urlscan.io logo urlscan.io
SecurityTrails logo

ww2.thenannyonthemove.com Open in urlscan Pro
64.190.63.136  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.discount.bankoferica.com/
Effective URL: https://ww2.thenannyonthemove.com/
Submission: On February 13 via api from IE — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 13 domains to perform 23 HTTP transactions. The main IP is 64.190.63.136, located in Germany and belongs to SEDO-AS SEDO GmbH, DE. The main domain is ww2.thenannyonthemove.com.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on February 11th 2025. Valid for: a year.
This is the only time ww2.thenannyonthemove.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 104.247.81.53 206834 (TEAMINTER...)
1 2600:9000:28a... 16509 (AMAZON-02)
2 4 100.29.110.19 14618 (AMAZON-AES)
1 1 104.248.224.96 14061 (DIGITALOC...)
1 1 198.211.113.186 14061 (DIGITALOC...)
1 1 5.161.89.212 213230 (HETZNER-C...)
1 1 2a01:4ff:f3:5... 213230 (HETZNER-C...)
1 5 2606:4700::68... 13335 (CLOUDFLAR...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 64.225.91.73 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 64.190.63.136 47846 (SEDO-AS S...)
1 205.234.175.175 30081 (CACHENETW...)
23 10
4    104.247.81.53 (Canada)

ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE)
www.discount.bankoferica.com
1    2600:9000:28a0:ca00:1d:4618:5c80:21 (United States)

ASN16509 (AMAZON-02, US)
d38psrni17bvxu.cloudfront.net
4    100.29.110.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-29-110-19.compute-1.amazonaws.com
ernus-dop.com
winfr-wtc.com
1    104.248.224.96 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
www.toroexoclk.com
1    198.211.113.186 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
redir.blowingwind.xyz
1    5.161.89.212 (United States)

ASN213230 (HETZNER-CLOUD2-AS Hetzner Online GmbH, DE)
PTR: us-psh2.1push.io
so-gre8.net
1    2a01:4ff:f3:56::1 (Ashburn, United States)

ASN213230 (HETZNER-CLOUD2-AS Hetzner Online GmbH, DE)
track.routes.name
5    2606:4700::6812:a88 (United States)

ASN13335 (CLOUDFLARENET, US)
user-agent.trafficdecisions.com
4    2606:4700::6812:e0e (United States)

ASN13335 (CLOUDFLARENET, US)
go.c0nect.com
2    64.225.91.73 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
thenannyonthemove.com
1    2606:4700::6812:1b2d (United States)

ASN13335 (CLOUDFLARENET, US)
domaincntrol.com
3    64.190.63.136 (Germany)

ASN47846 (SEDO-AS SEDO GmbH, DE)
ww2.thenannyonthemove.com
1    205.234.175.175 (United States)

ASN30081 (CACHENETWORKS, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com
Apex Domain
Subdomains		 Transfer
5 thenannyonthemove.com
thenannyonthemove.com
ww2.thenannyonthemove.com
4 KB
5 trafficdecisions.com
user-agent.trafficdecisions.com — Cisco Umbrella Rank: 253621
6 KB
4 c0nect.com
go.c0nect.com — Cisco Umbrella Rank: 288923
2 KB
4 bankoferica.com
www.discount.bankoferica.com
2 KB
3 ernus-dop.com
ernus-dop.com — Cisco Umbrella Rank: 244718
6 KB
1 sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 80149
15 KB
1 domaincntrol.com
domaincntrol.com — Cisco Umbrella Rank: 314278
556 B
1 routes.name
track.routes.name — Cisco Umbrella Rank: 857926
903 B
1 so-gre8.net
so-gre8.net — Cisco Umbrella Rank: 50029
432 B
1 winfr-wtc.com
winfr-wtc.com — Cisco Umbrella Rank: 353246
3 KB
1 blowingwind.xyz
redir.blowingwind.xyz
481 B
1 toroexoclk.com
www.toroexoclk.com — Cisco Umbrella Rank: 112373
1 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
794 B
23 13
Domain Requested by
5 user-agent.trafficdecisions.com 1 redirects winfr-wtc.com
user-agent.trafficdecisions.com
4 go.c0nect.com
4 www.discount.bankoferica.com d38psrni17bvxu.cloudfront.net
www.discount.bankoferica.com
3 ww2.thenannyonthemove.com thenannyonthemove.com
ww2.thenannyonthemove.com
3 ernus-dop.com 2 redirects www.discount.bankoferica.com
2 thenannyonthemove.com
1 img.sedoparking.com
1 domaincntrol.com thenannyonthemove.com
1 track.routes.name 1 redirects
1 so-gre8.net 1 redirects
1 winfr-wtc.com ernus-dop.com
1 redir.blowingwind.xyz 1 redirects
1 www.toroexoclk.com 1 redirects
1 d38psrni17bvxu.cloudfront.net www.discount.bankoferica.com
23 14

This site contains no links.

Subject Issuer Validity Valid
www.discount.bankoferica.com
R11		 2024-12-04 -
2025-03-04		 3 months crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2024-07-30 -
2025-07-03		 a year crt.sh
ernus-dop.com
Amazon RSA 2048 M02		 2024-11-22 -
2025-12-22		 a year crt.sh
zeropark.com
Amazon RSA 2048 M02		 2024-06-11 -
2025-07-09		 a year crt.sh
trafficdecisions.com
WE1		 2025-01-27 -
2025-04-27		 3 months crt.sh
c0nect.com
WE1		 2025-02-03 -
2025-05-04		 3 months crt.sh
thenannyonthemove.com
E5		 2025-01-13 -
2025-04-13		 3 months crt.sh
domaincntrol.com
WE1		 2025-01-17 -
2025-04-17		 3 months crt.sh
ww2.thenannyonthemove.com
Encryption Everywhere DV TLS CA - G2		 2025-02-11 -
2026-02-10		 a year crt.sh
*.cachefly.net
GlobalSign RSA OV SSL CA 2018		 2024-11-12 -
2025-12-14		 a year crt.sh

This page contains 2 frames:

