urlscan.io logo urlscan.io
SecurityTrails logo

ofmum.com Open in urlscan Pro
104.21.1.230  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://levelequity.vg/
Effective URL: https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
Submission: On November 28 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 7 countries across 16 domains to perform 25 HTTP transactions. The main IP is 104.21.1.230, located in and belongs to . The main domain is ofmum.com.
TLS certificate: Issued by E1 on October 5th 2023. Valid for: 3 months.
This is the only time ofmum.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 88.198.29.97 24940 (HETZNER-AS)
1 168.119.245.137 24940 (HETZNER-AS)
2 104.18.10.207 13335 (CLOUDFLAR...)
1 185.247.61.225 3223 (VOXILITY)
2 4 188.42.198.252 7979 (SERVERS-COM)
1 151.101.66.137 54113 (FASTLY)
1 142.250.186.40 15169 (GOOGLE)
2 167.233.8.197 24940 (HETZNER-AS)
3 142.250.185.142 15169 (GOOGLE)
2 188.114.97.3 13335 (CLOUDFLAR...)
1 2 192.99.158.241 16276 (OVH)
2 54.161.245.59 14618 (AMAZON-AES)
1 1 104.21.73.41 13335 (CLOUDFLAR...)
1 2 104.21.1.230 ()
1 1 172.67.152.142 ()
25 14
1    88.198.29.97 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: tc138.traffic.club
levelequity.vg
1    168.119.245.137 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.137.245.119.168.clients.your-server.de
startpage.vg
2    104.18.10.207 (None, )

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    185.247.61.225 (Romania)

ASN3223 (VOXILITY, GB)
PTR: cpanel-01-buc.hostingww.com
nic.vg
4    188.42.198.252 (Luxembourg)

ASN7979 (SERVERS-COM, US)
www.travelpayouts.com
1    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    142.250.186.40 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f8.1e100.net
www.googletagmanager.com
2    167.233.8.197 (Hallbergmoos, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.197.8.233.167.clients.your-server.de
track.vcdc.com
3    142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net
www.google-analytics.com
2    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
track.tychon.bid
2    192.99.158.241 (Canada)

ASN16276 (OVH, FR)
PTR: ip241.ip-192-99-158.net
rtbtrail.com
2    54.161.245.59 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-245-59.compute-1.amazonaws.com
viraj-drm.com
1    104.21.73.41 (None, )

ASN13335 (CLOUDFLARENET, US)
ab1212.com
2    104.21.1.230 (None, )

ASN- ()
ofmum.com
1    172.67.152.142 (None, )

ASN- ()
ofmum.com
Apex Domain
Subdomains		 Transfer
4 travelpayouts.com
www.travelpayouts.com — Cisco Umbrella Rank: 182605
423 B
3 ofmum.com
ofmum.com
1 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
2 viraj-drm.com
viraj-drm.com
3 KB
2 rtbtrail.com
rtbtrail.com
6 KB
2 tychon.bid
track.tychon.bid — Cisco Umbrella Rank: 265578
2 KB
2 vcdc.com
track.vcdc.com
2 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1137
38 KB
1 ab1212.com
ab1212.com
573 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
86 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 762
24 KB
1 nic.vg
nic.vg
10 KB
1 startpage.vg
startpage.vg
18 KB
1 levelequity.vg
levelequity.vg
820 B
0 doubleclick.net Failed
stats.g.doubleclick.net Failed
0 sslparking.com Failed
lads.sslparking.com Failed
25 16
Domain Requested by
4 www.travelpayouts.com 2 redirects
3 ofmum.com 2 redirects viraj-drm.com
3 www.google-analytics.com www.google-analytics.com
2 viraj-drm.com viraj-drm.com
2 rtbtrail.com 1 redirects track.tychon.bid
2 track.tychon.bid track.vcdc.com
track.tychon.bid
2 track.vcdc.com startpage.vg
track.vcdc.com
2 maxcdn.bootstrapcdn.com startpage.vg
maxcdn.bootstrapcdn.com
1 ab1212.com 1 redirects
1 www.googletagmanager.com startpage.vg
1 code.jquery.com startpage.vg
1 nic.vg startpage.vg
1 startpage.vg levelequity.vg
startpage.vg
1 levelequity.vg
0 stats.g.doubleclick.net Failed www.google-analytics.com
0 lads.sslparking.com Failed startpage.vg
25 16

