urlscan.io logo urlscan.io
SecurityTrails logo

msapp.replit.app Open in urlscan Pro
34.117.33.233  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Effective URL: https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Submission: On January 09 via manual from FR — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 16 domains to perform 46 HTTP transactions. The main IP is 34.117.33.233, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is msapp.replit.app.
TLS certificate: Issued by GTS CA 1D4 on December 21st 2023. Valid for: 3 months.
This is the only time msapp.replit.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
12 2a06:98c1:312... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2620:1ec:bdf::45 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 199.36.158.100 54113 (FASTLY)
8 2606:2800:233... 15133 (EDGECAST)
2 20.190.160.17 8075 (MICROSOFT...)
1 34.117.33.233 396982 (GOOGLE-CL...)
46 16
12    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
descuentosrata.com
2    2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:802::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagservices.com
1    2606:4700::6810:3865 (United States)

ASN13335 (CLOUDFLARENET, US)
static.cloudflareinsights.com
2    2606:4700:20::681a:76c (United States)

ASN13335 (CLOUDFLARENET, US)
tracker.metricool.com
2    2620:1ec:bdf::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
3    2606:4700::6812:d63b (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.onesignal.com
onesignal.com
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
securepubads.g.doubleclick.net
2    199.36.158.100 (United States)

ASN54113 (FASTLY, US)
dir.foundation
8    2606:2800:233:78b9:f44e:2c1f:31aa:d9ef (United States)

ASN15133 (EDGECAST, US)
aadcdn.msftauth.net
2    20.190.160.17 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
login.live.com
1    34.117.33.233 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 233.33.117.34.bc.googleusercontent.com
msapp.replit.app
Apex Domain
Subdomains		 Transfer
12 descuentosrata.com
descuentosrata.com
cerebro.descuentosrata.com Failed
509 KB
8 msftauth.net
aadcdn.msftauth.net — Cisco Umbrella Rank: 2605
222 KB
3 onesignal.com
cdn.onesignal.com — Cisco Umbrella Rank: 4237
onesignal.com — Cisco Umbrella Rank: 1212
65 KB
2 live.com
login.live.com — Cisco Umbrella Rank: 53
2 KB
2 dir.foundation
dir.foundation
10 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
69 KB
2 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1280
o.clarity.ms Failed
26 KB
2 metricool.com
tracker.metricool.com — Cisco Umbrella Rank: 40449
1 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 115
2 KB
1 replit.app
msapp.replit.app
159 B
1 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 269
137 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 1695
255 B
1 cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 1429
7 KB
1 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 271
29 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
90 KB
0 bing.com Failed
c.bing.com Failed
46 16
Domain Requested by
12 descuentosrata.com descuentosrata.com
static.cloudflareinsights.com
8 aadcdn.msftauth.net dir.foundation
2 login.live.com dir.foundation
2 dir.foundation 1 redirects
2 cdn.onesignal.com descuentosrata.com
cdn.onesignal.com
2 www.youtube.com descuentosrata.com
www.youtube.com
2 www.clarity.ms descuentosrata.com
www.clarity.ms
2 tracker.metricool.com descuentosrata.com
2 fonts.googleapis.com descuentosrata.com
1 msapp.replit.app dir.foundation
1 onesignal.com cdn.onesignal.com
1 securepubads.g.doubleclick.net www.googletagservices.com
1 region1.google-analytics.com www.googletagmanager.com
1 static.cloudflareinsights.com descuentosrata.com
1 www.googletagservices.com descuentosrata.com
1 www.googletagmanager.com descuentosrata.com
0 o.clarity.ms Failed www.clarity.ms
0 c.bing.com Failed
0 cerebro.descuentosrata.com Failed descuentosrata.com
46 19

This site contains no links.

Subject Issuer Validity Valid
descuentosrata.com
GTS CA 1P5		 2023-12-03 -
2024-03-02		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
metricool.com
GTS CA 1P5		 2023-12-10 -
2024-03-09		 3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
auth.hacuna.io
GTS CA 1D4		 2023-12-31 -
2024-03-30		 3 months crt.sh
aadcdn.msftauth.net
DigiCert SHA2 Secure Server CA		 2023-12-01 -
2024-12-01		 a year crt.sh
login.live.com
DigiCert SHA2 Secure Server CA		 2023-11-11 -
2024-11-11		 a year crt.sh
replit.app
GTS CA 1D4		 2023-12-21 -
2024-03-20		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Frame ID: CD7FEB1545AA583BE4D731E33126BE16
Requests: 45 HTTP requests in this frame

