urlscan.io logo urlscan.io
SecurityTrails logo

vymmri6.sa.com Open in urlscan Pro
2a06:98c1:3120::3  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Effective URL: https://vymmri6.sa.com/.discover/wp-session.php
Submission: On January 23 via manual from CA — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 16 domains to perform 39 HTTP transactions. The main IP is 2a06:98c1:3120::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is vymmri6.sa.com.
TLS certificate: Issued by GTS CA 1P5 on December 15th 2023. Valid for: 3 months.
This is the only time vymmri6.sa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

14    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
descuentosrata.com
vymmri6.sa.com
2    2a00:1450:4001:803::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2606:4700:20::ac43:48ad (United States)

ASN13335 (CLOUDFLARENET, US)
tracker.metricool.com
2    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
2    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
3    2606:4700::6812:d73b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
2    52.152.143.207 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
o.clarity.ms
1    2620:0:890::100 (United States)

ASN54113 (FASTLY, US)
owa.marshal-stevens.com
1    2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
1    46.250.232.252 (None, )

ASN- ()
airbeet.com
Apex Domain
Subdomains		 Transfer
12 descuentosrata.com
descuentosrata.com
cerebro.descuentosrata.com Failed
509 KB
4 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 747
o.clarity.ms — Cisco Umbrella Rank: 7121
27 KB
3 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 4149
onesignal.com — Cisco Umbrella Rank: 1446
65 KB
2 sa.com
vymmri6.sa.com
540 B
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 75
69 KB
2 metricool.com
tracker.metricool.com — Cisco Umbrella Rank: 25544
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
2 KB
1 airbeet.com
airbeet.com
397 B
1 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 943
1 KB
1 marshal-stevens.com
owa.marshal-stevens.com
10 KB
1 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 209
135 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029
246 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 811
7 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 230
29 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
89 KB
0 bing.com Failed
c.bing.com Failed
39 16
Domain Requested by
12 descuentosrata.com descuentosrata.com
static.cloudflareinsights.com
2 vymmri6.sa.com 1 redirects owa.marshal-stevens.com
2 o.clarity.ms www.clarity.ms
2 cdn.onesignal.com descuentosrata.com
cdn.onesignal.com
2 www.youtube.com descuentosrata.com
www.youtube.com
2 www.clarity.ms descuentosrata.com
www.clarity.ms
2 tracker.metricool.com descuentosrata.com
2 fonts.googleapis.com descuentosrata.com
1 airbeet.com 1 redirects
1 aadcdn.msftauth.net owa.marshal-stevens.com
1 owa.marshal-stevens.com
1 onesignal.com cdn.onesignal.com
1 securepubads.g.doubleclick.net www.googletagservices.com
1 region1.google-analytics.com www.googletagmanager.com
1 static.cloudflareinsights.com descuentosrata.com
1 www.googletagservices.com descuentosrata.com
1 www.googletagmanager.com descuentosrata.com
0 c.bing.com Failed
0 cerebro.descuentosrata.com Failed descuentosrata.com
39 19

This site contains no links.

Subject Issuer Validity Valid
descuentosrata.com
GTS CA 1P5		 2023-12-03 -
2024-03-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
metricool.com
GTS CA 1P5		 2023-12-10 -
2024-03-09		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
*.google.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01		 2024-01-14 -
2024-06-27		 5 months crt.sh
www.insightflow.co
GTS CA 1D4		 2023-12-19 -
2024-03-18		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2023-12-01 -
2024-12-01		 a year crt.sh
vymmri6.sa.com
GTS CA 1P5		 2023-12-15 -
2024-03-14		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://vymmri6.sa.com/.discover/wp-session.php
Frame ID: 24C838F98F81505DDD8714C13A26B766
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vK... Page URL
  2. https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa Page URL
  3. https://airbeet.com/.adb3.php?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9v... HTTP 302
    https://vymmri6.sa.com/.discover/wp-index.php?organisation=ubc.ca&c=Y2hhdHR5LmxhZ3VyYUB1YmMuY2E= HTTP 302
    https://vymmri6.sa.com/.discover/wp-session.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Page Statistics