Frame: https://ww2.thenannyonthemove.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D%2AM5HGpxxFZs_0&v=MTI0NzY1YWMwMTNhYWNlMDc0NWY3OTVjOGNkOGJmMGIJMQl3dzIudGhlbmFubnlvbnRoZW1vdmUuY29tNjdhZTJmNWNmM2YwODkuNDU3MTExMzIJd3cyLnRoZW5hbm55b250aGVtb3ZlLmNvbTY3YWUyZjVjZjNmMzcwLjcxODk1MjExCTE3Mzk0Njg2MzgJYWRfNjNfMA%3D%3D&l=ogcijK-lD0MnKbV-vJ8TY6Mf_cu1XNjDrg_nhoeGUjc-jFbl94GN3AFUFARuLhusaiZ60W-G5X_V6-Jnb95W2G_98vuGQJxEyBVD6VGUhaEJfBp7pEL4w4V555g_V0838UbGV5jK4d03h1y329wYRLV_Hzpa8S6qwbDaJvYw6sGmdBFU7qcA75_CpcB4LE2w1g9GLoskEPxImnnz6hG0OhGET43YJyAkT6ZAmH0LfJ1jwuAzxbzpwq2Lcx3UrTwlXTUsPhRv0X_I-_l6DsnyEsIJkZP6pZNkhqgFnmuYCM7ds3ni0TrojKjBPkd55j1mpWE81OU7at7-fVaDsAk-sTj1rZmJU-zBdYFjiqrXuADrr6ze9fd3sK-x2XctE_ar9QOsTk0Ms340TueyT6iBYQerEDmPmKr672E-7HSpaABmsU2HINtOKfOsosOa3dFOu_Lw1cllsWeim3XTraPne7gLQtF5M08AXmMRgefk91wcd59jdyeDRiO4N_6-hEjJegY5LvX0ny_Fr0srVvhWBW7GVQL-NfhgOedJC_XqgLTC8bb6s6Zax69CfeXeoHD9BW6JNQ6K0YkJSDpOXsFbqGx-RtfWL2Z_ixXwZBdFNBect-CrM5QPVC7XzJgZYjyhtDBpZljBY_5WjGZgcBvCQ37i8mJnDN24TPoNx8egjtyOLn8qtJk7u9_SWpkul0za5p1ivhV7bNGFvm054mKdHgh7g
Frame ID: 264742207E568A2D0B58E80A3CFBFAD2
Requests: 21 HTTP requests in this frame

Frame: https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/main.js
Frame ID: 8302D1561D22268F77A0DDBAD5374D8F
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

thenannyonthemove.com - thenannyonthemove Resources and Information.

Page URL History Show full URLs

  1. https://www.discount.bankoferica.com/ Page URL
  2. https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=16114675-ea32-11ef-8dda-0afffadaeb63&type=js&browserWid... HTTP 302
    http://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d... HTTP 307
    https://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d... HTTP 302
    https://redir.blowingwind.xyz/feed/click/?t1=128&tid=91&uid=59&subid=926_13817081303_bankoferica.com&id=68... HTTP 302
    http://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad... HTTP 307
    https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad... Page URL
  4. https://ernus-dop.com/zclkredirect?visitid=16151702-ea32-11ef-9c37-12c8eabf969d&type=js&browserWid... HTTP 302
    https://so-gre8.net/r/G9Al3phsIuhkY1IWv4IkrEJy-AMGZ_MQBnXVGa5jD3zgPxw2G0a2gj-SSLuZYce3_hnCpKTAp8... HTTP 302
    https://track.routes.name/67aa80f286c63cbf03556b56?sub1=471482&sub2=UNKNOWN&sub3=2868796&sub4=893098&s... HTTP 302
    https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417 Page URL
  5. https://go.c0nect.com/?t=3&cid=67ae2f5adc0bdbef926df417 Page URL
  6. https://go.c0nect.com/?d=undefined&t=3-post&8s4n53_source=1739468635009&8s4n53_domain=http%3A%2F%2... Page URL
  7. http://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417 HTTP 307
    https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417 Page URL
  8. http://ww2.thenannyonthemove.com/ HTTP 307
    https://ww2.thenannyonthemove.com/ Page URL