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
nic.vg
cPanel, Inc. Certification Authority		 2023-11-18 -
2024-02-16		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
track.vcdc.com
GlobeSSL DV CA		 2023-10-10 -
2024-10-21		 a year crt.sh
tychon.bid
E1		 2023-10-31 -
2024-01-29		 3 months crt.sh
ofmum.com
E1		 2023-10-05 -
2024-01-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
Frame ID: B03B531F86AECE20ACA6A0A9C2380161
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://levelequity.vg/ Page URL
  2. http://startpage.vg/?var2=levelequity.vg Page URL
  3. https://track.vcdc.com/?mid=140&f=KS&domain=startpage.vg Page URL
  4. https://track.vcdc.com/go.php?mid=140&f=KS&domain=startpage.vg&ref= Page URL
  5. https://track.tychon.bid/helper/forward.php?target=aHR0cDovL3J0YnRyYWlsLmNvbS9jbGljaz9kYXRhPWFWVkdabm... Page URL
  6. https://track.tychon.bid/helper/forward.php Page URL
  7. http://rtbtrail.com/click?data=aVVGZnh0b0EzQjVRVXFCemlGQWpZV3ZRN0tHQXdJalVQTkxrTHNja2wybkFiMUNmZ... Page URL
  8. http://rtbtrail.com/Redirect/ HTTP 302
    http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f... Page URL
  9. http://viraj-drm.com/zclkredirect?visitid=18cfdea1-8e2e-11ee-8745-12514d533651&type=js&browserWid... Page URL
  10. https://ab1212.com/gkgjijgfigf HTTP 302
    https://ofmum.com/iherbs-best-childrens-immunity-vitamins?red_to=https://www.a88wptk.com/8LJN3... HTTP 301
    http://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN... HTTP 301
    https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