39
Requests

85 %
HTTPS

87 %
IPv6

16
Domains

19
Subdomains

15
IPs

3
Countries

945 kB
Transfer

3510 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa Page URL
  2. https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa Page URL
  3. https://airbeet.com/.adb3.php?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa HTTP 302
    https://vymmri6.sa.com/.discover/wp-index.php?organisation=ubc.ca&c=Y2hhdHR5LmxhZ3VyYUB1YmMuY2E= HTTP 302
    https://vymmri6.sa.com/.discover/wp-session.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=49A3A9C8B78E40F59B1868C8DD357358&RedC=c.clarity.ms&MXFR=142AE67EC95568DD04BAF271CD556607

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect
descuentosrata.com/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b25bf2c13f919eaddfa8bba3a4c853fc140e918b78a2e92e024dd27bfa31d285

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84a22309b90c5d9e-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 23 Jan 2024 18:35:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rWdgpsEbOjQFjNfYtTXyfmSEE77J084H21MBgRLhc7OPHAveZjxeyqC0YtDDCBpSBiMmVtWpfPD0eJI5aVMia0sCkarsZODjNNM5lHhF%2FqP9W0b%2FVgrrwJto61Hd4slVu0Sm5ylziY%2Fhvy0GDq9bBDk%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-rata-status
MISS
css2
fonts.googleapis.com/ 		7 KB
795 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 23 Jan 2024 16:38:28 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 23 Jan 2024 18:35:30 GMT
css2
fonts.googleapis.com/ 		3 KB
927 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;700&display=swap
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b09a031a5d1c809144341f52fd845a5cf075cdafe805b9c0128961d2c219c532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 23 Jan 2024 18:31:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 23 Jan 2024 18:35:30 GMT
js
www.googletagmanager.com/gtag/ 		266 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4L4BD5W18G
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ff919622c6cf92618b2f06a56c0cedacca6a7b8866c50a71d5c4078fc9ec5e37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90746
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 23 Jan 2024 18:35:31 GMT
ga.js
descuentosrata.com/ 		174 B
466 B 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/ga.js?id=G-4L4BD5W18G
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
632e28011a0b0a682b5f941523f9ffb667663b4c10e74620d60bc1a4ebd554c5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Tue, 28 Nov 2023 15:56:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"ae-18c16a5bd2e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ob5ScQNkBKtVsyObmHh6kMQSqVnXMtBlEHvsW3oCqW%2FR7%2FPPelTKNA7Zz2t%2FcvmN1LTFlBBN7Uqy68zTXxoMU7kJO%2FVLchtjXmE7V6L2w0%2F47M8jPEji4ZrDopLglEy5NgVAIVrhycfYdQNrt4DXisM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2230c6c785d9e-FRA
alt-svc
h3=":443"; ma=86400
gpt.js
www.googletagservices.com/tag/js/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5f1e1ddede6c70545fb70277a523c9a78aee2b6c934c6ba58903b421b1b8a112
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29364
x-xss-protection
0
server
cafe
etag
31 / 19745 / m202401180101 / config-hash: 1061630321124036141
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 23 Jan 2024 18:35:31 GMT
5f696f1.js
descuentosrata.com/_nuxt/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/5f696f1.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1735e521059bca5aa35b21de65cac256bc38eab232c80d6a9738917d202c68e2

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 19 Jan 2024 14:53:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1927
etag
W/"1a2b-18d223625f7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rw2aVmxiskgPyE%2BQFp4JHx9s5JFp3LASbSxiECvUR%2FuGP%2BmXpjTcvb%2Fv1zULG2EGhTfBqzAiGKo4C55kChQg74gMlEiJ8k6cu38y3bEsVfYfAk5Uu%2BRW2UI0QIfSCPzP%2F46uwCKXWyU5bfR15AupmzY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2230c6c7b5d9e-FRA
alt-svc
h3=":443"; ma=86400
c8c01c1.js
descuentosrata.com/_nuxt/ 		268 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/c8c01c1.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca0ac4cb920235f4e1609e84db7d5294bd943d6a11b7d3c1a24883475c0efdd6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 19 Jan 2024 14:53:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
5334
etag
W/"42efc-18d223629e3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=elP7a7AXwIwzirwa%2FxhoQJKFPJLyTfRWzQEejhXfnGELocU4%2FRyUZY65HizbMSdSIcD%2BHhwDI4Vtugx7yeBWyTq3G7IWQPK%2FidQ7hW622O55PAa1pqNQRd5u7EYK%2FYe8xMMHCk9vMSt9Jme6%2FTWZdbY%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2230c6c7c5d9e-FRA
alt-svc
h3=":443"; ma=86400
8a4eb8d.css
descuentosrata.com/_nuxt/css/ 		214 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/css/8a4eb8d.css
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46f2ce6170d3fb1ab46c0e9b69ea8d4fdc9219ebfb86b4fdc55b8a562b67f956