Page Statistics

23
Requests

87 %
HTTPS

38 %
IPv6

13
Domains

14
Subdomains

10
IPs

3
Countries

36 kB
Transfer

39 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.discount.bankoferica.com/ Page URL
  2. https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=162e4453-ea32-11ef-8dda-0afffadaeb63 Page URL
  3. https://ernus-dop.com/zclkredirect?visitid=16114675-ea32-11ef-8dda-0afffadaeb63&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    http://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbdcd5e545498dfa53b3ad6a7180d2a6a71a4aca89fa191b62f92d618a38cb962209f0d36e08d0829c534244758f39e90e73498358c190bc4110025075a83497f0bd34da8628d06d96f2ebb0a941c008656dfd07f0ac90dba316e03084d614ec8870209e761147432c55763718c61173bdc182c68a4a05cf1d5e2507024e064feb7296b8e6a0f9e13bee722a794e6a601347bdc2837fb244c8c7efe84ebb870a26803f0e9cc0f7aa1751ff12751ef0efff1fd2a8fcbd519baff7090e4c180457a65321748bc983fe371d4e68cab26868f482f80489cc64cc1b354ab459e7831e4f97ca9ed300312a6c0102faf0f6e9c42e5b6852eecfc3c4bad1b7b8c58c914928d9dbb7f273a1e420c63043f657aaaa4248cd03c45d1068ca8ece8c77cc52f2466ab31bb64ba35d8db5068252230a2c6450a5c79950bff16cdbfc68cde545600a13f8b9e30058b23e9047d7d375a1e6ca781ea83682dfcc9034af18921e0085c6bd2662612180c07fb70051be64f5291b59c8830dfe23ccfcaf46fe7881fe543d73f13219be5d66a6c6c812786db65b75b6357ff8cf672f94582437cf8d97fae667efb4d8a5e7659504c6bb0cc277d1b0245cf189fcdf062f0da79f338600ccfa6ffaa8e8cb0a61cdfd701a96d9528e0b029c5728a6745a79c63135e2fecb824dcbdf9da9ac38acac9f4f06ba95dfee8f1ddcb39c7cc432c72a1b44b5892bac02f254e05bfc9e867b5896c2050a8148b42119f374e5ef8f9cb269797ca7d3bef3d3151ed319cf79b9e12aafc398dac5079af36889ca906dc38c88ba3cbc4304ee525429c4aca3e8d0c95e2522825be5a45ec59f9fcebad54be20ea745d07374529d9d5a9d11455a8817cee78729f60ba9c44e9613bb744b43c23403a9a2227d51b9a2f34ce9d955af087761e10d02c1e60445a06ed1d4020700af5f51d42c72fbe4b84d57455a784f6963e450dc456499092382c537aad3407f3ce2ff79b258aef8e451b05abeadf69fa6a20387aecb96f0c39c613b68fa036f29ac5b2017d35a1a6f957f021c951a9bc0123e363eff9822deca50e52504b3e61ca10ba672e7d5b5e1957ab74938cc43a167d78ef0b56dd7fda6868760f7dec214107456460b1879b4bf81b7e21d3886bfdee556b267b0fc9f683930c43f5901f83da998e986214c65df699c968f5f5d2e3d43fc9641e44a875fdf9b843986e71103f2585eb28d464ea4d9bf7738219128d9ea217b73ccffbc6066f002dd8d1fd3e3ae94239a394c290db14c73d13045dabbba5107b34510854e7b7fb0b058c7fdb55099868408045195b371819bfa5dc3d9bedbd3048ae4c364ce19e62d2ecb131ba05c307e3ac84573d4705f3daf6f24f80dc193ca6cfecaa8fa7b86648943ca9ee730a97c4cd2156f5be56b2108a6cb4d256642fec99e48f1c4198682695fe73d60bd2afd64c9592258d6851915118acfa1be01f4dcf7346bedd5dfab02ecc6c5e5727d56082626c654194faac4e389e51d0adf319d65b1b77f3bec18442e64fa64870690f6d56c763c0c0e72580e9eb606506ab3cc2242de386d43fa33c5446c52c57d3d9a72392a7cb9516d21b1fe3528527a451b78e2aaa9171be5c604369897dfc8b9e8e71b3299048ad4717d15b128f43c6e4e859f2b5557249b594d7876ce5850191129ddf468b1f9aec5ed9234cb10b88db57cbd382886ef0f5da8fef2ee4c6a6cfa0b2d937605da86686862a49e22f8ad378e95ec0f7c38e86124d152828f8b33f99ad95bce1159b7696ccf09b261a6bbe0bc1cec972b50d7cc9564105df29b9703516ec25f0e874cb23bcd84b12db61f00b79ab18c33381df4fe9bf612d66769b8bb5f30c143476c4b08c3fa16e3cc4904dba16aecad99f3cf08dc97f4faaddf5 HTTP 307
    https://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbdcd5e545498dfa53b3ad6a7180d2a6a71a4aca89fa191b62f92d618a38cb962209f0d36e08d0829c534244758f39e90e73498358c190bc4110025075a83497f0bd34da8628d06d96f2ebb0a941c008656dfd07f0ac90dba316e03084d614ec8870209e761147432c55763718c61173bdc182c68a4a05cf1d5e2507024e064feb7296b8e6a0f9e13bee722a794e6a601347bdc2837fb244c8c7efe84ebb870a26803f0e9cc0f7aa1751ff12751ef0efff1fd2a8fcbd519baff7090e4c180457a65321748bc983fe371d4e68cab26868f482f80489cc64cc1b354ab459e7831e4f97ca9ed300312a6c0102faf0f6e9c42e5b6852eecfc3c4bad1b7b8c58c914928d9dbb7f273a1e420c63043f657aaaa4248cd03c45d1068ca8ece8c77cc52f2466ab31bb64ba35d8db5068252230a2c6450a5c79950bff16cdbfc68cde545600a13f8b9e30058b23e9047d7d375a1e6ca781ea83682dfcc9034af18921e0085c6bd2662612180c07fb70051be64f5291b59c8830dfe23ccfcaf46fe7881fe543d73f13219be5d66a6c6c812786db65b75b6357ff8cf672f94582437cf8d97fae667efb4d8a5e7659504c6bb0cc277d1b0245cf189fcdf062f0da79f338600ccfa6ffaa8e8cb0a61cdfd701a96d9528e0b029c5728a6745a79c63135e2fecb824dcbdf9da9ac38acac9f4f06ba95dfee8f1ddcb39c7cc432c72a1b44b5892bac02f254e05bfc9e867b5896c2050a8148b42119f374e5ef8f9cb269797ca7d3bef3d3151ed319cf79b9e12aafc398dac5079af36889ca906dc38c88ba3cbc4304ee525429c4aca3e8d0c95e2522825be5a45ec59f9fcebad54be20ea745d07374529d9d5a9d11455a8817cee78729f60ba9c44e9613bb744b43c23403a9a2227d51b9a2f34ce9d955af087761e10d02c1e60445a06ed1d4020700af5f51d42c72fbe4b84d57455a784f6963e450dc456499092382c537aad3407f3ce2ff79b258aef8e451b05abeadf69fa6a20387aecb96f0c39c613b68fa036f29ac5b2017d35a1a6f957f021c951a9bc0123e363eff9822deca50e52504b3e61ca10ba672e7d5b5e1957ab74938cc43a167d78ef0b56dd7fda6868760f7dec214107456460b1879b4bf81b7e21d3886bfdee556b267b0fc9f683930c43f5901f83da998e986214c65df699c968f5f5d2e3d43fc9641e44a875fdf9b843986e71103f2585eb28d464ea4d9bf7738219128d9ea217b73ccffbc6066f002dd8d1fd3e3ae94239a394c290db14c73d13045dabbba5107b34510854e7b7fb0b058c7fdb55099868408045195b371819bfa5dc3d9bedbd3048ae4c364ce19e62d2ecb131ba05c307e3ac84573d4705f3daf6f24f80dc193ca6cfecaa8fa7b86648943ca9ee730a97c4cd2156f5be56b2108a6cb4d256642fec99e48f1c4198682695fe73d60bd2afd64c9592258d6851915118acfa1be01f4dcf7346bedd5dfab02ecc6c5e5727d56082626c654194faac4e389e51d0adf319d65b1b77f3bec18442e64fa64870690f6d56c763c0c0e72580e9eb606506ab3cc2242de386d43fa33c5446c52c57d3d9a72392a7cb9516d21b1fe3528527a451b78e2aaa9171be5c604369897dfc8b9e8e71b3299048ad4717d15b128f43c6e4e859f2b5557249b594d7876ce5850191129ddf468b1f9aec5ed9234cb10b88db57cbd382886ef0f5da8fef2ee4c6a6cfa0b2d937605da86686862a49e22f8ad378e95ec0f7c38e86124d152828f8b33f99ad95bce1159b7696ccf09b261a6bbe0bc1cec972b50d7cc9564105df29b9703516ec25f0e874cb23bcd84b12db61f00b79ab18c33381df4fe9bf612d66769b8bb5f30c143476c4b08c3fa16e3cc4904dba16aecad99f3cf08dc97f4faaddf5 HTTP 302