Frame: https://login.live.com/Me.htm?v=3
Frame ID: C22FB25F46FD7086B8E36D5C8A91F3C7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4R... Page URL
  2. http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 HTTP 301
    https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 Page URL
  3. https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8K... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.onesignal\.com

Page Statistics

46
Requests

87 %
HTTPS

80 %
IPv6

16
Domains

19
Subdomains

16
IPs

4
Countries

1170 kB
Transfer

4215 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 Page URL
  2. http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 HTTP 301
    https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 Page URL
  3. https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F0BA6222835141E1A56DA44D9A0C6049&RedC=c.clarity.ms&MXFR=2DD0EA35179361B7288EFE3413936FDF
Request Chain 30
  • http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5 HTTP 301
  • https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redirect
descuentosrata.com/ 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1bc2a76be57673224d82bb9af2071304eb8220fb3d4cd8c6dcf3c465e2ea142

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
842bf18419c80b3c-AMS
content-encoding
br
content-type
text/html; charset=utf-8
date
Tue, 09 Jan 2024 10:19:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e15%2BqB%2FOK0O2A9umV3swwG0jKRFfS5hvgZS3ix1APoen1EU88J9IVhmjl%2BrVG7PUkHkjhCH1%2FNs2Y2MWA%2FYb6TekJK31hRqhLneo4XF8469YmMvbsTJ2sJ2x%2BXOxDdS4nh6oa9D0uzb8%2B%2F%2Bueac0Nnc%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-rata-status
STALE
css2
fonts.googleapis.com/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 09 Jan 2024 09:21:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 09 Jan 2024 10:19:42 GMT
css2
fonts.googleapis.com/ 		3 KB
591 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Poppins:wght@300;400;700&display=swap
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
b09a031a5d1c809144341f52fd845a5cf075cdafe805b9c0128961d2c219c532
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 09 Jan 2024 10:00:58 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 09 Jan 2024 10:19:42 GMT
js
www.googletagmanager.com/gtag/ 		267 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4L4BD5W18G
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
68dde67d759615bf0339fb892e628eadc72fbb3c71365c8402f79c773dbf981a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
91306
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 09 Jan 2024 10:19:42 GMT
ga.js
descuentosrata.com/ 		174 B
502 B 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/ga.js?id=G-4L4BD5W18G
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
632e28011a0b0a682b5f941523f9ffb667663b4c10e74620d60bc1a4ebd554c5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 28 Nov 2023 15:56:49 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1162
etag
W/"ae-18c16a5bd2e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DGLadxX9xhx4dzHfVYF2F4jPy%2BjOpAx2ASrNupP8R2LhJh680VmBVwwRKJr%2FYjgDQVSmuhKkM4rWd6mOYV0oEhdHUlYWvC6Mw9WsQ%2FBiX%2FzY6CdXUT12KRaFQ0kMfaiYYeLImLzgxKJ5ZzXfc9tJjEc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf1866d8a0b3c-AMS
alt-svc
h3=":443"; ma=86400
gpt.js
www.googletagservices.com/tag/js/ 		97 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
94015466be466e3fd05a4017abe26d11b45d13daeb34d8d24239f2b4eaec73da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29271
x-xss-protection
0
server
cafe
etag
167 / 19731 / 31080221 / config-hash: 7175009766297966165
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
expires
Tue, 09 Jan 2024 10:19:42 GMT
f688f5a.js
descuentosrata.com/_nuxt/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/f688f5a.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f8ed1c6daba47079cc52c71de8874476177271aa4f5e5c38ab9baaec824210b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1162
etag
W/"1a04-18ce9c4d8e8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjRZHaVRroiNjVNycfk5LRg6PQyrEEcknQT36OvqNWUQLLnLSbIdVQ0xquAOZ05EMecvsdjrXAxhON%2FqKmQqKLw0uOu0CgbLfj3zi3gs2r9FGChDiRZZgdvq7TIlk%2FLptsQYUaIZxBErEdz1piVAGSs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
HIT
cache-control
max-age=345600
cf-ray
842bf1866d8d0b3c-AMS
alt-svc
h3=":443"; ma=86400
0dcaa55.js
descuentosrata.com/_nuxt/ 		268 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/0dcaa55.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19e612f1d0da3d04928a91633f88968ec412eabaccf1ee25db6801801740eb9a