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1928
x-rata-status
STALE
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 19 Jan 2024 14:53:14 GMT
server
cloudflare
etag
W/"3563f-18d22363677"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yvYOj5C14kMf0dO%2BkCyJ9qIxMSZqy8QJW4W51YRVCBqw4w25MC%2BjcG%2BQsHpcHmf%2Fuygei5GEd6H2xUyUsRmzj3mlOnd%2BhIy5dG%2B%2BAu458uhD%2FKXnf85cImS22UbzmHbKZWtOxmDnBW3GeU8mj1VmFZY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
max-age=345600
cf-ray
84a2230c6c735d9e-FRA
63b18a7.js
descuentosrata.com/_nuxt/ 		1 MB
323 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/63b18a7.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea26816e3751dc32a76df7493667f8c0754c7facf5da4c46fd2c064f63f123b9

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jan 2024 14:53:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1644a7-18d223624cf"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fiazl%2FZXbMGGdC42HDICkMmClrxZszJv9AxubuR14RiGBNVU9KMRiy5%2BbgO0HZtU3u1WLDkBji3ygOI9ksllaaRdO4ePezc2OGLicCbTnYBEfbc%2Fm8V0Eu8UoT0bCjtGzUwCIBFvKxmp8bwfspkD6JQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2230c7c7f5d9e-FRA
alt-svc
h3=":443"; ma=86400
0578edd.css
descuentosrata.com/_nuxt/css/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/css/0578edd.css
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f92f145d291d801722ade498f2c242a3a169074e66202b8f6943cf30eedfde3f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:30 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5156
cf-polished
origSize=21415
x-rata-status
STALE
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Fri, 19 Jan 2024 14:53:14 GMT
server
cloudflare
etag
W/"53a7-18d223633eb"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hBxLAOskq%2FXMzm8k%2BRbqVMEH%2FE9jKn%2BRk6Q17Hcex2VHMmJoM4PmNWAmSGiMJ13kcw1RuOEfjovMjurXvljgHEkf9I6ik3CdCrShqfUoTYP5bHt5p3IdEpp%2BAKDyGfVmLwTqErk3UqMksYpqAaDLezM%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
max-age=345600
cf-ray
84a2230c6c775d9e-FRA
19985a5.js
descuentosrata.com/_nuxt/ 		158 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/19985a5.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4001ddbee328a825eab68ce6df5c681e8293b3346f433fd33991b04a993292c

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jan 2024 14:53:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"277ea-18d22362463"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMWFzcoB1%2FHrGxy6DmciNdNZAXQ%2BOcwogReMvo%2FkYt6byaRixIkGgRjvWUQudyBGE%2BpjrfemrHenHUpa%2B2uMFSi%2FQx3hOL6fXiagYkwr%2FBMyMyKhTAMnMXfPiNnCY2AAshAt036hYinwpgcNPS34AT8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2230c7c825d9e-FRA
alt-svc
h3=":443"; ma=86400
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
https://descuentosrata.com/
Origin
https://descuentosrata.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
84a2230f2c62085b-FRA
be.js
tracker.metricool.com/resources/ 		379 B
810 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracker.metricool.com/resources/be.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4e62a8daa779d16b2c25d343db85f6501e334632b0eeafd7d9f5bc5b8f96367
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13792
alt-svc
h3=":443"; ma=86400
pragma
no-cache
cf-bgj
minify
last-modified
Tue, 23 Jan 2024 08:39:10 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n41lyKPJocx%2B9y6R9DojolKcx5eS0Z%2FARiaa34tg5QPUMOXXY4qbv6onc%2F7wbASwnh72Lx3LmemK1hrJZP0KBhfIMNS0AL117C0iobn5Nyvxd3zZLjKXLust7BGXborJgndC9IitbPUutrpwpK5YYEzoxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800
cf-ray
84a2230f3e452bec-FRA
expires
Thu, 25 Jan 2024 14:45:39 GMT
9ephhlx5cb
www.clarity.ms/tag/ 		1018 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/9ephhlx5cb
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e28eef7d41cad2f810487f56ce4cee706af9949a47ecc5420c2cdaf69cd34858