    https://redir.blowingwind.xyz/feed/click/?t1=128&tid=91&uid=59&subid=926_13817081303_bankoferica.com&id=68472143592f7b3265acc334b7af5aeb:f785f0ffb8f077b28b3e3cd01def778904fce82cd963e78bcbb5b93a18127dd7d976f00c4e0464ca7ae15772c082bf247990e34bfee96477b81b8597969c8b3ae7f1e9e18c4ee3ffca075af665a651b5d18991d04b69d0641fdab30df75b7c5dafa1fa36a6b3245b66aa8bb8c2233c183ab3be17b059502ea5c23d38bbd164150bfe3b7972be5be433f4b4d3aaad25f1814922559b411cbc642eec14ab32855c4960d6be8bef1b8e9004f6a0c0859d2d1e1caa9a6fee80375bde75c9a9a6d4dcdcfcdf6ed892d2d06fad6a807ce0114f6117db4f22d1a14a5d3cc64eefcc56f9770038629bcf098bef0d2d60018264e646c676ccc85f9ca4a36e4c10f0086cd41a6d6870c53d9fc150183bd03dc4cc43cb6de94fbe1b6491acc09ea159ab4ba6f317da132aaceabaae644f96d19d00e48079aca67953d1289194228d704d406f80abd81b3ea9004cb7f75b224437f01f2804cf9d655050dda8ed0f32939a30f77dee3eba41157b82e5f57aee3ed36a8beec5f778d712fb2ac6a6d6754d47aab95c29560b7d239ed66bdaa4adcf465e0c16ef771ba439388e6366d8ea26993774ec5e6b1a287d6f8581c544d7a12c51efeaa476d9971776fa8a7d22395072430ebb28ba82c5379721e44deb896f5b50bb HTTP 302
    http://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d HTTP 307
    https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d Page URL
  4. https://ernus-dop.com/zclkredirect?visitid=16151702-ea32-11ef-9c37-12c8eabf969d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
    https://so-gre8.net/r/G9Al3phsIuhkY1IWv4IkrEJy-AMGZ_MQBnXVGa5jD3zgPxw2G0a2gj-SSLuZYce3_hnCpKTAp8mE4kcc5fd3yumIMNTbZ1SvnSc2_sOCvlyYljN5VGvuoqQ0gep1kdSUHjFtwTEVZK8N6nyRymcoXl9q6M4-iNoyM3uRdw_IyOpClB8tuycz2iWtIJnQl4jP-3L5n66xCOzBj8aNfvYsWUBMgjwQdE5b5JsrMUv5tQroo6z40_Bslx-CVYTLBTPwV-us5fzH8qxFEK03ktGWTnzbAARPbKY4PSgXKlwcHoz5pOmEdlCy6xqnOeneJlIw_tAXUvbRzCUP6POfVjIqgEiGmJuFEB0O3fBqlbEi_3MfewDu4nvwB43UGUQ4kROCAHPZ6n2agdc6rl6uu31FJDf02GVKKIUYXvea4eVrGnZuUKvDzVk5-pCFW4MapqE38XqYKmGUHBbj8ubKAbjiOSAF2jCuwGzeIEUm__6YJ05NPlEYq2971NGd9uANGjgfMZnevVclwtctSpT-I4xO0PFYmQcqJJ5IrQCoYP1exlfXOcqe5Qm_3yyyQtVLZ5tYUnVFtv1EtFbb7dHfl3MSTo_-eIP5jkT11YRlTVAXE8fK8LWlr-uDQktBNi6sgasLMEe3qv6qPV5Sx-34bOUhngt8VKjfxB-TE1GosjdOmCc3tSwaIt9QIz-Z7c0v9S9IkIo6U9qZJ0txp-8cK3LJplcOqkP0P8NxRACbRxIwcpm1Shak78RSO9LCZZc HTTP 302
    https://track.routes.name/67aa80f286c63cbf03556b56?sub1=471482&sub2=UNKNOWN&sub3=2868796&sub4=893098&sub5=Verizon+Internet+Services&sub6=desktop&sub7=Chrome&sub8=110&sub9=macos&sub10=osx_ventura&ref_id=GKkBONkIaKrBNnC8jK8B6AG64xyAAouCoIbe2emuAg&cost=0.0010 HTTP 302
    https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417 Page URL
  5. https://go.c0nect.com/?t=3&cid=67ae2f5adc0bdbef926df417 Page URL
  6. https://go.c0nect.com/?d=undefined&t=3-post&8s4n53_source=1739468635009&8s4n53_domain=http%3A%2F%2Fthenannyonthemove.com%3Futm_source%3Dgoogle%26cid%3D67ae2f5adc0bdbef926df417 Page URL
  7. http://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417 HTTP 307
    https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417 Page URL
  8. http://ww2.thenannyonthemove.com/ HTTP 307
    https://ww2.thenannyonthemove.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://ernus-dop.com/zclkredirect?visitid=16114675-ea32-11ef-8dda-0afffadaeb63&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • http://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbdcd5e545498dfa53b3ad6a7180d2a6a71a4aca89fa191b62f92d618a38cb962209f0d36e08d0829c534244758f39e90e73498358c190bc4110025075a83497f0bd34da8628d06d96f2ebb0a941c008656dfd07f0ac90dba316e03084d614ec8870209e761147432c55763718c61173bdc182c68a4a05cf1d5e2507024e064feb7296b8e6a0f9e13bee722a794e6a601347bdc2837fb244c8c7efe84ebb870a26803f0e9cc0f7aa1751ff12751ef0efff1fd2a8fcbd519baff7090e4c180457a65321748bc983fe371d4e68cab26868f482f80489cc64cc1b354ab459e7831e4f97ca9ed300312a6c0102faf0f6e9c42e5b6852eecfc3c4bad1b7b8c58c914928d9dbb7f273a1e420c63043f657aaaa4248cd03c45d1068ca8ece8c77cc52f2466ab31bb64ba35d8db5068252230a2c6450a5c79950bff16cdbfc68cde545600a13f8b9e30058b23e9047d7d375a1e6ca781ea83682dfcc9034af18921e0085c6bd2662612180c07fb70051be64f5291b59c8830dfe23ccfcaf46fe7881fe543d73f13219be5d66a6c6c812786db65b75b6357ff8cf672f94582437cf8d97fae667efb4d8a5e7659504c6bb0cc277d1b0245cf189fcdf062f0da79f338600ccfa6ffaa8e8cb0a61cdfd701a96d9528e0b029c5728a6745a79c63135e2fecb824dcbdf9da9ac38acac9f4f06ba95dfee8f1ddcb39c7cc432c72a1b44b5892bac02f254e05bfc9e867b5896c2050a8148b42119f374e5ef8f9cb269797ca7d3bef3d3151ed319cf79b9e12aafc398dac5079af36889ca906dc38c88ba3cbc4304ee525429c4aca3e8d0c95e2522825be5a45ec59f9fcebad54be20ea745d07374529d9d5a9d11455a8817cee78729f60ba9c44e9613bb744b43c23403a9a2227d51b9a2f34ce9d955af087761e10d02c1e60445a06ed1d4020700af5f51d42c72fbe4b84d57455a784f6963e450dc456499092382c537aad3407f3ce2ff79b258aef8e451b05abeadf69fa6a20387aecb96f0c39c613b68fa036f29ac5b2017d35a1a6f957f021c951a9bc0123e363eff9822deca50e52504b3e61ca10ba672e7d5b5e1957ab74938cc43a167d78ef0b56dd7fda6868760f7dec214107456460b1879b4bf81b7e21d3886bfdee556b267b0fc9f683930c43f5901f83da998e986214c65df699c968f5f5d2e3d43fc9641e44a875fdf9b843986e71103f2585eb28d464ea4d9bf7738219128d9ea217b73ccffbc6066f002dd8d1fd3e3ae94239a394c290db14c73d13045dabbba5107b34510854e7b7fb0b058c7fdb55099868408045195b371819bfa5dc3d9bedbd3048ae4c364ce19e62d2ecb131ba05c307e3ac84573d4705f3daf6f24f80dc193ca6cfecaa8fa7b86648943ca9ee730a97c4cd2156f5be56b2108a6cb4d256642fec99e48f1c4198682695fe73d60bd2afd64c9592258d6851915118acfa1be01f4dcf7346bedd5dfab02ecc6c5e5727d56082626c654194faac4e389e51d0adf319d65b1b77f3bec18442e64fa64870690f6d56c763c0c0e72580e9eb606506ab3cc2242de386d43fa33c5446c52c57d3d9a72392a7cb9516d21b1fe3528527a451b78e2aaa9171be5c604369897dfc8b9e8e71b3299048ad4717d15b128f43c6e4e859f2b5557249b594d7876ce5850191129ddf468b1f9aec5ed9234cb10b88db57cbd382886ef0f5da8fef2ee4c6a6cfa0b2d937605da86686862a49e22f8ad378e95ec0f7c38e86124d152828f8b33f99ad95bce1159b7696ccf09b261a6bbe0bc1cec972b50d7cc9564105df29b9703516ec25f0e874cb23bcd84b12db61f00b79ab18c33381df4fe9bf612d66769b8bb5f30c143476c4b08c3fa16e3cc4904dba16aecad99f3cf08dc97f4faaddf5 HTTP 307