44 %
HTTPS

0 %
IPv6

16
Domains

16
Subdomains

14
IPs

7
Countries

209 kB
Transfer

545 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://levelequity.vg/ Page URL
  2. http://startpage.vg/?var2=levelequity.vg Page URL
  3. https://track.vcdc.com/?mid=140&f=KS&domain=startpage.vg Page URL
  4. https://track.vcdc.com/go.php?mid=140&f=KS&domain=startpage.vg&ref= Page URL
  5. https://track.tychon.bid/helper/forward.php?target=aHR0cDovL3J0YnRyYWlsLmNvbS9jbGljaz9kYXRhPWFWVkdabmgwYjBFelFqVlJWWEZDZW1sR1FXcFpWM1pSTjB0SFFYZEphbFZRVGt4clRITmphMnd5YmtGaU1VTm1aR2xQUVhadFJuVjBWRGhIVEZoeVNGOWtOMEkzT0RZdFdqZEtPRmRGZFdKZlMyNTNNbXRxYmxONVNGSTNlbTB4WmtoQ05VRk5ZazlJTFU1blNrVkhMWGxEV21wbVREVkVabVpaTTFSTlVHSTRjRTAxZEd0Q01tdzFXalIzT0V0eVgxUTJTREJSTWcyJmlkPTViZTQwNjkzLWY2NTAtNGUwNS04OTE1LWYxNWE5MGIwNTgyMg==&hash=476ed6aaf195ae2897e5dd410c09b875 Page URL
  6. https://track.tychon.bid/helper/forward.php Page URL
  7. http://rtbtrail.com/click?data=aVVGZnh0b0EzQjVRVXFCemlGQWpZV3ZRN0tHQXdJalVQTkxrTHNja2wybkFiMUNmZGlPQXZtRnV0VDhHTFhySF9kN0I3ODYtWjdKOFdFdWJfS253MmtqblN5SFI3em0xZkhCNUFNYk9ILU5nSkVHLXlDWmpmTDVEZmZZM1RNUGI4cE01dGtCMmw1WjR3OEtyX1Q2SDBRMg2&id=5be40693-f650-4e05-8915-f15a90b05822 Page URL
  8. http://rtbtrail.com/Redirect/ HTTP 302
    http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97 Page URL
  9. http://viraj-drm.com/zclkredirect?visitid=18cfdea1-8e2e-11ee-8745-12514d533651&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false Page URL
  10. https://ab1212.com/gkgjijgfigf HTTP 302
    https://ofmum.com/iherbs-best-childrens-immunity-vitamins?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235& HTTP 301
    http://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235& HTTP 301
    https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235& Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • http://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699 HTTP 302
  • https://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
Request Chain 7
  • http://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true HTTP 302
  • https://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
Request Chain 14
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 16
  • http://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=levelequity.vg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=235904196.1701203911&tid=UA-43967021-7&_gid=291602269.1701203911&cd1=ISP_bootstrap_vg&cd2=117&cd3=no&z=1206942401 HTTP 307
  • https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=levelequity.vg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=235904196.1701203911&tid=UA-43967021-7&_gid=291602269.1701203911&cd1=ISP_bootstrap_vg&cd2=117&cd3=no&z=1206942401
Request Chain 22
  • http://rtbtrail.com/Redirect/ HTTP 302
  • http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
levelequity.vg/ 		589 B
820 B 		Document
General
Check archive.org
Download Go to
Full URL
http://levelequity.vg/
Protocol
HTTP/1.1
Server
88.198.29.97 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
tc138.traffic.club
Software
Apache /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Upgrade, Keep-Alive
Content-Type
text/html; charset=utf8
Date
Tue, 28 Nov 2023 20:38:27 GMT
Keep-Alive
timeout=15, max=100
Server
Apache
Transfer-Encoding
chunked
Upgrade
h2c
/
startpage.vg/ 		17 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://startpage.vg/?var2=levelequity.vg
Requested by
Host: levelequity.vg
URL: http://levelequity.vg/
Protocol
HTTP/1.1
Server
168.119.245.137 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.137.245.119.168.clients.your-server.de
Software
openresty /
Resource Hash
99ae62ec834b8fc815c59d61b6b3cbbd7466c3a5b9965754c22686fb6228a645

Request headers

Referer
http://levelequity.vg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
keep-alive
Content-Type
text/html; charset=utf8
Date
Tue, 28 Nov 2023 20:13:14 GMT
Referrer-Policy
no-referrer
Server
openresty
Transfer-Encoding
chunked
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/ 		118 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Requested by
Host: startpage.vg
URL: http://startpage.vg/?var2=levelequity.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
http://startpage.vg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 20:38:29 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
1078
age
44608
cdn-cachedat
10/31/2023 18:59:36
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"ec3bb52a00e176a7181d454dffaea219"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
d446006cb738757b6b71a6d51fb16061
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
82d56a345ed72c4d-FRA
cdn-requestpullsuccess
True
custom.css
startpage.vg/template/ISP_bootstrap_vg/css/ 		0
0
logo-nic-vg.png
nic.vg/assets/img/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nic.vg/assets/img/logo-nic-vg.png
Requested by
Host: startpage.vg
URL: http://startpage.vg/?var2=levelequity.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.247.61.225 , Romania, ASN3223 (VOXILITY, GB),
Reverse DNS
cpanel-01-buc.hostingww.com
Software
LiteSpeed /
Resource Hash
544c86a4e256402d4443fe37602ccd5cad91a2f93ff73c91894430640013c976