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
-1
date
Tue, 23 Jan 2024 18:35:31 GMT
x-azure-ref
20240123T183531Z-rnkrq074s95nr89h6d90b86sk800000000hg0000000151t6
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
1018
request-context
appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
22587e2.js
descuentosrata.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/22587e2.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/5f696f1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f5bb65fbd74f48ab4118e31b1dc7e81713ec741f4d8174ae0f1074009a0c4a0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jan 2024 14:53:10 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"1485-18d22362593"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3IPQAIasMEP91oSOG4hCUd7M5Ez3il6lldywJAUeO47gky%2FVa%2F9TDSWAzm%2FeeaVH0%2FJGBWQjDmgG725JnMeeAP3ciBO7bdsFv89yEX7gnlvres93AaVlZ92FqNkyb%2B2%2BjH8ntQnokID3Ri8uMQWf3UI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2231009815d9e-FRA
alt-svc
h3=":443"; ma=86400
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/63b18a7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
703cc28e737acb7f534f81cbb649d9e790cbb000bc38c67417b19a1f3e3998fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 23 Jan 2024 18:35:31 GMT
OneSignalSDK.page.js
cdn.onesignal.com/sdks/web/v16/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/63b18a7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd81fe3f6c530c586ebc23d23882c4476b4591ce7feeca8d8db0b4223f586361
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1908
etag
W/"ebe34e849ba21613f65a2259dce7b673"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
84a223105cfdbb9d-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 18:35:31 GMT
55fe8c1.js
descuentosrata.com/_nuxt/ 		275 B
553 B 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/55fe8c1.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/5f696f1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08056bf7c94afe7bb30413885c5deca635c47fa2084f3db315ac18d7a27f9218

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jan 2024 14:53:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"113-18d22362307"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DytUZp5tTqTg7pF6zdQzqpEtFuoofPaWDZTAVwK84QF%2Fp2cUmQ0t%2B8hVZrSrAH7g5baSstgk7eBGiA0EAXVsj7lTsMTRTW%2BKiiEAu2KCmB58h%2Ffz7cy50q%2FUj9eBCV4AEqyEOOx6TrVAYpB7IFwfIcs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
84a2231019c75d9e-FRA
alt-svc
h3=":443"; ma=86400
c3po.jpg
tracker.metricool.com/ 		70 B
441 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracker.metricool.com/c3po.jpg?hash=57249eb432b06a5b968cd29c78acd563&u=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttps%3A%2F%2Fowa.marshal-stevens.com%2F9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa&bw=1600&bh=1200
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:48ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 18:35:31 GMT
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C3flhtXkI20fZ3wrV6ZupRewrJVsiDqqVHqszEEGCZb2n8NtGm2yWJCBWac26SX1rjmQly%2B0%2Fby4ok8SiWmBbsxh2iNbILBWFVq3dObFzsZfkCK5z4u6Hr6jw8hd6jFiRjDck21Ym0t9RhZYio5tjHci9A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
84a223103f6d2bec-FRA
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
clarity.js
www.clarity.ms/s/0.7.20/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/9ephhlx5cb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
content-encoding
br
last-modified
Thu, 18 Jan 2024 15:10:56 GMT
etag
W/"0x8DC1837ABBF2420"
vary
Accept-Encoding
x-azure-ref
20240123T183531Z-rnkrq074s95nr89h6d90b86sk800000000hg0000000151tg
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
20e9fca7-f01e-0020-3777-4d557c000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
collect
region1.google-analytics.com/g/ 		0
246 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4L4BD5W18G&gtm=45je41h0v9103037624&_p=1706034931008&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tag_exp=71847096&cid=548263770.1706034931&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1706034931&sct=1&seg=0&dl=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttps%3A%2F%2Fowa.marshal-stevens.com%2F9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa&dt=Links%20DescuentosRata%20%E2%80%94%20Descuentos%20Rata&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1138
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4L4BD5W18G
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 23 Jan 2024 18:35:31 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://descuentosrata.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/ 		430 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401180101/pubads_impl.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 15:44:11 GMT
content-encoding
br
x-content-type-options
nosniff
age
10280
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
138095
x-xss-protection
0
server
cafe
etag
16105826302836755247
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 22 Jan 2025 15:44:11 GMT
OneSignalSDK.page.es6.js
cdn.onesignal.com/sdks/web/v16/ 		256 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160101
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
447d27c231910c6b80a42fa6cc225db9d4a7997ac7f115a7fa1f36ea4e40043f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:31 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
1901
etag
W/"46caafc4601e96e8ad41c658f1aa7a47"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
84a223109d4ebb9d-FRA
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Fri, 26 Jan 2024 18:35:31 GMT
www-widgetapi.js
www.youtube.com/s/player/b31b88f2/www-widgetapi.vflset/ 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/b31b88f2/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/player_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4d07513670eaa456a8c421f89b78eda11dcecbd5d49456a1e60774f3ef491c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 15:07:49 GMT
content-encoding
br
x-content-type-options
nosniff
age
12462
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68592
x-xss-protection
0
last-modified
Mon, 22 Jan 2024 05:13:13 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 22 Jan 2025 15:07:49 GMT
collect
o.clarity.ms/ 		0
298 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://descuentosrata.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://descuentosrata.com
Date
Tue, 23 Jan 2024 18:35:31 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
5236eed.js
descuentosrata.com/_nuxt/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/5236eed.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/5f696f1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59cced025a9184c01637c4e7e4a40c14b0881043505056737605ab469ffe5864