  • https://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbdcd5e545498dfa53b3ad6a7180d2a6a71a4aca89fa191b62f92d618a38cb962209f0d36e08d0829c534244758f39e90e73498358c190bc4110025075a83497f0bd34da8628d06d96f2ebb0a941c008656dfd07f0ac90dba316e03084d614ec8870209e761147432c55763718c61173bdc182c68a4a05cf1d5e2507024e064feb7296b8e6a0f9e13bee722a794e6a601347bdc2837fb244c8c7efe84ebb870a26803f0e9cc0f7aa1751ff12751ef0efff1fd2a8fcbd519baff7090e4c180457a65321748bc983fe371d4e68cab26868f482f80489cc64cc1b354ab459e7831e4f97ca9ed300312a6c0102faf0f6e9c42e5b6852eecfc3c4bad1b7b8c58c914928d9dbb7f273a1e420c63043f657aaaa4248cd03c45d1068ca8ece8c77cc52f2466ab31bb64ba35d8db5068252230a2c6450a5c79950bff16cdbfc68cde545600a13f8b9e30058b23e9047d7d375a1e6ca781ea83682dfcc9034af18921e0085c6bd2662612180c07fb70051be64f5291b59c8830dfe23ccfcaf46fe7881fe543d73f13219be5d66a6c6c812786db65b75b6357ff8cf672f94582437cf8d97fae667efb4d8a5e7659504c6bb0cc277d1b0245cf189fcdf062f0da79f338600ccfa6ffaa8e8cb0a61cdfd701a96d9528e0b029c5728a6745a79c63135e2fecb824dcbdf9da9ac38acac9f4f06ba95dfee8f1ddcb39c7cc432c72a1b44b5892bac02f254e05bfc9e867b5896c2050a8148b42119f374e5ef8f9cb269797ca7d3bef3d3151ed319cf79b9e12aafc398dac5079af36889ca906dc38c88ba3cbc4304ee525429c4aca3e8d0c95e2522825be5a45ec59f9fcebad54be20ea745d07374529d9d5a9d11455a8817cee78729f60ba9c44e9613bb744b43c23403a9a2227d51b9a2f34ce9d955af087761e10d02c1e60445a06ed1d4020700af5f51d42c72fbe4b84d57455a784f6963e450dc456499092382c537aad3407f3ce2ff79b258aef8e451b05abeadf69fa6a20387aecb96f0c39c613b68fa036f29ac5b2017d35a1a6f957f021c951a9bc0123e363eff9822deca50e52504b3e61ca10ba672e7d5b5e1957ab74938cc43a167d78ef0b56dd7fda6868760f7dec214107456460b1879b4bf81b7e21d3886bfdee556b267b0fc9f683930c43f5901f83da998e986214c65df699c968f5f5d2e3d43fc9641e44a875fdf9b843986e71103f2585eb28d464ea4d9bf7738219128d9ea217b73ccffbc6066f002dd8d1fd3e3ae94239a394c290db14c73d13045dabbba5107b34510854e7b7fb0b058c7fdb55099868408045195b371819bfa5dc3d9bedbd3048ae4c364ce19e62d2ecb131ba05c307e3ac84573d4705f3daf6f24f80dc193ca6cfecaa8fa7b86648943ca9ee730a97c4cd2156f5be56b2108a6cb4d256642fec99e48f1c4198682695fe73d60bd2afd64c9592258d6851915118acfa1be01f4dcf7346bedd5dfab02ecc6c5e5727d56082626c654194faac4e389e51d0adf319d65b1b77f3bec18442e64fa64870690f6d56c763c0c0e72580e9eb606506ab3cc2242de386d43fa33c5446c52c57d3d9a72392a7cb9516d21b1fe3528527a451b78e2aaa9171be5c604369897dfc8b9e8e71b3299048ad4717d15b128f43c6e4e859f2b5557249b594d7876ce5850191129ddf468b1f9aec5ed9234cb10b88db57cbd382886ef0f5da8fef2ee4c6a6cfa0b2d937605da86686862a49e22f8ad378e95ec0f7c38e86124d152828f8b33f99ad95bce1159b7696ccf09b261a6bbe0bc1cec972b50d7cc9564105df29b9703516ec25f0e874cb23bcd84b12db61f00b79ab18c33381df4fe9bf612d66769b8bb5f30c143476c4b08c3fa16e3cc4904dba16aecad99f3cf08dc97f4faaddf5 HTTP 302
  • https://redir.blowingwind.xyz/feed/click/?t1=128&tid=91&uid=59&subid=926_13817081303_bankoferica.com&id=68472143592f7b3265acc334b7af5aeb:f785f0ffb8f077b28b3e3cd01def778904fce82cd963e78bcbb5b93a18127dd7d976f00c4e0464ca7ae15772c082bf247990e34bfee96477b81b8597969c8b3ae7f1e9e18c4ee3ffca075af665a651b5d18991d04b69d0641fdab30df75b7c5dafa1fa36a6b3245b66aa8bb8c2233c183ab3be17b059502ea5c23d38bbd164150bfe3b7972be5be433f4b4d3aaad25f1814922559b411cbc642eec14ab32855c4960d6be8bef1b8e9004f6a0c0859d2d1e1caa9a6fee80375bde75c9a9a6d4dcdcfcdf6ed892d2d06fad6a807ce0114f6117db4f22d1a14a5d3cc64eefcc56f9770038629bcf098bef0d2d60018264e646c676ccc85f9ca4a36e4c10f0086cd41a6d6870c53d9fc150183bd03dc4cc43cb6de94fbe1b6491acc09ea159ab4ba6f317da132aaceabaae644f96d19d00e48079aca67953d1289194228d704d406f80abd81b3ea9004cb7f75b224437f01f2804cf9d655050dda8ed0f32939a30f77dee3eba41157b82e5f57aee3ed36a8beec5f778d712fb2ac6a6d6754d47aab95c29560b7d239ed66bdaa4adcf465e0c16ef771ba439388e6366d8ea26993774ec5e6b1a287d6f8581c544d7a12c51efeaa476d9971776fa8a7d22395072430ebb28ba82c5379721e44deb896f5b50bb HTTP 302
  • http://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d HTTP 307
  • https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Request Chain 7
  • https://ernus-dop.com/zclkredirect?visitid=16151702-ea32-11ef-9c37-12c8eabf969d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel%20Iris%20OpenGL%20Engine&timezone=UTC-10%3A00&timezoneName=Pacific%2FHonolulu HTTP 302
  • https://so-gre8.net/r/G9Al3phsIuhkY1IWv4IkrEJy-AMGZ_MQBnXVGa5jD3zgPxw2G0a2gj-SSLuZYce3_hnCpKTAp8mE4kcc5fd3yumIMNTbZ1SvnSc2_sOCvlyYljN5VGvuoqQ0gep1kdSUHjFtwTEVZK8N6nyRymcoXl9q6M4-iNoyM3uRdw_IyOpClB8tuycz2iWtIJnQl4jP-3L5n66xCOzBj8aNfvYsWUBMgjwQdE5b5JsrMUv5tQroo6z40_Bslx-CVYTLBTPwV-us5fzH8qxFEK03ktGWTnzbAARPbKY4PSgXKlwcHoz5pOmEdlCy6xqnOeneJlIw_tAXUvbRzCUP6POfVjIqgEiGmJuFEB0O3fBqlbEi_3MfewDu4nvwB43UGUQ4kROCAHPZ6n2agdc6rl6uu31FJDf02GVKKIUYXvea4eVrGnZuUKvDzVk5-pCFW4MapqE38XqYKmGUHBbj8ubKAbjiOSAF2jCuwGzeIEUm__6YJ05NPlEYq2971NGd9uANGjgfMZnevVclwtctSpT-I4xO0PFYmQcqJJ5IrQCoYP1exlfXOcqe5Qm_3yyyQtVLZ5tYUnVFtv1EtFbb7dHfl3MSTo_-eIP5jkT11YRlTVAXE8fK8LWlr-uDQktBNi6sgasLMEe3qv6qPV5Sx-34bOUhngt8VKjfxB-TE1GosjdOmCc3tSwaIt9QIz-Z7c0v9S9IkIo6U9qZJ0txp-8cK3LJplcOqkP0P8NxRACbRxIwcpm1Shak78RSO9LCZZc HTTP 302
  • https://track.routes.name/67aa80f286c63cbf03556b56?sub1=471482&sub2=UNKNOWN&sub3=2868796&sub4=893098&sub5=Verizon+Internet+Services&sub6=desktop&sub7=Chrome&sub8=110&sub9=macos&sub10=osx_ventura&ref_id=GKkBONkIaKrBNnC8jK8B6AG64xyAAouCoIbe2emuAg&cost=0.0010 HTTP 302
  • https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417
Request Chain 8
  • https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/main.js
Request Chain 14
  • http://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417 HTTP 307
  • https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.discount.bankoferica.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.discount.bankoferica.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy Caddy /
Resource Hash
3750f9c9ce0ce9c6a08380f18ca4071026b94f6b6ce30797050f2248dd70a42f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":8443"; ma=2592000
content-encoding
gzip
content-length
1357
content-type
text/html; charset=UTF-8
date
Thu, 13 Feb 2025 17:43:51 GMT
server
Caddy Caddy
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_pRrsY3wTDM2U3SRx+9R5t6WJuRtt72L3PQiU2Xyek0kXOQlqt5tzPfFFg3S5LaPA74VbnS1QWV5MhExfCqTnqA==
x-buckets
bucket018,bucket088,bucket089,bucket077
x-domain
bankoferica.com
x-language
english
x-pcrew-blocked-reason
x-pcrew-ip-organization
Verizon Internet Services
x-redirect
zeropark_zeroclick
x-subdomain
www.discount
x-template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: www.discount.bankoferica.com
URL: https://www.discount.bankoferica.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:28a0:ca00:1d:4618:5c80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
1ea543e1c0e8e7656a0846a397055ed10469c05c5ab555076f850df0b557d3f9

