urlscan.io logo urlscan.io
SecurityTrails logo

couponcause.com Open in urlscan Pro
44.218.27.55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.workflow.xfinityh.com/
Effective URL: https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=t...
Submission: On November 03 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 2 countries across 12 domains to perform 23 HTTP transactions. The main IP is 44.218.27.55, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is couponcause.com. The Cisco Umbrella rank of the primary domain is 529232.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 18th 2023. Valid for: a year.
This is the only time couponcause.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.247.81.53 206834 (TEAMINTER...)
1 2600:9000:27c... 16509 (AMAZON-02)
1 2 100.26.0.14 14618 (AMAZON-AES)
4 66.165.243.160 29802 (HVC-AS)
3 2607:f8b0:400... 15169 (GOOGLE)
1 3.225.175.4 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
1 142.251.16.113 15169 (GOOGLE)
1 3 44.218.27.55 14618 (AMAZON-AES)
2 3.167.88.78 16509 (AMAZON-02)
1 2600:9000:208... 16509 (AMAZON-02)
1 3.217.240.116 14618 (AMAZON-AES)
23 13
4    104.247.81.53 (Canada)

ASN206834 (TEAMINTERNET-CA-AS, DE)
www.workflow.xfinityh.com
1    2600:9000:27c5:5400:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
2    100.26.0.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-26-0-14.compute-1.amazonaws.com
varun-ysz.com
4    66.165.243.160 (Los Angeles, United States)

ASN29802 (HVC-AS, US)
PTR: 66-165-243-160.static.hvvc.us
r.redirekted.com
3    2607:f8b0:4004:c17::8a (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    3.225.175.4 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-175-4.compute-1.amazonaws.com
trkaud.net
1    2607:f8b0:4004:c07::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    142.251.16.113 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f113.1e100.net
www.google-analytics.com
3    44.218.27.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-218-27-55.compute-1.amazonaws.com
couponcause.com
2    3.167.88.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-167-88-78.iad55.r.cloudfront.net
www.p.zjptg.com
1    2600:9000:208f:bc00:7:f1a3:af00:93a1 (United States)

ASN16509 (AMAZON-02, US)
www.sjwoe.com
1    3.217.240.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-240-116.compute-1.amazonaws.com
clicks.tyuwq.com
Apex Domain
Subdomains		 Transfer
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
22 KB
4 redirekted.com
r.redirekted.com
11 KB
4 xfinityh.com
www.workflow.xfinityh.com
3 KB
3 couponcause.com
couponcause.com — Cisco Umbrella Rank: 529232
4 KB
2 zjptg.com
www.p.zjptg.com — Cisco Umbrella Rank: 49340
50 KB
2 varun-ysz.com
varun-ysz.com — Cisco Umbrella Rank: 311193
4 KB
1 tyuwq.com
clicks.tyuwq.com — Cisco Umbrella Rank: 141730
248 B
1 sjwoe.com
www.sjwoe.com — Cisco Umbrella Rank: 65912
470 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
97 KB
1 trkaud.net
trkaud.net
1 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
0 dotomi.com Failed
cj.dotomi.com Failed
23 12
Domain Requested by
4 www.google-analytics.com r.redirekted.com
www.google-analytics.com
www.googletagmanager.com
4 r.redirekted.com varun-ysz.com
r.redirekted.com
4 www.workflow.xfinityh.com d38psrni17bvxu.cloudfront.net
www.workflow.xfinityh.com
3 couponcause.com 1 redirects trkaud.net
2 www.p.zjptg.com couponcause.com
www.p.zjptg.com
2 varun-ysz.com 1 redirects www.workflow.xfinityh.com
1 clicks.tyuwq.com www.p.zjptg.com
1 www.sjwoe.com www.p.zjptg.com
1 www.googletagmanager.com www.google-analytics.com
1 trkaud.net r.redirekted.com
1 d38psrni17bvxu.cloudfront.net www.workflow.xfinityh.com
0 cj.dotomi.com Failed www.p.zjptg.com
23 12

This site contains no links.