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:32 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 19 Jan 2024 14:53:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"247a-18d2236217b"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iDpNPESTWosEbTLhUCrXyH5d%2Fx0lSDSmK0urIjy%2BbxL%2BpG%2F2iBop3VPOrJtRc8SjXF5cPqWZP0mAsLYXClBjKR23cmfx8eDu357EZQ%2FGyblY61v9hvbDB5oGUDPGHA%2FmEoDp9RgZentfRliOhCnofFs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
HIT
cache-control
max-age=345600
cf-ray
84a22312bccd5d9e-FRA
alt-svc
h3=":443"; ma=86400
collect
o.clarity.ms/ 		0
298 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://o.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.152.143.207 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://descuentosrata.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://descuentosrata.com
Date
Tue, 23 Jan 2024 18:35:32 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
web
onesignal.com/api/v1/sync/384d63bd-53bd-4369-9d86-7ac42b7dda07/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/384d63bd-53bd-4369-9d86-7ac42b7dda07/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d73b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74e310bf06ecc0f7c2ea8637fc627edf502d85ead6dcbd17de1ddd3c56b0b0f2
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 23 Jan 2024 18:35:32 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
0c72fb6e-3a75-4a86-8748-96cd79e51dac
x-runtime
0.035378
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"74e310bf06ecc0f7c2ea8637fc627edf"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
84a223157d45bb9d-FRA
access-control-allow-headers
SDK-Version
expires
Tue, 23 Jan 2024 19:35:32 GMT
site_settings
cerebro.descuentosrata.com/api/v1/ 		0
0
c.gif
c.bing.com/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=49A3A9C8B78E40F59B1868C8DD357358&RedC=c.clarity.ms&MXFR=142AE67EC95568DD04BAF271CD556607
0
0
rum
descuentosrata.com/cdn-cgi/ 		0
183 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://descuentosrata.com/redirect?url=https%3A%2F%2Fowa.marshal-stevens.com%2F9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
content-type
application/json