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://www.discount.bankoferica.com/

Response headers

content-encoding
gzip
etag
"d7ee6y3j8oz5uy-gzip"
age
84627
via
1.1 5857f2880c625037553dfc3541838030.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
453
x-amz-cf-id
P0yRH9Xms-y8c1VfvegI1LtV1_O5GLqq0pAlk9ZvUKGpaQhJ-QkJww==
date
Wed, 12 Feb 2025 18:13:24 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 29 Jan 2025 07:52:18 GMT
server
nginx
x-amz-cf-pop
IAD61-P7
vary
Accept-Encoding
browserjs
www.discount.bankoferica.com/munin/a/tr/ 		0
55 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.discount.bankoferica.com/munin/a/tr/browserjs?domain=bankoferica.com&toggle=browserjs&uid=MTczOTQ2ODYzMS4wOTEyOmExMWNlODgyNDU5MGQxYzUyZWFkNjcxOWFjMzcwNGJiMzg2MDY5Y2IyOGZkMTA4NmFlNGY4NTA1OGY5ZTQ4OTQ6NjdhZTJmNTcxNjQxMQ%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, Caddy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://www.discount.bankoferica.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
rtt
100
downlink
10

Response headers

accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
content-length
0
date
Thu, 13 Feb 2025 17:43:51 GMT
content-type
text/html; charset=UTF-8
server
Caddy, Caddy
ls
www.discount.bankoferica.com/munin/a/ 		0
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.discount.bankoferica.com/munin/a/ls?t=67ae2f57&token=e5c927e9851456fb6889a71ebf9594d35c054540
Requested by
Host: www.discount.bankoferica.com
URL: https://www.discount.bankoferica.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, Caddy /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.discount.bankoferica.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
rtt
100
downlink
10