Subject Issuer Validity Valid
www.workflow.xfinityh.com
R11		 2024-11-02 -
2025-01-31		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
varun-ysz.com
Amazon RSA 2048 M02		 2024-09-30 -
2025-10-29		 a year crt.sh
redirekted.com
E6		 2024-10-10 -
2025-01-08		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
trkaud.net
Amazon RSA 2048 M02		 2024-04-15 -
2025-05-14		 a year crt.sh
couponcause.com
Amazon RSA 2048 M02		 2023-12-18 -
2025-01-15		 a year crt.sh
www.p.zjptg.com
Amazon RSA 2048 M02		 2024-06-02 -
2025-07-01		 a year crt.sh
www.sjwoe.com
Amazon RSA 2048 M03		 2024-10-13 -
2025-11-10		 a year crt.sh
clicks.tyuwq.com
Amazon RSA 2048 M02		 2024-02-17 -
2025-03-16		 a year crt.sh

This page contains 2 frames:

Frame: https://cj.dotomi.com/es121shqp7/hot/6999EC9A/655BD897C/5/5/5?w=sxni%3D233HH23365887D9798%3c%3cmyyux%3A%2F%2F111.fswitj4wx.sjy%2Fhqnhp-655BD897C-6999EC9A-6B695EABB5555%3c%3cL%3cmyyux%3A%2F%2Fhtzutshfzxj.htr%2F%3c%3c6%3c6%3c5%3c5%3c
Frame ID: FD1C89884C193F108CA64144D42A1E91
Requests: 17 HTTP requests in this frame

Frame: https://r.redirekted.com/go?e=04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC
Frame ID: 856942752E20808ED338A4499844B096
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Taking you to your destination

Page URL History Show full URLs

  1. https://www.workflow.xfinityh.com/ Page URL
  2. https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0af... Page URL
  3. https://varun-ysz.com/zclkredirect?visitid=3719a041-99a3-11ef-b9a6-120ea5b79e59&type=js&browserWid... HTTP 302
    https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50... Page URL
  4. https://trkaud.net/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3... Page URL
  5. https://couponcause.com/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3... HTTP 302
    https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_po... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

23
Requests

96 %
HTTPS

33 %
IPv6

12
Domains

12
Subdomains

13
IPs

2
Countries

190 kB
Transfer

394 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.workflow.xfinityh.com/ Page URL
  2. https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0affc7e470f1?campaignid=37284642-99a3-11ef-b9a6-120ea5b79e59 Page URL
  3. https://varun-ysz.com/zclkredirect?visitid=3719a041-99a3-11ef-b9a6-120ea5b79e59&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981 Page URL
  4. https://trkaud.net/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF Page URL
  5. https://couponcause.com/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF&utm_tld=trkaud HTTP 302
    https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://varun-ysz.com/zclkredirect?visitid=3719a041-99a3-11ef-b9a6-120ea5b79e59&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
Request Chain 21
  • https://www.anrdoezrs.net/click-100683427-14449745-1614095660000?sid=xyyCCxyy1033284243 HTTP 302
  • https://cj.dotomi.com/es121shqp7/hot/6999EC9A/655BD897C/5/5/5?w=sxni%3D233HH23365887D9798%3c%3cmyyux%3A%2F%2F111.fswitj4wx.sjy%2Fhqnhp-655BD897C-6999EC9A-6B695EABB5555%3c%3cL%3cmyyux%3A%2F%2Fhtzutshfzxj.htr%2F%3c%3c6%3c6%3c5%3c5%3c

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.workflow.xfinityh.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.workflow.xfinityh.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy nginx /
Resource Hash
6a4ef5174c4e6af79dfd36aac32361b867edfbb0bf48c627384baeb1fc0531fc