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:38 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1162
etag
W/"42efc-18ce9c4cee8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=If4OPBrztGqt9se5J%2FBWFTzt6DVbfxCw33YTm1YztusUHieRgygloyRuSWun%2BwZPWgCP8hz6ziDrmjNUGwJXIHBD%2BA05YlQHyRWyfLwqbw6c3OQj31tNUrp7PtrIJerCgit7F7Nrl7%2Fzm09JmcEHVag%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf1866d8f0b3c-AMS
alt-svc
h3=":443"; ma=86400
8a4eb8d.css
descuentosrata.com/_nuxt/css/ 		214 KB
33 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/css/8a4eb8d.css
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46f2ce6170d3fb1ab46c0e9b69ea8d4fdc9219ebfb86b4fdc55b8a562b67f956

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1162
x-rata-status
STALE
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 08 Jan 2024 15:50:43 GMT
server
cloudflare
etag
W/"3563f-18ce9c4e1d4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDNOZsL3jwaKTK%2Bo0WdiYWko%2FH1It%2BILJf7PwSM4ST0Ulfqo8RRX%2Fz0HF4i8QXkdsLmQlgjd8QnFXYpRngp2QFuPZRoMrpzkPZkof0BW9fuZSxYzx5x7se9MvQezy7pIm4Ou31WA7dXXT%2FUAAJwesYo%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
max-age=345600
cf-ray
842bf1866d860b3c-AMS
993bebd.js
descuentosrata.com/_nuxt/ 		1 MB
323 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/993bebd.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c79ed1cc14b2155e02b16f86d20e00e51e1788f7fe1580b352a9a286d57c63f

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:41 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1162
etag
W/"1644a7-18ce9c4db18"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U5X502n%2FW6t%2BFu%2FL5WHbRfgRAN8IQmmwWNnFFfX8KvDb8jg%2F0LrefureB2twRsq29bER4m3j9rnpZq9U8yy8MM9A3q%2FYAlaoVWQoAB6vf8ZvJ84kYZ4cK%2F3fYu6Mpfn06DT8DIlTvfT85UGBJZT9kdw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf1866d900b3c-AMS
alt-svc
h3=":443"; ma=86400
3e48d41.css
descuentosrata.com/_nuxt/css/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/css/3e48d41.css
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5b4407dc7310e326ecdeaa9e11acfa164b27b8d8ee9f4585c50ad8da72e2bd0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1162
cf-polished
origSize=21343
x-rata-status
STALE
alt-svc
h3=":443"; ma=86400
cf-bgj
minify
last-modified
Mon, 08 Jan 2024 15:50:43 GMT
server
cloudflare
etag
W/"535f-18ce9c4e1a0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JpZYg4m8vidGkG8%2FMajSkhxibhkrTeq1ar1hOJ%2F0y%2BNcYO%2BXU6EZ0n5cr4LpJG8v9wwVbMA%2BFjHV7dMhL4ThNQrV2yUhDUf7XJ8bcYRmAb1BMQtmB0QX4UuWc%2B9aFYTsISu0ewS9CP2VR%2B%2FP%2F10dGf4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=UTF-8
cache-control
max-age=345600
cf-ray
842bf1866d880b3c-AMS
6efe0b0.js
descuentosrata.com/_nuxt/ 		156 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/6efe0b0.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d4b1d3cac9301de736a954339603036307f048098162d3a61c9cfbf03897fe4

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1162
etag
W/"2714c-18ce9c4d7f0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yTgsOO4Fh2%2FeqQuZDkFtFOhVFk4RTfQF6IOoMdLCk9xRgkz5jZ3FjM3uFCSxkcDYVaIeSnsFrQYsSap4wiLd%2BQudC6tSrxM0Ub7K9Q2fcsfg599R3bTjvoNDsKUuJm7a2P8hTWYwryOq0S4VuZg33JU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
HIT
cache-control
max-age=345600
cf-ray
842bf1866d920b3c-AMS
alt-svc
h3=":443"; ma=86400
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:3865 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101

Request headers

Referer
https://descuentosrata.com/
Origin
https://descuentosrata.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
gzip
last-modified
Tue, 10 Oct 2023 21:38:13 GMT
server
cloudflare
etag
W/"2023.10.0"
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
cf-ray
842bf1873c4806da-AMS
be.js
tracker.metricool.com/resources/ 		379 B
819 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracker.metricool.com/resources/be.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:76c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4e62a8daa779d16b2c25d343db85f6501e334632b0eeafd7d9f5bc5b8f96367
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
156882
alt-svc
h3=":443"; ma=86400
pragma
no-cache
cf-bgj
minify
last-modified
Fri, 05 Jan 2024 09:04:56 GMT
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DQVGra2lqT7K1XQjTSNfyGO%2Ffvc8gN7rjbqb1o%2FDZ6pUV%2BKUQnvb0FZPm%2B8MZQXhtChm%2FlojdGzZC4zo6dATOwYh%2FYe%2FRgOrxcdula%2BJ1incPFg9Jah73bFBPT1NsQ8S34bckxKdbgtIWX3k1WfuGgsyQA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=172800
cf-ray
842bf18758fd6574-AMS
expires
Tue, 09 Jan 2024 14:45:00 GMT
9ephhlx5cb
www.clarity.ms/tag/ 		1018 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/9ephhlx5cb
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1dd500a81978d63772c5212b96a38129a336be1b31904e471b715c55703237c6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