Response headers

access-control-max-age
86400
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
access-control-allow-methods
POST, OPTIONS
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_PaisVaB9fu2o8Uk+DMcWQozBrctPQhpLaYQb5aMSfqTLyPvnj8awipEhBwH4jYjRqWrLEh/K18WoEIRrEvsp9A==
accept-ch-lifetime
30
status
201 Created
x-log-success
67ae2f5773f00144630725ec
access-control-allow-origin
alt-svc
h3=":8443"; ma=2592000
content-length
0
date
Thu, 13 Feb 2025 17:43:51 GMT
charset
utf-8
content-type
text/javascript;charset=UTF-8
server
Caddy, Caddy
click
www.discount.bankoferica.com/munin/a/tr/ 		0
52 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.discount.bankoferica.com/munin/a/tr/click?click=e0d2e35c7bd7c6e6455b4effa381c90394252062&domain=bankoferica.com&uid=MTczOTQ2ODYzMS4wOTEyOmExMWNlODgyNDU5MGQxYzUyZWFkNjcxOWFjMzcwNGJiMzg2MDY5Y2IyOGZkMTA4NmFlNGY4NTA1OGY5ZTQ4OTQ6NjdhZTJmNTcxNjQxMQ%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTgsYnVja2V0MDg4LGJ1Y2tldDA4OSxidWNrZXQwNzd8fHx8fHw2N2FlMmY1NzE2M2RifHx8MTczOTQ2ODYzMS4zMzl8NDA5MzgxMDdjODk4N2VlZTM5ZWI4NTcwNzc3YjliZjU5ZDA1ZmUwOHx8fHx8MXx8MHwwfHx8fDF8fHx8fDB8MHx8fHx8fHx8fHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fGU1YzkyN2U5ODUxNDU2ZmI2ODg5YTcxZWJmOTU5NGQzNWMwNTQ1NDB8MHx8MHwwfDU4Mzc4ODM5NTl8fHx8&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.247.81.53 , Canada, ASN206834 (TEAMINTERNET-CA-AS Team Internet AG, DE),
Reverse DNS
Software
Caddy, Caddy /
Resource Hash

Request headers

viewport-width
1600
ect
4g
Referer
https://www.discount.bankoferica.com/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
rtt
100
downlink
10

Response headers

x-view-match
true
accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
accept-ch-lifetime
30
x-custom-track
none
access-control-allow-origin
*
alt-svc
h3=":8443"; ma=2592000
content-length
0
date
Thu, 13 Feb 2025 17:43:51 GMT
content-type
text/html; charset=UTF-8
server
Caddy, Caddy
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=162e4453-ea32-11ef-8dda-0afffadaeb63
Requested by
Host: www.discount.bankoferica.com
URL: https://www.discount.bankoferica.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.29.110.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-29-110-19.compute-1.amazonaws.com
Software
/
Resource Hash
79c99db700af4f3e45113eacd8b480411587a4989bd5c91eea2b0ae3700a6e6a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://www.discount.bankoferica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Thu, 13 Feb 2025 17:43:52 GMT
cfcdab84-dabd-11ed-962d-0ad412f815c1
winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/
Redirect Chain
  • https://ernus-dop.com/zclkredirect?visitid=16114675-ea32-11ef-8dda-0afffadaeb63&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • http://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbdc...
  • https://www.toroexoclk.com/feed/click/?t1=128&tid=926&uid=45&subid=13817081303_bankoferica.com&id=e3f4d15c09e86cc93bcb1c71e00ab2ec:e8b4e324bb69339cc346bbbb9a30ec1f69c5717831565fae43c2298a5d149b2dbd...
  • https://redir.blowingwind.xyz/feed/click/?t1=128&tid=91&uid=59&subid=926_13817081303_bankoferica.com&id=68472143592f7b3265acc334b7af5aeb:f785f0ffb8f077b28b3e3cd01def778904fce82cd963e78bcbb5b93a1812...
  • http://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
  • https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Requested by
Host: ernus-dop.com
URL: https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=162e4453-ea32-11ef-8dda-0afffadaeb63
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
100.29.110.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-100-29-110-19.compute-1.amazonaws.com
Software
/
Resource Hash
d33a937eef6ddeb29082e419977e683b1641d9430b3ca2e89bc9941aaea64c3c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=162e4453-ea32-11ef-8dda-0afffadaeb63
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

access-control-allow-headers
X-Requested-With,Content-Type
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-length
3088
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Thu, 13 Feb 2025 17:43:53 GMT

Redirect headers

Location
https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Non-Authoritative-Reason
HttpsUpgrades
/
user-agent.trafficdecisions.com/okay/
Redirect Chain
  • https://ernus-dop.com/zclkredirect?visitid=16151702-ea32-11ef-9c37-12c8eabf969d&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&gpu=Intel%20Inc.%3B%20Intel...
  • https://so-gre8.net/r/G9Al3phsIuhkY1IWv4IkrEJy-AMGZ_MQBnXVGa5jD3zgPxw2G0a2gj-SSLuZYce3_hnCpKTAp8mE4kcc5fd3yumIMNTbZ1SvnSc2_sOCvlyYljN5VGvuoqQ0gep1kdSUHjFtwTEVZK8N6nyRymcoXl9q6M4-iNoyM3uRdw_IyOpClB8...
  • https://track.routes.name/67aa80f286c63cbf03556b56?sub1=471482&sub2=UNKNOWN&sub3=2868796&sub4=893098&sub5=Verizon+Internet+Services&sub6=desktop&sub7=Chrome&sub8=110&sub9=macos&sub10=osx_ventura&re...
  • https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417
Requested by
Host: winfr-wtc.com
URL: https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa823426cc914665c85ec9a7b6659ba63c1b54400951df146229e74a6521e49a

Request headers

Referer
https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

cf-ray
91169f954a93429a-EWR
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Thu, 13 Feb 2025 17:43:54 GMT
referrer-policy
no-referrer
server
cloudflare
vary
Accept-Encoding

Redirect headers

Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Content-Length,Content-Range
Connection
close
Content-Length
116
Content-Type
text/html; charset=utf-8
Date
Thu, 13 Feb 2025 17:43:54 GMT
Location
https://user-agent.trafficdecisions.com/okay/?d=okay&t=2&cid=67ae2f5adc0bdbef926df417
X-Kong-Proxy-Latency
1
X-Kong-Request-Id
df2cdb1dba31e03a6bd9f6255ba1265e
X-Kong-Upstream-Latency
5
main.js
user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/ Frame 8302
Redirect Chain
  • https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/main.js?
8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/main.js?
Protocol
H2
Server
2606:4700::6812:a88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06af64a6f206bcd17f97612ec1438d894f701df0d6fc4ef4174713dbf61cc723
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer

Response headers

cache-control
max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding
gzip
x-content-type-options
nosniff
cf-ray
91169f966c55429a-EWR
date
Thu, 13 Feb 2025 17:43:54 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
cloudflare

Redirect headers

cache-control
max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/324d0dcf743c/main.js?
cf-ray
91169f962bee429a-EWR
access-control-allow-origin
*
content-length
0
date
Thu, 13 Feb 2025 17:43:54 GMT
vary
Accept-Encoding
server
cloudflare
favicon.ico
user-agent.trafficdecisions.com/ 		0
147 B 		Other
General
Check archive.org
Download Go to
Full URL
https://user-agent.trafficdecisions.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer

Response headers

cache-control
public, max-age=14400
cf-cache-status
HIT
etag
"64502692-0"
age
124
cf-ray
91169f963c09429a-EWR
expires
Thu, 13 Feb 2025 21:43:54 GMT
accept-ranges
bytes
content-length
0
date
Thu, 13 Feb 2025 17:43:54 GMT
content-type
image/x-icon
last-modified
Mon, 01 May 2023 20:52:34 GMT
vary
Accept-Encoding
server
cloudflare
91169f954a93429a
user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.10814697317116853:1739466765:yzPBPXJryR37IzNZoJ2ABKlfVduOftt3OgdtS8qLYbY/ Frame 8302 		0
553 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/jsd/r/0.10814697317116853:1739466765:yzPBPXJryR37IzNZoJ2ABKlfVduOftt3OgdtS8qLYbY/91169f954a93429a
Requested by
Host: user-agent.trafficdecisions.com
URL: https://user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:a88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Content-Type
text/plain;charset=UTF-8
Referer