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 03 Nov 2024 05:19:35 GMT
server
Caddy nginx
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PoCqG8EASrcr2M1kkPOLKgLzKztpyGw3zjdEinvmEXrul2N/Grkv8faOsljegOaE5egXE5i572Gfp1tbkYURUw==
x-buckets
bucket070,bucket077
x-domain
xfinityh.com
x-language
english
x-pcrew-blocked-reason
hosting network
x-pcrew-ip-organization
Cogent Communications
x-redirect
zeropark_zeroclick
x-subdomain
www.workflow
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: www.workflow.xfinityh.com
URL: https://www.workflow.xfinityh.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c5:5400:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.workflow.xfinityh.com/

Response headers

etag
"65fc1e7b-448"
age
40216
via
1.1 da7f99359265b951b42181492edc5290.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
1096
x-amz-cf-id
xnHIxZOeqvDBLJQKmXvdOxQ-mYbEx7rDr9MhIAxk8j1NpwtKuIr7iQ==
date
Sat, 02 Nov 2024 18:09:19 GMT
content-type
application/javascript
last-modified
Thu, 21 Mar 2024 11:48:11 GMT
server
nginx
x-amz-cf-pop
IAD61-P5
track.php
www.workflow.xfinityh.com/ 		0
92 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.workflow.xfinityh.com/track.php?domain=xfinityh.com&toggle=browserjs&uid=MTczMDYxMTE3NS40NTI0OmU5YzBhODlkZTgxMTM2ZTZjMDhlYzBlYWMwOTFlM2ViNDEzMTExYTIyOTFhNGYxYTI5MTlkY2NiY2Y0YTRkYzk6NjcyNzA3ZTc2ZTcxZQ%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://www.workflow.xfinityh.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:35 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
ls.php
www.workflow.xfinityh.com/ 		16 B
392 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.workflow.xfinityh.com/ls.php?t=672707e7&token=db9600810b291757a1d3d439aca879589a21c25d
Requested by
Host: www.workflow.xfinityh.com
URL: https://www.workflow.xfinityh.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.workflow.xfinityh.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

access-control-max-age
86400
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
access-control-allow-methods
POST, OPTIONS
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_qYQhtdsBRXFWAjbwmnARJ50L243JM0SyvYNhxW0q8ixiN5/PTUJRFDKCOYhSf2jnN1QOO8igAvEZduJ/H6KQxA==
accept-ch-lifetime
30
x-log-success
672707e8f04d1321f80fd96a
access-control-allow-origin
alt-svc
h3=":8443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:36 GMT
charset
utf-8
content-type
text/javascript;charset=UTF-8
server
Caddy, nginx
track.php
www.workflow.xfinityh.com/ 		0
91 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.workflow.xfinityh.com/track.php?click=e4c15d909807d599f5d60c66d984d9d21b4c1b03&domain=xfinityh.com&uid=MTczMDYxMTE3NS40NTI0OmU5YzBhODlkZTgxMTM2ZTZjMDhlYzBlYWMwOTFlM2ViNDEzMTExYTIyOTFhNGYxYTI5MTlkY2NiY2Y0YTRkYzk6NjcyNzA3ZTc2ZTcxZQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNzAsYnVja2V0MDc3fHx8fHx8NjcyNzA3ZTc2ZTZkYnx8fDE3MzA2MTExNzUuNjA0OXw5YmYwYWUzMDcyOWJjNzkxMWFhNmZjMThlNWViOTYxN2VkODdmZmY5fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHxaSEF0ZEdWaGJXbHVkR1Z5Ym1WME1USmZNM0JvfGFkNzNhOTY3YjRhMzk4ZThlMTdmNDg3ZDg0NGFhN2U1OWEzMTQxZmV8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkYjk2MDA4MTBiMjkxNzU3YTFkM2Q0MzlhY2E4Nzk1ODlhMjFjMjVkfDB8fDB8MHx8fHw%3D&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS, DE),
Reverse DNS
Software
Caddy, nginx /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.workflow.xfinityh.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
rtt
100
downlink
10