expires
-1
date
Tue, 09 Jan 2024 10:19:42 GMT
x-azure-ref
20240109T101942Z-uagbzux09p5gb25vwghap2c9ec000000068000000000hwv8
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
1018
request-context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
d094289.js
descuentosrata.com/_nuxt/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/d094289.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/f688f5a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c19e53f978ff7b02ef7e6b6c9598af5b445830dd7151115408f7fd3c9575742e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:39 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1161
etag
W/"1485-18ce9c4d250"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xl8U%2FdoJetj4JmkHdtlft0u1deEqGso5v7Xy0adRcJ97tC8inNoVACNRJg%2Fq2hw3DNyRsx7jliqNb8lPE8mMALyRkzQga8O7udbaWD%2FdZX%2FANpXaPIn6BPxbuP2yYQpBL95h0Sj%2F0F%2Bi5kXYoa1qal0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf187bfbc0b3c-AMS
alt-svc
h3=":443"; ma=86400
player_api
www.youtube.com/ 		993 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/player_api
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/993bebd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
content-security-policy-report-only
base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-aTCU_MWyENSe7wnb4QuYag' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=nl for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type
text/javascript; charset=utf-8
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 09 Jan 2024 10:19:42 GMT
OneSignalSDK.page.js
cdn.onesignal.com/sdks/web/v16/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/993bebd.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd81fe3f6c530c586ebc23d23882c4476b4591ce7feeca8d8db0b4223f586361
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
355
etag
W/"ebe34e849ba21613f65a2259dce7b673"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
842bf1880d2e1c90-AMS
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Fri, 12 Jan 2024 10:19:42 GMT
9e5919c.js
descuentosrata.com/_nuxt/ 		275 B
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/9e5919c.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/f688f5a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
21b7788b49bf44f4cd349300a530a113a0917e0a0c676de309227480c4f37bfd

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:44 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1161
etag
W/"113-18ce9c4e558"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meGmadaWra%2BTRgbk9j7WDX1PFuNSKBu%2B3RCZxqDVpCU7cvvtxd%2Br1Lo%2FiQBNHqR3yDJOvyYaVffrpbfP5nulOJQq%2B6akqskQgnJ0n8M%2FTs8MR3RFE%2FNo%2FDgekTGs3F8xpqr9qfWrZWX4z%2FaS8Kn4gQk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf187cfe00b3c-AMS
alt-svc
h3=":443"; ma=86400
c3po.jpg
tracker.metricool.com/ 		70 B
448 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracker.metricool.com/c3po.jpg?hash=57249eb432b06a5b968cd29c78acd563&u=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttp%3A%2F%2Fdir.foundation%2F-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5&bw=1600&bh=1200
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:76c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 09 Jan 2024 10:19:42 GMT
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q2KP%2B%2FQa5tCqYGwtv2d9xS4GDAUmrJ8D8A1DP6nYPfJxMlV7o7vm%2Fpy9wuPvuBfweIK7%2B5MQmtmCJ7pVp1PvIxgGzT6mhkZAGHH9LlquqPfNVwTFhhRYX70tiK88GjZVP5Q5olzmtxusOkdxobUsCV%2BTzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
842bf187e9c76574-AMS
alt-svc
h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
06afd9b.js
descuentosrata.com/_nuxt/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/_nuxt/06afd9b.js
Requested by
Host: descuentosrata.com
URL: https://descuentosrata.com/_nuxt/f688f5a.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ac1a9c8a2099c2f44ac37c2b662b281070475ae09475e024c31e2196154919ad