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 20:38:17 GMT
last-modified
Thu, 27 Apr 2017 07:17:30 GMT
server
LiteSpeed
vary
User-Agent
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
9605
responsive-example.png
startpage.vg/assets/images/ 		0
0
f75a16e388aba75536d532d3d62637ab.js
www.travelpayouts.com/widgets/
Redirect Chain
  • http://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
  • https://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
Protocol
H2
Server
188.42.198.252 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

location
https://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
cache-control
no-cache
content-length
0
scripts_en.js
www.travelpayouts.com/blissey/
Redirect Chain
  • http://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
  • https://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
Protocol
H2
Server
188.42.198.252 , Luxembourg, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Redirect headers

location
https://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
cache-control
no-cache
content-length
0
jquery-3.3.1.slim.min.js
code.jquery.com/ 		68 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by
Host: startpage.vg
URL: http://startpage.vg/?var2=levelequity.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

Referer
Origin
http://startpage.vg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 20:38:29 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
6401706
x-cache
HIT, HIT
content-length
24038
x-served-by
cache-lga21982-LGA, cache-fra-eddf8230132-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1701203910.885558,VS0,VE0
etag
W/"28feccc0-1111d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
116, 367918
banner_ads.js
startpage.vg/ 		0
0
js
www.googletagmanager.com/gtag/ 		253 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-LTZ10XBX1X
Requested by
Host: startpage.vg
URL: http://startpage.vg/?var2=levelequity.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.40 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 20:38:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
88012
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 28 Nov 2023 20:38:30 GMT
asyncjs.php
lads.sslparking.com/www/delivery/ 		0
0
glyphicons-halflings-regular.woff2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: maxcdn.bootstrapcdn.com
URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.10.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Origin
http://startpage.vg
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 28 Nov 2023 20:38:30 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
1053
age
44609
cdn-cachedat
09/21/2023 16:48:19
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
18028
last-modified
Mon, 25 Jan 2021 22:04:00 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
"448c34a56d699c29117adc64c43affeb"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
c769f2f625594e1ed1b196962594d93b
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
82d56a35f8ae2c4d-FRA
cdn-requestpullsuccess
True
/
track.vcdc.com/ 		731 B
637 B 		Document
General
Check archive.org
Download Go to
Full URL
https://track.vcdc.com/?mid=140&f=KS&domain=startpage.vg
Requested by
Host: startpage.vg
URL: http://startpage.vg/?var2=levelequity.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.197.8.233.167.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 28 Nov 2023 20:38:31 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Protocol
H2
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 28 Nov 2023 19:19:54 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4716
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 28 Nov 2023 21:19:54 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
collect
www.google-analytics.com/j/ 		4 B
144 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&aip=1&a=5346366&t=event&ni=1&_s=1&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=levelequity.vg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Blocking%20Ads&ea=Yes&_u=YEBAAEABAAAAACAAI~&jid=618342762&gjid=2534217&cid=235904196.1701203911&tid=UA-43967021-7&_gid=291602269.1701203911&_r=1&_slc=1&cd1=ISP_bootstrap_vg&cd2=117&cd3=no&z=862619092
Requested by
Host: www.google-analytics.com
URL: http://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 28 Nov 2023 20:38:31 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