Response headers

x-view-match
true
content-encoding
gzip
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
none
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:36 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
Caddy, nginx
143cf7a0-6b6a-11ef-b9f3-0affc7e470f1
varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0affc7e470f1?campaignid=37284642-99a3-11ef-b9a6-120ea5b79e59
Requested by
Host: www.workflow.xfinityh.com
URL: https://www.workflow.xfinityh.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.26.0.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-26-0-14.compute-1.amazonaws.com
Software
/
Resource Hash
5b0570c879c4b32436b73faf84d3b662a8b18427446a9bfd0834b96e2b8641e1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://www.workflow.xfinityh.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Sun, 03 Nov 2024 05:19:36 GMT
redirect
r.redirekted.com/
Redirect Chain
  • https://varun-ysz.com/zclkredirect?visitid=3719a041-99a3-11ef-b9a6-120ea5b79e59&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
824 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
Requested by
Host: varun-ysz.com
URL: https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0affc7e470f1?campaignid=37284642-99a3-11ef-b9a6-120ea5b79e59
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 / PHP/8.1.29
Resource Hash
1999a2eab3f7cb9e79cc52be61e83bde648004a2e19c47397c31baa4f1afb40a

Request headers

Referer
https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0affc7e470f1?campaignid=37284642-99a3-11ef-b9a6-120ea5b79e59
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sun, 03 Nov 2024 05:19:36 GMT
Server
nginx/1.27.0
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.29

Redirect headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
date
Sun, 03 Nov 2024 05:19:36 GMT
location
https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
adren.css
r.redirekted.com/css/ 		243 B
479 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/css/adren.css?n=3213387994
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 /
Resource Hash
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981

Response headers

ETag
"60dff9aa-f3"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
243
Date
Sun, 03 Nov 2024 05:19:37 GMT
Content-Type
text/css
Last-Modified
Sat, 03 Jul 2021 05:46:18 GMT
Server
nginx/1.27.0
adren.min.js
r.redirekted.com/js/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/js/adren.min.js?n=3213387994
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 /
Resource Hash
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981

Response headers

ETag
"660ff04f-1d72"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7538
Date
Sun, 03 Nov 2024 05:19:37 GMT
Content-Type
application/javascript
Last-Modified
Fri, 05 Apr 2024 12:36:31 GMT
Server
nginx/1.27.0
go
r.redirekted.com/ Frame 8569 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://r.redirekted.com/go?e=04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/js/adren.min.js?n=3213387994
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-165-243-160.static.hvvc.us
Software
nginx/1.27.0 / PHP/8.1.29
Resource Hash
275753640821cccd60e70684b04aa0302a5312935adf5449c605d88e5054a0f5

Request headers

Referer
https://r.redirekted.com/redirect?redirect_id=0d5ddac1e60a26af0bfcd9188d4a048d&request_id=aafc1f84d50119a347f83a8538093981
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Sun, 03 Nov 2024 05:19:37 GMT
Server
nginx/1.27.0
Transfer-Encoding
chunked
X-Powered-By
PHP/8.1.29
analytics.js
www.google-analytics.com/ Frame 8569 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/

Response headers

content-encoding
gzip
age
2227
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Sun, 03 Nov 2024 06:42:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 03 Nov 2024 04:42:30 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
collect
www.google-analytics.com/j/ Frame 8569 		15 B
373 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2089363945&t=pageview&_s=1&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3D04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=758118921&gjid=2037114449&cid=1401011407.1730611178&tid=UA-32454353-1&_gid=1543035914.1730611178&_r=1&_slc=1&z=1166140371
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://r.redirekted.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:37 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://r.redirekted.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
collect
www.google-analytics.com/ Frame 8569 		35 B
407 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=2089363945&t=pageview&_s=2&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3D04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=1401011407.1730611178&tid=UA-32454353-1&_gid=1543035914.1730611178&cd1=p3I8pUIiL3k8sUkmqKkjqJ9wsUk8sN%3D%3D&z=1108806672
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/