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/redirect?url=http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 08 Jan 2024 15:50:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
1160
etag
W/"247a-18ce9c4d5d8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQAQXcXLfvxM6iJPIy0js237fXpbyR9EYP%2FLC21SJc9%2BN75Jc1U%2FHs81rQ0K6p1Wt2RKTonzm0W5XrZlbRXhfDA5VqiBVt0b3vPwh0HKsKZunuyXzR0%2F7T%2BEsThgs0gSRJREHZ54Qi8LFl916HHrIyc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
x-rata-status
STALE
cache-control
max-age=345600
cf-ray
842bf187f82b0b3c-AMS
alt-svc
h3=":443"; ma=86400
collect
region1.google-analytics.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4L4BD5W18G&gtm=45je4130v9103037624&_p=1704795582548&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=872421058.1704795583&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1704795582&sct=1&seg=0&dl=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttp%3A%2F%2Fdir.foundation%2F-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5&dt=Links%20DescuentosRata%20%E2%80%94%20Descuentos%20Rata&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=685
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4L4BD5W18G
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 09 Jan 2024 10:19:42 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://descuentosrata.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/ 		436 KB
137 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202401020101/pubads_impl.js?cb=31080221
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 01:47:41 GMT
content-encoding
br
x-content-type-options
nosniff
age
30721
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
140253
x-xss-protection
0
server
cafe
etag
11435206252018266965
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
expires
Wed, 08 Jan 2025 01:47:41 GMT
site_settings
cerebro.descuentosrata.com/api/v1/ 		0
0
OneSignalSDK.page.es6.js
cdn.onesignal.com/sdks/web/v16/ 		256 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160101
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
447d27c231910c6b80a42fa6cc225db9d4a7997ac7f115a7fa1f36ea4e40043f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
via
1.1 google
content-encoding
br
cf-cache-status
HIT
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
age
327
etag
W/"46caafc4601e96e8ad41c658f1aa7a47"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=259200
cf-ray
842bf1883d691c90-AMS
access-control-allow-headers
OneSignal-Subscription-Id
alt-svc
h3=":443"; ma=86400
expires
Fri, 12 Jan 2024 10:19:42 GMT
www-widgetapi.js
www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/ 		216 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/4fd50162/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/player_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 09:18:21 GMT
content-encoding
br
x-content-type-options
nosniff
age
3681
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68492
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 02:44:34 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 08 Jan 2025 09:18:21 GMT
web
onesignal.com/api/v1/sync/384d63bd-53bd-4369-9d86-7ac42b7dda07/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://onesignal.com/api/v1/sync/384d63bd-53bd-4369-9d86-7ac42b7dda07/web?callback=__jp0
Requested by
Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/web/v16/OneSignalSDK.page.es6.js?v=160101
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:d63b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b15582e5b6bd824282aa2726a59e33c953804ffaefd9f429de891c607011f01c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
x-permitted-cross-domain-policies
none
strict-transport-security
max-age=15552000; includeSubDomains
age
3227
cf-polished
origSize=3371
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-request-id
c817343f-6349-4aa4-965c-66ade7d066e0
x-runtime
0.026266
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"a4b4b0304b0ad2a51129a623b1a99c1b"
x-download-options
noopen
vary
Origin, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600
cf-ray
842bf188aded1c90-AMS
access-control-allow-headers
SDK-Version
expires
Tue, 09 Jan 2024 11:19:42 GMT
clarity.js
www.clarity.ms/s/0.7.20/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/9ephhlx5cb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://descuentosrata.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
content-encoding
br
last-modified
Wed, 03 Jan 2024 15:51:12 GMT
etag
W/"0x8DC0C73CFCC02AC"
vary
Accept-Encoding
x-azure-ref
20240109T101942Z-uagbzux09p5gb25vwghap2c9ec000000068000000000hww5
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
927452cc-301e-003f-37f1-3ee678000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
c.gif
c.bing.com/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F0BA6222835141E1A56DA44D9A0C6049&RedC=c.clarity.ms&MXFR=2DD0EA35179361B7288EFE3413936FDF
0
0
rum
descuentosrata.com/cdn-cgi/ 		0
183 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://descuentosrata.com/cdn-cgi/rum?
Requested by
Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://descuentosrata.com/redirect?url=http%3A%2F%2Fdir.foundation%2F-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
content-type
application/json

Response headers

date
Tue, 09 Jan 2024 10:19:42 GMT
x-content-type-options
nosniff
server
cloudflare
vary
Origin
access-control-max-age
86400
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
https://descuentosrata.com
x-frame-options
DENY
access-control-allow-credentials
true
cf-ray
842bf1894a6a0b3c-AMS
-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
dir.foundation/
Redirect Chain
  • http://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
  • https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
29 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.36.158.100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
72a59e70ff639dcbdd2b5ea3707454dd012a3a272226c3d8ac2f2bb1c58ac6f4
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

Referer
https://descuentosrata.com/redirect?url=http%3A%2F%2Fdir.foundation%2F-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
max-age=3600
content-encoding
gzip
content-length
9113
content-type
text/html; charset=utf-8
date
Tue, 09 Jan 2024 10:19:43 GMT
etag
"b38b69c25a547e476abd1912d0cb5890f333a7ad122859d229ab1114f5c3ca7d"
last-modified
Thu, 21 Dec 2023 19:38:26 GMT
strict-transport-security
max-age=31556926
vary
x-fh-requested-host, accept-encoding
x-cache
MISS
x-cache-hits
0
x-served-by
cache-ams21020-AMS
x-timer
S1704795583.098391,VS0,VE26