http://startpage.vg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=le...
  • https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=l...
35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=levelequity.vg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=235904196.1701203911&tid=UA-43967021-7&_gid=291602269.1701203911&cd1=ISP_bootstrap_vg&cd2=117&cd3=no&z=1206942401
Protocol
H2
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Nov 2023 17:38:13 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
10818
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/collect?v=1&_v=j101&aip=1&a=5346366&t=pageview&_s=2&dl=http%3A%2F%2Fstartpage.vg%2F%3Fvar2%3Dlevelequity.vg&dr=http%3A%2F%2Flevelequity.vg%2F&ul=en-us&de=UTF-8&dt=levelequity.vg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=&gjid=&cid=235904196.1701203911&tid=UA-43967021-7&_gid=291602269.1701203911&cd1=ISP_bootstrap_vg&cd2=117&cd3=no&z=1206942401
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
collect
stats.g.doubleclick.net/j/ 		0
0
go.php
track.vcdc.com/ 		1001 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://track.vcdc.com/go.php?mid=140&f=KS&domain=startpage.vg&ref=
Requested by
Host: track.vcdc.com
URL: https://track.vcdc.com/?mid=140&f=KS&domain=startpage.vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
167.233.8.197 Hallbergmoos, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.197.8.233.167.clients.your-server.de
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://track.vcdc.com/?mid=140&f=KS&domain=startpage.vg
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Tue, 28 Nov 2023 20:38:33 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
forward.php
track.tychon.bid/helper/ 		129 B
926 B 		Document
General
Check archive.org
Download Go to
Full URL
https://track.tychon.bid/helper/forward.php?target=aHR0cDovL3J0YnRyYWlsLmNvbS9jbGljaz9kYXRhPWFWVkdabmgwYjBFelFqVlJWWEZDZW1sR1FXcFpWM1pSTjB0SFFYZEphbFZRVGt4clRITmphMnd5YmtGaU1VTm1aR2xQUVhadFJuVjBWRGhIVEZoeVNGOWtOMEkzT0RZdFdqZEtPRmRGZFdKZlMyNTNNbXRxYmxONVNGSTNlbTB4WmtoQ05VRk5ZazlJTFU1blNrVkhMWGxEV21wbVREVkVabVpaTTFSTlVHSTRjRTAxZEd0Q01tdzFXalIzT0V0eVgxUTJTREJSTWcyJmlkPTViZTQwNjkzLWY2NTAtNGUwNS04OTE1LWYxNWE5MGIwNTgyMg==&hash=476ed6aaf195ae2897e5dd410c09b875
Requested by
Host: track.vcdc.com
URL: https://track.vcdc.com/go.php?mid=140&f=KS&domain=startpage.vg&ref=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://track.vcdc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82d56a540c6ee05a-NRT
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 28 Nov 2023 20:38:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WTSu%2BYrTPuGTyO68LBlJwVB8IzXaer2o%2BAJ%2F%2Bv%2BL1vUH76d3AEZVMSyBNyiOaXoVfr%2FoRZ8Fbl6tGrslBsFqH8jK6bcorl7JYztjrzIvbXj6cgCGipAhnO5yS4v9Ve8%2FIQyh"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
forward.php
track.tychon.bid/helper/ 		384 B
675 B 		Document
General
Check archive.org
Download Go to
Full URL
https://track.tychon.bid/helper/forward.php
Requested by
Host: track.tychon.bid
URL: https://track.tychon.bid/helper/forward.php?target=aHR0cDovL3J0YnRyYWlsLmNvbS9jbGljaz9kYXRhPWFWVkdabmgwYjBFelFqVlJWWEZDZW1sR1FXcFpWM1pSTjB0SFFYZEphbFZRVGt4clRITmphMnd5YmtGaU1VTm1aR2xQUVhadFJuVjBWRGhIVEZoeVNGOWtOMEkzT0RZdFdqZEtPRmRGZFdKZlMyNTNNbXRxYmxONVNGSTNlbTB4WmtoQ05VRk5ZazlJTFU1blNrVkhMWGxEV21wbVREVkVabVpaTTFSTlVHSTRjRTAxZEd0Q01tdzFXalIzT0V0eVgxUTJTREJSTWcyJmlkPTViZTQwNjkzLWY2NTAtNGUwNS04OTE1LWYxNWE5MGIwNTgyMg==&hash=476ed6aaf195ae2897e5dd410c09b875
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://track.tychon.bid/helper/forward.php?target=aHR0cDovL3J0YnRyYWlsLmNvbS9jbGljaz9kYXRhPWFWVkdabmgwYjBFelFqVlJWWEZDZW1sR1FXcFpWM1pSTjB0SFFYZEphbFZRVGt4clRITmphMnd5YmtGaU1VTm1aR2xQUVhadFJuVjBWRGhIVEZoeVNGOWtOMEkzT0RZdFdqZEtPRmRGZFdKZlMyNTNNbXRxYmxONVNGSTNlbTB4WmtoQ05VRk5ZazlJTFU1blNrVkhMWGxEV21wbVREVkVabVpaTTFSTlVHSTRjRTAxZEd0Q01tdzFXalIzT0V0eVgxUTJTREJSTWcyJmlkPTViZTQwNjkzLWY2NTAtNGUwNS04OTE1LWYxNWE5MGIwNTgyMg==&hash=476ed6aaf195ae2897e5dd410c09b875
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82d56a5b59fae05a-NRT
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 28 Nov 2023 20:38:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8f%2FMt4UbASWBXgKw%2F5Qwl3aMYuHXWD2MFwu19krFegQT8lYK7rHaKzSvXxUEWLwM4XUW2aPbMQBFdcDfYLFTf64xvbaha38rrgdJKlXYjBbQRbONUjbGz7LBFLv483qpC1V"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