Response headers

age
51734
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 02 Nov 2024 14:57:23 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
12107
trkaud.net/go/merchant/ 		397 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://trkaud.net/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF
Requested by
Host: r.redirekted.com
URL: https://r.redirekted.com/go?e=04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.225.175.4 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-175-4.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
357fc81b52e9d88fdbdb44f273531204b904b2f36afe26343e5f79b9756854de

Request headers

Referer
https://r.redirekted.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 03 Nov 2024 05:19:38 GMT
server
nginx/1.18.0 (Ubuntu)
js
www.googletagmanager.com/gtag/ Frame 8569 		276 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Sun, 03 Nov 2024 05:19:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:37 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
99079
x-xss-protection
0
server
Google Tag Manager
collect
www.google-analytics.com/g/ Frame 8569 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-TG55WX34R2&gtm=45je4au0v9114755507za200&_p=1730611177748&gcd=13l3l3l3l2l1&npa=0&dma=0&tag_exp=101823848~101878899~101878944~101925629&ul=en-us&sr=1600x1200&cid=1401011407.1730611178&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=1&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3D04mWWSPX1ymX-jKFefQBsglpztRsyDUMdHPss1KLdZTsuE3L9IPswk3p8fxsytGF59Gr8RFWkkGsbZPCdtPsWgFWdtxXytKLdtvXVcvCefmXmkGF-AKB80aq0uHsmyQC59QDbkapeb0X7NTD1p3VVEmFNq0rvgFB08mWTgKX9fxA6D2BmR2KUyaCwuTsYuKF8gRsw13F8DJslglBlfRLTIQXWEHr-D2F1pUrb5KW44mZbVPL0V2VXSPXajQsuWvFdfRrW5KW8x0Xy0aBetvXtgFWjSzsyDGF8SJq-4UXexGs-0KB59Gs7DmC0tTsybPF8W3XYcvL5OHVyDaF8AUp-Hmpt9SA_pFC&sid=1730611178&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=907
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.16.113 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bl-in-f113.1e100.net
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://r.redirekted.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://r.redirekted.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 03 Nov 2024 05:19:38 GMT
content-type
text/plain
server
Golfe2
Primary Request xfinity-residential-promo-codes
couponcause.com/stores/
Redirect Chain
  • https://couponcause.com/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF&utm_tld=trkaud
  • https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud
596 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud
Requested by
Host: trkaud.net
URL: https://trkaud.net/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.218.27.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-27-55.compute-1.amazonaws.com
Software
nginx/1.15.8 /
Resource Hash
35da9c5ad3390bd172fc58ed5b1638e2563afd9f64d5d684020c9cefb3fe2523
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://trkaud.net/go/merchant/12107?utm_campaign=adr&aff_sid=8gQAx13F5qzA2gFDm4GCsMQX4LxXuuJE3ZUqWk3pdDTsYuUM3ZUqXkKWjW2A3qlF
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, private
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 03 Nov 2024 05:19:38 GMT
server
nginx/1.15.8
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Sun, 03 Nov 2024 05:19:38 GMT
location
https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud
server
nginx/1.15.8
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
100001
www.p.zjptg.com/tag/4575677/ 		49 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.p.zjptg.com/tag/4575677/100001
Requested by
Host: couponcause.com
URL: https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.167.88.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-167-88-78.iad55.r.cloudfront.net
Software
CloudFront /
Resource Hash
6f09aeb79fef10ced306b8f2a581e06400ee71aa96ad64a22f05ce7a8558b6e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://couponcause.com/

Response headers

age
192
via
1.1 978b1b29b70b082668c3d920b0bbe7d4.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
50415
x-amz-cf-id
7i9Fa5KZHc5Oszwv1gsTgkczqi2WGwWGyg3eGF8o_xCzjWxrDBES0A==
date
Sun, 03 Nov 2024 05:16:27 GMT
x-amz-cf-pop
IAD55-P6
server
CloudFront
policy
www.sjwoe.com/ 		48 B
470 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.sjwoe.com/policy
Requested by
Host: www.p.zjptg.com
URL: https://www.p.zjptg.com/tag/4575677/100001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:208f:bc00:7:f1a3:af00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9e460f3d2ddf0f31c9445ea3874a6aac8ce30f9f284a03526429ac2181935cbe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://couponcause.com/