Redirect headers

Accept-Ranges
bytes
Connection
close
Content-Length
0
Date
Tue, 09 Jan 2024 10:19:42 GMT
Location
https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Retry-After
0
Server
Varnish
X-Cache
HIT
X-Cache-Hits
0
X-Served-By
cache-ams21082-AMS
X-Timer
S1704795583.995927,VS0,VE0
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
collect
o.clarity.ms/ 		0
0
collect
region1.google-analytics.com/g/ 		0
0
collect
o.clarity.ms/ 		0
0
rum
descuentosrata.com/cdn-cgi/ 		0
0
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		108 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48DB) /
Resource Hash
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11

Request headers

Referer
https://dir.foundation/
Origin
https://dir.foundation
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
2683679
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (ama/48DB)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
7fde2368-a01e-00d5-4a7c-2ae94a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		459 KB
126 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/ConvergedLogin_PCore_a6PeIgafSneuouox-qU5OA2.js
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B2) /
Resource Hash
ce768e83be373f5303ce3117cba6e60874a328c5fb740fb4dbc14989105e0a0d

Request headers

Referer
https://dir.foundation/
Origin
https://dir.foundation
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
e+GEpArZIh9idGnWSOj0zg==
age
2683679
x-cache
HIT
content-length
128665
x-ms-lease-status
unlocked
last-modified
Thu, 04 Nov 2021 21:02:14 GMT
server
ECAcc (ama/48B2)
etag
0x8D99FD6608B3F3E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
c7b776e1-801e-00af-707c-2a155f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48CB) /
Resource Hash
a423ac7e2310bc44a1defeb1f6df180cab8a59442e7f41d093f21649fcc86e69

Request headers

Referer
https://dir.foundation/
Origin
https://dir.foundation
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
GYbSFdLE8Xb9pCzSg7cJ6A==
age
2703838
x-cache
HIT
content-length
12608
x-ms-lease-status
unlocked
last-modified
Tue, 19 Oct 2021 04:06:56 GMT
server
ECAcc (ama/48CB)
etag
0x8D992B5E417004E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f29f740e-a01e-0091-464d-2a9653000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
oneDs_472fa3a12b65cf387ccd.js
aadcdn.msftauth.net/shared/1.0/content/js/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/oneDs_472fa3a12b65cf387ccd.js
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48C9) /
Resource Hash
235b558b77ab36f63c1439a68ac2410aaf8f42f7b9c93c0bfdc9af662abab8b6

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
xAmVJ4UrtXATagLD0tDXoQ==
age
2683679
x-cache
HIT
content-length
26117
x-ms-lease-status
unlocked
last-modified
Thu, 21 Oct 2021 01:02:25 GMT
server
ECAcc (ama/48C9)
etag
0x8D9942E72241B02
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
1ce0b2b8-b01e-00dc-2c7c-2a9a59000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js
aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/js/asyncchunk/convergedlogin_pfetchsessionsprogress_12dabd9245715d165757.js
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48CD) /
Resource Hash
2b3df4d53882fba74216d365e7344c782145f2faf8e08a2d69c548f5fbc7fbf5