1; mode=block
click
rtbtrail.com/ 		5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://rtbtrail.com/click?data=aVVGZnh0b0EzQjVRVXFCemlGQWpZV3ZRN0tHQXdJalVQTkxrTHNja2wybkFiMUNmZGlPQXZtRnV0VDhHTFhySF9kN0I3ODYtWjdKOFdFdWJfS253MmtqblN5SFI3em0xZkhCNUFNYk9ILU5nSkVHLXlDWmpmTDVEZmZZM1RNUGI4cE01dGtCMmw1WjR3OEtyX1Q2SDBRMg2&id=5be40693-f650-4e05-8915-f15a90b05822
Requested by
Host: track.tychon.bid
URL: https://track.tychon.bid/helper/forward.php
Protocol
HTTP/1.1
Server
192.99.158.241 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip241.ip-192-99-158.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8ff0156620945b89580d28aac8972f32fdf8ca348ad4acf203f8f8982408019a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
Content-Type
Access-Control-Allow-Origin
*
Cache-Control
private
Content-Length
5470
Content-Type
text/html; charset=utf-8
Date
Tue, 28 Nov 2023 20:36:11 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Powered-By
ASP.NET
fa8076ca-64e7-4648-95fb-59f8b6b1f6e1
viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/
Redirect Chain
  • http://rtbtrail.com/Redirect/
  • http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97
Protocol
HTTP/1.1
Server
54.161.245.59 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-245-59.compute-1.amazonaws.com
Software
sDwaxzYK /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
http://rtbtrail.com
Referer
http://rtbtrail.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Tue, 28 Nov 2023 20:38:38 GMT
Server
sDwaxzYK
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Access-Control-Allow-Headers
Content-Type
Access-Control-Allow-Origin
*
Cache-Control
private
Content-Length
271
Content-Type
text/html; charset=utf-8
Date
Tue, 28 Nov 2023 20:36:11 GMT
Location
http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-AspNetMvc-Version
5.2
X-Powered-By
ASP.NET
zclkredirect
viraj-drm.com/ 		242 B
928 B 		Document
General
Check archive.org
Download Go to
Full URL
http://viraj-drm.com/zclkredirect?visitid=18cfdea1-8e2e-11ee-8745-12514d533651&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Requested by
Host: viraj-drm.com
URL: http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97
Protocol
HTTP/1.1
Server
54.161.245.59 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-161-245-59.compute-1.amazonaws.com
Software
KHMTXdsm /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
http://viraj-drm.com/zclkvisitor/18cfdea1-8e2e-11ee-8745-12514d533651/fa8076ca-64e7-4648-95fb-59f8b6b1f6e1?campaignid=7b63b5c0-09ca-11ee-b9d2-0a918cbcbb97
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Tue, 28 Nov 2023 20:38:38 GMT
Server
KHMTXdsm
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
Primary Request /
ofmum.com/iherbs-best-childrens-immunity-vitamins/
Redirect Chain
  • https://ab1212.com/gkgjijgfigf
  • https://ofmum.com/iherbs-best-childrens-immunity-vitamins?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
  • http://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
  • https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
318 B
0 		Document
General
Check archive.org
Download Go to
Full URL
https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
Requested by
Host: viraj-drm.com
URL: http://viraj-drm.com/zclkredirect?visitid=18cfdea1-8e2e-11ee-8745-12514d533651&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.1.230 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
http://viraj-drm.com/zclkredirect?visitid=18cfdea1-8e2e-11ee-8745-12514d533651&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
82d56a8e6a7c40bb-SIN
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 28 Nov 2023 20:38:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cnrXoqQ1w81lHGaoaLSbWEJKH5Ba%2FwdWlv99h5pcMZgB0pS7Q8sYs0SYMrd0aHqlkedZ8vZbELGT0EepG2PW89L3lXkY2L0Z2hXIZx4nPfQShZOiYYYuiMLOLkY%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
82d56a8ad9b965d0-FRA
Connection
keep-alive
Content-Type
text/html
Date
Tue, 28 Nov 2023 20:38:43 GMT
Location
https://ofmum.com/iherbs-best-childrens-immunity-vitamins/?red_to=https://www.a88wptk.com/8LJN3/2T797ZB/?sub1=1235&
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cN59eIbQFYWM0nS4vzbh18K5pgWSSf4jD450kTBnCZ9j4zL03MM%2Fq6dJtrqWqHEWGdlfmfYynfXmVjZcDghWoaJTRzuoIoLE9tL98r5kKHRDAYKwrIPcwGL1pbI%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
alt-svc
h3=":443"; ma=86400