Response headers

cache-control
max-age=3600
x-amz-apigw-id
AoR1gGNDoAMEauA=
age
42133
x-amzn-trace-id
Root=1-67266356-4b4a160a349b115b36404c83;Parent=6671a72d0903fbba;Sampled=0;Lineage=1:36ff8a84:0
x-amzn-requestid
cba4fd43-b5ab-43de-9ffd-823a52fb7dbb
via
1.1 7fc7dfaa5550fcad03b89e168c0bc0c4.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
48
x-amz-cf-id
xB4J05FJGL6QS_7zQt1pVUWY4bsLoRLzuJpGHPJlLwf4Wh6SNlbFNw==
date
Sat, 02 Nov 2024 17:37:26 GMT
content-type
application/json
x-amz-cf-pop
IAD79-C3
favicon.ico
couponcause.com/ 		0
258 B 		Other
General
Check archive.org
Download Go to
Full URL
https://couponcause.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.218.27.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-218-27-55.compute-1.amazonaws.com
Software
nginx/1.15.8 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://couponcause.com/stores/xfinity-residential-promo-codes?_c=2571715&utm_source=internal&utm_position=adr&utm_tld=trkaud

Response headers

cache-control
max-age=31536000
etag
"6723b30f-0"
x-content-type-options
nosniff
expires
Mon, 03 Nov 2025 05:19:39 GMT
accept-ranges
bytes
content-length
0
date
Sun, 03 Nov 2024 05:19:39 GMT
x-xss-protection
1; mode=block
content-type
image/x-icon
last-modified
Thu, 31 Oct 2024 16:40:47 GMT
server
nginx/1.15.8
x-frame-options
SAMEORIGIN
v1
clicks.tyuwq.com/ 		110 B
248 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://clicks.tyuwq.com/v1
Requested by
Host: www.p.zjptg.com
URL: https://www.p.zjptg.com/tag/4575677/100001
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.240.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-240-116.compute-1.amazonaws.com
Software
/
Resource Hash
c86df1f43214b0f01e803a82acbd5974a7e9eb66fbae7d4546dbba26bb519024

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://couponcause.com/

Response headers

x-request-id
39c0302699a311ef9eeb075778b967d7
access-control-allow-origin
*
content-length
110
date
Sun, 03 Nov 2024 05:19:39 GMT
content-type
text/plain; charset=UTF-8
log
www.p.zjptg.com/ 		19 B
247 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.p.zjptg.com/log
Requested by
Host: www.p.zjptg.com
URL: https://www.p.zjptg.com/tag/4575677/100001
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.167.88.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-167-88-78.iad55.r.cloudfront.net
Software
CloudFront /
Resource Hash
f7bb4455cc73832d43d80909118c1c513f3d86a4494f2b36a377c4466853d443

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://couponcause.com/

Response headers

via
1.1 978b1b29b70b082668c3d920b0bbe7d4.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
19
x-amz-cf-id
VJqCu_hFcFWMp6nvYPf1RHX93W85B24A6lrdTr-Calemz9nWR1QxEA==
date
Sun, 03 Nov 2024 05:19:40 GMT
x-amz-cf-pop
IAD55-P6
server
CloudFront
5
cj.dotomi.com/es121shqp7/hot/6999EC9A/655BD897C/5/5/
Redirect Chain
  • https://www.anrdoezrs.net/click-100683427-14449745-1614095660000?sid=xyyCCxyy1033284243
  • https://cj.dotomi.com/es121shqp7/hot/6999EC9A/655BD897C/5/5/5?w=sxni%3D233HH23365887D9798%3c%3cmyyux%3A%2F%2F111.fswitj4wx.sjy%2Fhqnhp-655BD897C-6999EC9A-6B695EABB5555%3c%3cL%3cmyyux%3A%2F%2Fhtzuts...
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cj.dotomi.com
URL
https://cj.dotomi.com/es121shqp7/hot/6999EC9A/655BD897C/5/5/5?w=sxni%3D233HH23365887D9798%3c%3cmyyux%3A%2F%2F111.fswitj4wx.sjy%2Fhqnhp-655BD897C-6999EC9A-6B695EABB5555%3c%3cL%3cmyyux%3A%2F%2Fhtzutshfzxj.htr%2F%3c%3c6%3c6%3c5%3c5%3c