Response headers

date
Tue, 23 Jan 2024 18:35:32 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://descuentosrata.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
84a2231618825d9e-FRA
9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
owa.marshal-stevens.com/ 		14 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
3141bc603b00f14e05901bf48ce97237e57422aa8da4540163088f9ed9bde07c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://descuentosrata.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
gzip
content-length
9722
content-type
text/html; charset=utf-8
date
Tue, 23 Jan 2024 18:35:32 GMT
etag
"5855e02d74a1fcda601866a3f029ec14f8971fe7d71c335f43945302c5448374"
last-modified
Fri, 19 Jan 2024 15:03:15 GMT
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-ams21024-AMS
x-timer
S1706034932.241394,VS0,VE100
collect
region1.google-analytics.com/g/ 		0
0
collect
region1.google-analytics.com/g/ 		0
0
collect
o.clarity.ms/ 		0
0
rum
descuentosrata.com/cdn-cgi/ 		0
0
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: owa.marshal-stevens.com
URL: https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48D1) /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://owa.marshal-stevens.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 23 Jan 2024 18:35:32 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
age
3949153
x-cache
HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 12 Feb 2020 22:01:50 GMT
server
ECAcc (ama/48D1)
etag
0x8D7B007297AE131
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b5bf7475-201e-00f1-4640-2ad471000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Primary Request wp-session.php
vymmri6.sa.com/.discover/
Redirect Chain
  • https://airbeet.com/.adb3.php?url=https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
  • https://vymmri6.sa.com/.discover/wp-index.php?organisation=ubc.ca&c=Y2hhdHR5LmxhZ3VyYUB1YmMuY2E=
  • https://vymmri6.sa.com/.discover/wp-session.php
12 KB
0 		Document
General
Check archive.org
Download Go to
Full URL
https://vymmri6.sa.com/.discover/wp-session.php
Requested by
Host: owa.marshal-stevens.com
URL: https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://owa.marshal-stevens.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84a22331dba582ab-IAD
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 23 Jan 2024 18:35:36 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbMPqmR%2BocDkZECpd5sAahjQji%2F%2Fbg9U5mShPZS9X9z5SX4AHWTgPalLouAfsbH58v%2BWC3%2BxISRqdfudvjWYrx%2F4fHToO%2Fm%2F0KKxQ9tFv%2B4fNzCmpc%2Fb7csumP%2F59PUOUsw19Cetky3TtKMowg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
84a22330da2482ab-IAD
content-type
text/html; charset=UTF-8
date
Tue, 23 Jan 2024 18:35:36 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
wp-session.php
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HST%2BjlGingQqvOCN%2FWDptlDztEdt1ndu1BH2tlKmLi3cd20S20w4Tk8Y6SnGvgdhX3OCMcZopvb9zBvcC5W3UeoyPclK5HtcUBX9ru2NdA4ly%2FqxuU6NjFQtc%2BYQBHKjo52XHMIQkvfxO2pXSg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cerebro.descuentosrata.com
URL
https://cerebro.descuentosrata.com/api/v1/site_settings
Domain
c.bing.com
URL
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=49A3A9C8B78E40F59B1868C8DD357358&RedC=c.clarity.ms&MXFR=142AE67EC95568DD04BAF271CD556607
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4L4BD5W18G&gtm=45je41h0v9103037624&_p=1706034931008&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tag_exp=71847096&cid=548263770.1706034931&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1706034931&sct=1&seg=0&dl=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttps%3A%2F%2Fowa.marshal-stevens.com%2F9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa&dt=Links%20DescuentosRata%20%E2%80%94%20Descuentos%20Rata&en=scroll&epn.percent_scrolled=90&_et=3&tfd=2254
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4L4BD5W18G&gtm=45je41h0v9103037624&_p=1706034931008&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tag_exp=71847096&cid=548263770.1706034931&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1706034931&sct=1&seg=0&dl=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttps%253A%252F%252Fowa.marshal-stevens.com%252F9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa&dt=Links%20DescuentosRata%20%E2%80%94%20Descuentos%20Rata&en=user_engagement&_et=1104&tfd=2254
Domain
o.clarity.ms
URL
https://o.clarity.ms/collect
Domain
descuentosrata.com
URL
https://descuentosrata.com/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Domain/Path Name / Value
www.clarity.ms/ Name: CLID
Value: c5f75d1ad4204aa1a910b148acc9bca6.20240123.20250122
.descuentosrata.com/ Name: _ga
Value: GA1.1.548263770.1706034931
.descuentosrata.com/ Name: _clck
Value: keg9ds%7C2%7Cfin%7C0%7C1483
.youtube.com/ Name: YSC
Value: 5bU16nmknwY
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: ZT8KwBQ5L9o
.c.clarity.ms/ Name: SM
Value: T
.clarity.ms/ Name: MUID
Value: 142AE67EC95568DD04BAF271CD556607
.descuentosrata.com/ Name: _ga_4L4BD5W18G
Value: GS1.1.1706034931.1.0.1706034932.0.0.0
.descuentosrata.com/ Name: _clsk
Value: 1w0kcko%7C1706034932368%7C2%7C1%7Co.clarity.ms%2Fcollect
.onesignal.com/ Name: __cf_bm
Value: m570myh65kaeceom3vC23DkVV78QtXVU4NhiBghK0jQ-1706034932-1-AaBhUuS1dQ4pegmUqy4iJJldRLkqqHAtYhblZvNLN/Dp2105zTtB8YhUt1veG6PkNN98BxmlFvjZiHoEQJvk9Lk=