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
startpage.vg
URL
http://startpage.vg/template/ISP_bootstrap_vg/css/custom.css
Domain
startpage.vg
URL
http://startpage.vg/assets/images/responsive-example.png
Domain
startpage.vg
URL
http://startpage.vg/banner_ads.js
Domain
lads.sslparking.com
URL
https://lads.sslparking.com/www/delivery/asyncjs.php
Domain
stats.g.doubleclick.net
URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-43967021-7&cid=235904196.1701203911&jid=618342762&gjid=2534217&_gid=291602269.1701203911&_u=YEBAAEAAAAAAACAAI~&z=320481648

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

6 Cookies

Domain/Path Name / Value
startpage.vg/ Name: ndsp
Value: eyJkb21haW5OYW1lIjoic3RhcnRwYWdlLnZnIiwibWVtYmVyIjoiMTE3IiwidGVtcGxhdGUiOiJJU1BfYm9vdHN0cmFwX3ZnIiwidXNlckFnZW50IjoiTW96aWxsYVwvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0XC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWVcLzExOS4wLjYwNDUuMTU5IFNhZmFyaVwvNTM3LjM2Iiwic2Vzc2lvbiI6Ijk1ODU2YjdlNGQxNzIxYjIwZDliMjJjOTZiOTgxZjM5IiwidGltZV9pbml0IjoxNzAxMjAyMzk0fQ%3D%3D
.startpage.vg/ Name: _ga
Value: GA1.2.235904196.1701203911
.startpage.vg/ Name: _gid
Value: GA1.2.291602269.1701203911
.startpage.vg/ Name: _gat_mainCounter
Value: 1
track.vcdc.com/ Name: XID
Value: 1dm2nv4o4jmcnn87e7g5et65hf
rtbtrail.com/ Name: XGmLzTAmuleWfwV
Value: XGmLzTAmuleWfwV

6 Console Messages

Source Level URL
Text
network error URL: http://startpage.vg/?var2=levelequity.vg
Message:
Failed to load resource: the server responded with a status of 410 (Gone)
network error URL: http://startpage.vg/template/ISP_bootstrap_vg/css/custom.css
Message:
Failed to load resource: net::ERR_EMPTY_RESPONSE
network error URL: http://startpage.vg/assets/images/responsive-example.png
Message:
Failed to load resource: net::ERR_EMPTY_RESPONSE
network error URL: http://startpage.vg/banner_ads.js
Message:
Failed to load resource: net::ERR_EMPTY_RESPONSE
network error URL: https://www.travelpayouts.com/widgets/f75a16e388aba75536d532d3d62637ab.js?v=1699
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.travelpayouts.com/blissey/scripts_en.js?categories=popularity%2Cpopularity&id=30180&type=compact&currency=usd&host=search.hotellook.com&marker=218729.&limit=10&powered_by=true
Message:
Failed to load resource: the server responded with a status of 403 ()