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| cj number| modifiedBouncelessPercentage number| configuredPublisherId number| configuredTagId function| cjredirect

13 Cookies

Domain/Path Name / Value
r.redirekted.com/ Name: uuid
Value: 4527753332892009472
.redirekted.com/ Name: _ga
Value: GA1.2.1401011407.1730611178
.redirekted.com/ Name: _gid
Value: GA1.2.1543035914.1730611178
.redirekted.com/ Name: _gat
Value: 1
.redirekted.com/ Name: _ga_TG55WX34R2
Value: GS1.2.1730611178.1.1.1730611178.0.0.0
trkaud.net/ Name: XSRF-TOKEN
Value: eyJpdiI6IlJYKzdIYVB2aUl3NXA4Ry9hZXZTOXc9PSIsInZhbHVlIjoiWDAwOVZQa25PWmV6eUhPLytMbStGK0lFSjhWU2w1dTN3MGkxVXBieU02UVVmYWRBa3pRbUROV2tZQUpGNkxNa295VGg2dHA1MXZXckJuY1NlZjUrak9LRmVOWnpSMmYyOUZ0VW1OWVViU1NFM1ExaTlWN1R1MU81RVRaR0hUZDkiLCJtYWMiOiIzNzExMGRkZmM5NzFiMjg5ZDM1ZTg3ZTM1MjIwMTI5NTZkNzNhZTc1Yzk4MTAwNzgwODVhNzlmYjQ0NGQ0YTc1IiwidGFnIjoiIn0%3D
trkaud.net/ Name: trkaud_session
Value: eyJpdiI6ImZ4SVkyWnFBSVhIUWFjTDdSSXMrR0E9PSIsInZhbHVlIjoidHFqc08xdFVCVlArU3pYK0FCeUJkN0FaaWRaSXVtaXhzOWdnbXdtdk5Kem81d012TS9kTXprN3dNU3RKMTVlcHlIQ1QwNFdBT0krbWtIVm9ibzd0VUd2cFFZRGhRNEdEOWxFU1BMZTNIR2ptTWhML09hWEc3cDQvZit1RWVtUTMiLCJtYWMiOiJjNzJmZGUwY2VmYzI2ZGU5MDU2NzNlZGE3MjBkNDkyYWYyNWYzZDk2NmEzZTM0YmNkMzJjOTkxN2VjNjJjYjhkIiwidGFnIjoiIn0%3D
couponcause.com/ Name: primaryLoad
Value: 1033284239
couponcause.com/ Name: XSRF-TOKEN
Value: eyJpdiI6IjZIUXl1VDQxY2d5YjM0OFNWcEljcHc9PSIsInZhbHVlIjoiMW9LVmV0K0FJYUVJdjBVd2VJYTdtelZOODNOQVFUS1dUK0RFT1Y3TG02SXlqeUx5M3JIa3dkdXQxb0xRUWpUUyIsIm1hYyI6ImY0Y2Q4NzBhNGJiYTVmNTZlNTA5OWQ2M2NiNTJjYzBkNTk5NWY4NjA0MmNmNTgzOGJhNDU0MWYxMDgxNzcxNDcifQ%3D%3D
couponcause.com/ Name: laravel_session
Value: eyJpdiI6IndTRzc0OVBxXC9ZNm5zTTNmUE9QcmdBPT0iLCJ2YWx1ZSI6InVqWU5qYkNXM0RFaFwvancyNHU3QkQ2R1E0SlBjcXRyWGJrZWtNSUpST0d6U2ZCNWEzNWNnM05LOWNyN29EeXlpM3FxQ3B0YTROUUhtXC8wT3ZEYXZWa1N4NExqTVhFa0R1TndHQzd3TlhPajRmeDBSbE83QXpydlMySUF2SnNWaVQiLCJtYWMiOiJiNDM4ZTgxYTNlOTBkZmEyZmM2ZDBjZmFhYmU2NTZmYzBmM2ZmOTVhNGFjZDg1OTEwYmVlM2JiMDhmZmViYjQ4In0%3D
couponcause.com/ Name: infered_user_id
Value: eyJpdiI6IjB4cXBVNHA1NGx3VGVtY1FiVlhsTGc9PSIsInZhbHVlIjoieVdhRTRrS3hQNkNReVUrU05NV1p6RGtURFQyQWUyNm5nWTd6UWZTNGs3cm8yaDN2amdKaGgrRHVhRWlQQ3NkYjcxWjdTeGJBdUVnbWk5d1kyS2RcL0QxdEpsSW0rMUVYUEhSVDRzWUlZYUNRPSIsIm1hYyI6ImU5ZjAzZTZkODE2YzJiMGVkM2JhMjM2MmNmN2FhMzNhYTdjYzczMmQ4OTJjYzkyOWYyZmUyYjMyNWY0NzNjMmYifQ%3D%3D
couponcause.com/ Name: cjConsent
Value: 0|1:1730611179398|0
couponcause.com/ Name: cjUser
Value: 946fa2ed-9a61-4789-a461-602d8b610d23