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
+lZRrDLGp8Gp/hURw2aXyQ==
age
21717502
x-cache
HIT
content-length
5386
x-ms-lease-status
unlocked
last-modified
Thu, 04 Nov 2021 21:02:05 GMT
server
ECAcc (ama/48CD)
etag
0x8D99FD65BAB30A3
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
0c555569-d01e-0045-6460-7d3786000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.17 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers
converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
20 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_kfhrfyfy-sm2tmkm5ficcw2.css
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48DB) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
0O2H9juGYL0zkzcYWr0NIg==
age
2683679
x-cache
HIT
content-length
19877
x-ms-lease-status
unlocked
last-modified
Tue, 28 Sep 2021 21:42:58 GMT
server
ECAcc (ama/48DB)
etag
0x8D982C8F03AF4D4
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
7fde2368-a01e-00d5-4a7c-2ae94a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ 		0
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/ux.converged.login.strings-en-gb.min_-hjcgqxfzfu0cwzblacdqq2.js
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48CB) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
GYbSFdLE8Xb9pCzSg7cJ6A==
age
2703838
x-cache
HIT
content-length
12608
x-ms-lease-status
unlocked
last-modified
Tue, 19 Oct 2021 04:06:56 GMT
server
ECAcc (ama/48CB)
etag
0x8D992B5E417004E
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f29f740e-a01e-0091-464d-2a9653000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Me.htm
login.live.com/ Frame C22F 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.live.com/Me.htm?v=3
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.190.160.17 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://dir.foundation/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
max-age=315360000
Content-Encoding
gzip
Content-Length
1132
Content-Type
text/html; charset=utf-8
Date
Tue, 09 Jan 2024 10:19:42 GMT
Expires
Fri, 06 Jan 2034 10:19:43 GMT
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
PPServer
PPV: 30 H: BL02EPF000066B5 V: 0
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
x-ms-request-id
257a09b1-725c-4dea-81a4-142cc9e95c3a
x-ms-route-info
C107_BL2
2_bc3d32a696895f78c19df6c717586a5d.svg
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/ 		2 KB
835 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48D1) /
Resource Hash
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://dir.foundation/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Jan 2024 10:19:43 GMT
content-encoding
gzip
content-md5
DhdidjYrlCeaRJJRG/y9mA==
age
2709804
x-cache
HIT
content-length
673
x-ms-lease-status
unlocked
last-modified
Wed, 12 Feb 2020 22:01:50 GMT
server
ECAcc (ama/48D1)
etag
0x8D7B007297AE131
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
b5bf7475-201e-00f1-4640-2ad471000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=31536000
x-ms-version
2009-09-19
accept-ranges
bytes
Primary Request wp-rss.php
msapp.replit.app/ 		9 B
159 B 		Document
General
Check archive.org
Download Go to
Full URL
https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Requested by
Host: dir.foundation
URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.33.233 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
233.33.117.34.bc.googleusercontent.com
Software
/
Resource Hash
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://dir.foundation/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9
content-type
text/plain; charset=utf-8
date
Tue, 09 Jan 2024 10:19:46 GMT
strict-transport-security
max-age=63072000; includeSubDomains
via
1.1 google

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cerebro.descuentosrata.com
URL
https://cerebro.descuentosrata.com/api/v1/site_settings
Domain
c.bing.com
URL
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=F0BA6222835141E1A56DA44D9A0C6049&RedC=c.clarity.ms&MXFR=2DD0EA35179361B7288EFE3413936FDF
Domain
o.clarity.ms
URL
https://o.clarity.ms/collect
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-4L4BD5W18G&gtm=45je4130v9103037624&_p=1704795582548&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=872421058.1704795583&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1704795582&sct=1&seg=0&dl=https%3A%2F%2Fdescuentosrata.com%2Fredirect%3Furl%3Dhttp%3A%2F%2Fdir.foundation%2F-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5&dt=Links%20DescuentosRata%20%E2%80%94%20Descuentos%20Rata&en=scroll&epn.percent_scrolled=90&_et=2&tfd=1098
Domain
o.clarity.ms
URL
https://o.clarity.ms/collect
Domain
descuentosrata.com
URL
https://descuentosrata.com/cdn-cgi/rum?

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

11 Cookies

Domain/Path Name / Value
.descuentosrata.com/ Name: _ga
Value: GA1.1.872421058.1704795583
.descuentosrata.com/ Name: _ga_4L4BD5W18G
Value: GS1.1.1704795582.1.0.1704795582.0.0.0
.youtube.com/ Name: YSC
Value: Ba7mc9C2nXg
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: hzceao4lOSA
www.clarity.ms/ Name: CLID
Value: d6ae7e3d790d41528a6d6d188e0c8c09.20240109.20250108
.descuentosrata.com/ Name: _clck
Value: 16rlo87%7C2%7Cfi9%7C0%7C1469
.c.clarity.ms/ Name: SM
Value: T
.clarity.ms/ Name: MUID
Value: 2DD0EA35179361B7288EFE3413936FDF
.onesignal.com/ Name: __cf_bm
Value: btvHLGkLvkv5FNEsg8HN6w1JXZQ7DEOciJ6sT5hPeGY-1704795583-1-AYiTdM7gc55LfJyAWstmO+HRaoaROU9J001QS8x/ujR8LFCzc3uQ5NsPQqs/t0VJxx4QtpG0aKSYR+iXpeSxuvk=
.login.live.com/ Name: MSPRequ
Value: id=N&lt=1704795583&co=1
.login.live.com/ Name: uaid
Value: 34f7220e602947d9a6215f5a47d065da