1 Console Messages

Source Level URL
Text
network error URL: https://owa.marshal-stevens.com/9vKha1mC1mCydy9lagurax0quB4g9vKdy99vKa
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
airbeet.com
c.bing.com
cdn.onesignal.com
cerebro.descuentosrata.com
descuentosrata.com
fonts.googleapis.com
o.clarity.ms
onesignal.com
owa.marshal-stevens.com
region1.google-analytics.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
tracker.metricool.com
vymmri6.sa.com
www.clarity.ms
www.googletagmanager.com
www.googletagservices.com
www.youtube.com
c.bing.com
cerebro.descuentosrata.com
descuentosrata.com
o.clarity.ms
region1.google-analytics.com
2001:4860:4802:32::36
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2606:4700:20::ac43:48ad
2606:4700::6810:3865
2606:4700::6812:d73b
2620:0:890::100
2620:1ec:46::45
2a00:1450:4001:803::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:828::2002
2a00:1450:4001:828::2008
2a00:1450:4001:82f::2002
2a06:98c1:3120::3
46.250.232.252
52.152.143.207
08056bf7c94afe7bb30413885c5deca635c47fa2084f3db315ac18d7a27f9218
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
1735e521059bca5aa35b21de65cac256bc38eab232c80d6a9738917d202c68e2
3141bc603b00f14e05901bf48ce97237e57422aa8da4540163088f9ed9bde07c
447d27c231910c6b80a42fa6cc225db9d4a7997ac7f115a7fa1f36ea4e40043f
46f2ce6170d3fb1ab46c0e9b69ea8d4fdc9219ebfb86b4fdc55b8a562b67f956
59cced025a9184c01637c4e7e4a40c14b0881043505056737605ab469ffe5864
5dd0b5724f4bbac4bd58de274236fce36135ce302364b3b8ff5c4c3631e81139
5f1e1ddede6c70545fb70277a523c9a78aee2b6c934c6ba58903b421b1b8a112
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
632e28011a0b0a682b5f941523f9ffb667663b4c10e74620d60bc1a4ebd554c5
703cc28e737acb7f534f81cbb649d9e790cbb000bc38c67417b19a1f3e3998fa
74e310bf06ecc0f7c2ea8637fc627edf502d85ead6dcbd17de1ddd3c56b0b0f2
8f5bb65fbd74f48ab4118e31b1dc7e81713ec741f4d8174ae0f1074009a0c4a0
a7c14ee84d81a536a4cd54e3a144f388f2174a4a5c409ae118ea49f0da6b4aa6
b09a031a5d1c809144341f52fd845a5cf075cdafe805b9c0128961d2c219c532
b25bf2c13f919eaddfa8bba3a4c853fc140e918b78a2e92e024dd27bfa31d285
b4e62a8daa779d16b2c25d343db85f6501e334632b0eeafd7d9f5bc5b8f96367
c4d07513670eaa456a8c421f89b78eda11dcecbd5d49456a1e60774f3ef491c0
ca0ac4cb920235f4e1609e84db7d5294bd943d6a11b7d3c1a24883475c0efdd6
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cd81fe3f6c530c586ebc23d23882c4476b4591ce7feeca8d8db0b4223f586361
e28eef7d41cad2f810487f56ce4cee706af9949a47ecc5420c2cdaf69cd34858
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
ea26816e3751dc32a76df7493667f8c0754c7facf5da4c46fd2c064f63f123b9
f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9
f4001ddbee328a825eab68ce6df5c681e8293b3346f433fd33991b04a993292c
f92f145d291d801722ade498f2c242a3a169074e66202b8f6943cf30eedfde3f
ff919622c6cf92618b2f06a56c0cedacca6a7b8866c50a71d5c4078fc9ec5e37