1 Console Messages

Source Level URL
Text
rendering warning URL: https://varun-ysz.com/zclkvisitor/3719a041-99a3-11ef-b9a6-120ea5b79e59/143cf7a0-6b6a-11ef-b9f3-0affc7e470f1?campaignid=37284642-99a3-11ef-b9a6-120ea5b79e59
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0901D00042D0000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cj.dotomi.com
clicks.tyuwq.com
couponcause.com
d38psrni17bvxu.cloudfront.net
r.redirekted.com
trkaud.net
varun-ysz.com
www.google-analytics.com
www.googletagmanager.com
www.p.zjptg.com
www.sjwoe.com
www.workflow.xfinityh.com
cj.dotomi.com
100.26.0.14
104.247.81.53
142.251.16.113
2600:9000:208f:bc00:7:f1a3:af00:93a1
2600:9000:27c5:5400:1d:4618:5c80:21
2607:f8b0:4004:c07::61
2607:f8b0:4004:c17::8a
3.167.88.78
3.217.240.116
3.225.175.4
44.218.27.55
66.165.243.160
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9
1999a2eab3f7cb9e79cc52be61e83bde648004a2e19c47397c31baa4f1afb40a
275753640821cccd60e70684b04aa0302a5312935adf5449c605d88e5054a0f5
357fc81b52e9d88fdbdb44f273531204b904b2f36afe26343e5f79b9756854de
35da9c5ad3390bd172fc58ed5b1638e2563afd9f64d5d684020c9cefb3fe2523
5b0570c879c4b32436b73faf84d3b662a8b18427446a9bfd0834b96e2b8641e1
6a4ef5174c4e6af79dfd36aac32361b867edfbb0bf48c627384baeb1fc0531fc
6f09aeb79fef10ced306b8f2a581e06400ee71aa96ad64a22f05ce7a8558b6e4
8597d8112ffa8f07199b715746aebe0bc4180e1c23cf4de02ef8fdc8f57e0bdc
9e460f3d2ddf0f31c9445ea3874a6aac8ce30f9f284a03526429ac2181935cbe
c86df1f43214b0f01e803a82acbd5974a7e9eb66fbae7d4546dbba26bb519024
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7bb4455cc73832d43d80909118c1c513f3d86a4494f2b36a377c4466853d443