2 Console Messages

Source Level URL
Text
network error URL: https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://msapp.replit.app/wp-rss.php?url=https://dir.foundation/-y5am3Th4RAQ3Eu-d5P1-ruvom3Tl-Q8Kva-8Kv4RA-4G-d58Kvo-y5
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

aadcdn.msftauth.net
c.bing.com
cdn.onesignal.com
cerebro.descuentosrata.com
descuentosrata.com
dir.foundation
fonts.googleapis.com
login.live.com
msapp.replit.app
o.clarity.ms
onesignal.com
region1.google-analytics.com
securepubads.g.doubleclick.net
static.cloudflareinsights.com
tracker.metricool.com
www.clarity.ms
www.googletagmanager.com
www.googletagservices.com
www.youtube.com
c.bing.com
cerebro.descuentosrata.com
descuentosrata.com
o.clarity.ms
region1.google-analytics.com
199.36.158.100
20.190.160.17
2001:4860:4802:32::36
2606:2800:233:78b9:f44e:2c1f:31aa:d9ef
2606:4700:20::681a:76c
2606:4700::6810:3865
2606:4700::6812:d63b
2620:1ec:bdf::45
2a00:1450:4001:802::2008
2a00:1450:4001:806::200a
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a06:98c1:3121::3
34.117.33.233
0019dfc4b32d63c1392aa264aed2253c1e0c2fb09216f8e2cc269bbfb8bb49b5
0271e782d0e49674121fe3f5e703dfbff44ed8de8b8625a006eeb4a9702724d7
0d4b1d3cac9301de736a954339603036307f048098162d3a61c9cfbf03897fe4
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
19e612f1d0da3d04928a91633f88968ec412eabaccf1ee25db6801801740eb9a
1dd500a81978d63772c5212b96a38129a336be1b31904e471b715c55703237c6
21b7788b49bf44f4cd349300a530a113a0917e0a0c676de309227480c4f37bfd
235b558b77ab36f63c1439a68ac2410aaf8f42f7b9c93c0bfdc9af662abab8b6
2b3df4d53882fba74216d365e7344c782145f2faf8e08a2d69c548f5fbc7fbf5
3410242720de50b090d07a23aee2dad879b31d36f2615732962ec4cfa8a9d458
447d27c231910c6b80a42fa6cc225db9d4a7997ac7f115a7fa1f36ea4e40043f
46f2ce6170d3fb1ab46c0e9b69ea8d4fdc9219ebfb86b4fdc55b8a562b67f956
5f8ed1c6daba47079cc52c71de8874476177271aa4f5e5c38ab9baaec824210b
6153d13804862b0fc1c016cf1129f34cb7c6185f2cf4bf1a3a862eecdab50101
632e28011a0b0a682b5f941523f9ffb667663b4c10e74620d60bc1a4ebd554c5
68dde67d759615bf0339fb892e628eadc72fbb3c71365c8402f79c773dbf981a
72a59e70ff639dcbdd2b5ea3707454dd012a3a272226c3d8ac2f2bb1c58ac6f4
8538fa1e11fa1334100b86b0c251b8ffa0b51f5db3e732c23963053686a93dc7
8b6a3b17737161e5fe8c29e401372a94b8e650226cf0cd17b4c3c4de5b380b11
8c79ed1cc14b2155e02b16f86d20e00e51e1788f7fe1580b352a9a286d57c63f
94015466be466e3fd05a4017abe26d11b45d13daeb34d8d24239f2b4eaec73da
a1bc2a76be57673224d82bb9af2071304eb8220fb3d4cd8c6dcf3c465e2ea142
a423ac7e2310bc44a1defeb1f6df180cab8a59442e7f41d093f21649fcc86e69
ac1a9c8a2099c2f44ac37c2b662b281070475ae09475e024c31e2196154919ad
b09a031a5d1c809144341f52fd845a5cf075cdafe805b9c0128961d2c219c532
b15582e5b6bd824282aa2726a59e33c953804ffaefd9f429de891c607011f01c
b4e62a8daa779d16b2c25d343db85f6501e334632b0eeafd7d9f5bc5b8f96367
c19e53f978ff7b02ef7e6b6c9598af5b445830dd7151115408f7fd3c9575742e
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cd81fe3f6c530c586ebc23d23882c4476b4591ce7feeca8d8db0b4223f586361
ce768e83be373f5303ce3117cba6e60874a328c5fb740fb4dbc14989105e0a0d
d5b4407dc7310e326ecdeaa9e11acfa164b27b8d8ee9f4585c50ad8da72e2bd0
d772756f7f30b155def5b4c539d7883b69134c27e64be72d6e2fd98b37718843
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40dbc6da95b47d932014e5a93f35b13a341a37ea6fe7559dca041dc77271cd6
f3ca3118d9eceb4028fb8b62693e34913badaedfc8d62eed83ed744697bf12f9