fc48a6a88ccc0344ca9768de457004af880f9a59defc48691c3ec8709efe4947
fc5128dfdcdfa0c3a9967a6d2f19399d7bf1aaae6ad7571b96b03915a1f30dda
ff214ede87812bf3e599c1ee64eec782239874c03b53888692fbe95cee2b2d29

promotisu.bid Open in urlscan Pro 2606:4700:3036::6815:8c8 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

32 Requests

100 %HTTPS

56 %IPv6

7 Domains

9 Subdomains

9 IPs

3 Countries

1215 kBTransfer

10180 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

promotisu.bid Open in urlscan Pro
2606:4700:3036::6815:8c8 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

32
Requests

100 %
HTTPS

56 %
IPv6

7
Domains

9
Subdomains

9
IPs

3
Countries

1215 kB
Transfer

10180 kB
Size

3
Cookies

32 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!