Response headers

cf-ray
91169f977dad429a-EWR
content-length
0
date
Thu, 13 Feb 2025 17:43:54 GMT
content-type
text/plain; charset=UTF-8
server
cloudflare
/
go.c0nect.com/ 		844 B
841 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.c0nect.com/?t=3&cid=67ae2f5adc0bdbef926df417
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b4a0af5f699b1536a66520f683bfc142ed407d066f7b30728b57b64bcf687d7

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
91169f98b9c5d6ad-IAD
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Thu, 13 Feb 2025 17:43:55 GMT
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
vary
Accept-Encoding
favicon.ico
go.c0nect.com/ 		5 B
160 B 		Other
General
Check archive.org
Download Go to
Full URL
https://go.c0nect.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
54a0e8c17ebb21a11f8a25b8042786ef7efe52441e6cc87e92c67e0c4c0c6e78

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer

Response headers

cf-ray
91169f996c56d6ad-IAD
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
content-length
5
date
Thu, 13 Feb 2025 17:43:55 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
/
go.c0nect.com/ 		427 B
381 B 		Document
General
Check archive.org
Download Go to
Full URL
https://go.c0nect.com/?d=undefined&t=3-post&8s4n53_source=1739468635009&8s4n53_domain=http%3A%2F%2Fthenannyonthemove.com%3Futm_source%3Dgoogle%26cid%3D67ae2f5adc0bdbef926df417
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
91169f9a3f88d6ad-IAD
content-encoding
gzip
content-type
text/html;charset=UTF-8
date
Thu, 13 Feb 2025 17:43:55 GMT
priority
u=0,i
server
cloudflare
server-timing
cfExtPri
vary
Accept-Encoding
/
thenannyonthemove.com/
Redirect Chain
  • http://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
  • https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
593 B
606 B 		Document
General
Check archive.org
Download Go to
Full URL
https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.225.91.73 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Request headers

Referer
https://go.c0nect.com/?d=undefined&t=3-post&8s4n53_source=1739468635009&8s4n53_domain=http%3A%2F%2Fthenannyonthemove.com%3Futm_source%3Dgoogle%26cid%3D67ae2f5adc0bdbef926df417
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 13 Feb 2025 17:43:55 GMT
ETag
W/"63f68860-251"
Last-Modified
Wed, 22 Feb 2023 21:25:52 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

Location
https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
Non-Authoritative-Reason
HttpsUpgrades
favicon.ico
go.c0nect.com/ 		5 B
160 B 		Other
General
Check archive.org
Download Go to
Full URL
https://go.c0nect.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:e0e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer

Response headers

cf-ray
91169f9aa911d6ad-IAD
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
content-length
5
date
Thu, 13 Feb 2025 17:43:55 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
priority
u=1,i
/
domaincntrol.com/ 		34 B
556 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://domaincntrol.com/?orighost=https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
Requested by
Host: thenannyonthemove.com
URL: https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://thenannyonthemove.com/

Response headers

x_details
{"destination":"sedo","orighost":"thenannyonthemove.com","type":"arb","finalurl":"http://ww2.thenannyonthemove.com","browser":"chrome","os":"macOS","country":"US","device":"desktop","isbot":false,"botscore":39}
cf-ray
91169fa09bf34297-EWR
access-control-allow-origin
*
content-length
34
date
Thu, 13 Feb 2025 17:43:56 GMT
content-type
text/javascript;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
favicon.ico
thenannyonthemove.com/ 		593 B
606 B 		Other
General
Check archive.org
Download Go to
Full URL
https://thenannyonthemove.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.225.91.73 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417

Response headers

Transfer-Encoding
chunked
Content-Encoding
gzip
ETag
W/"63f68860-251"
Connection
keep-alive
Date
Thu, 13 Feb 2025 17:43:55 GMT
Content-Type
text/html
Last-Modified
Wed, 22 Feb 2023 21:25:52 GMT
Server
nginx/1.18.0 (Ubuntu)
Primary Request /
ww2.thenannyonthemove.com/
Redirect Chain
  • http://ww2.thenannyonthemove.com/
  • https://ww2.thenannyonthemove.com/
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ww2.thenannyonthemove.com/
Requested by
Host: thenannyonthemove.com
URL: https://thenannyonthemove.com/?utm_source=google&cid=67ae2f5adc0bdbef926df417
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
a206ea5a4c1eecc9c6627403651f4a6a48fb1c8af81d76d4f267ba0100bfff14

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 13 Feb 2025 17:43:58 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Thu, 13 Feb 2025 17:43:56 GMT
pragma
no-cache
server
Parking/1.0
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_jQKAibI23HUcPNAyRBM9JQvBxEZUckcVRQkf7a5wIZCszWrvjzmYTiiwMlfMcQ4Vz/expHC/GTHBM1HxUN8jqg==
x-cache-miss-from
parking-759f8f6b6-zjxkv

Redirect headers

Location
https://ww2.thenannyonthemove.com/
Non-Authoritative-Reason
HttpsUpgrades
js_preloader.gif
ww2.thenannyonthemove.com/img.sedoparking.com/images/ 		0
43 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ww2.thenannyonthemove.com/img.sedoparking.com/images/js_preloader.gif
Requested by
Host: ww2.thenannyonthemove.com
URL: https://ww2.thenannyonthemove.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://ww2.thenannyonthemove.com/

Response headers

date
Thu, 13 Feb 2025 17:43:59 GMT
server
Parking/1.0
content-length
0
tsc.php
ww2.thenannyonthemove.com/search/ 		0
35 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ww2.thenannyonthemove.com/search/tsc.php?ses=ogcnkCrKDLlLBLRn3eEKmjx8DfTUipbGWnxsyZ1aCBkVpowA7mvFF4aqdHbupjLoYAt_onMYXUcDWdFWVYVDlUSrPMBg6RFJnzS4CWUE28pD5kLqBbOtOx91ahIPnRnq3YOP_MCFbf-CwLSbnKGNn9OQPEbPeLwWl8wMMh4fMcOAJx6GFKs-52kd-vL1hx69EQPFl4KELewdeAElaVsinuY4IzNJtI3Kw4JzriPM1Xy2JKajQGp4qxI3jpYF0OzkPTK98XaPD9IknwTcWvaMfr2VwvGl4UBQ0c_Z-dqunC_sNUrkMEOKc-u-P-nV6ADZw-9xeFjsA6UYuGnAyivhBGOnIhK5vdib6j9nADJbw2G7pT2lvqm7vDVJDs1NSI&cv=2
Requested by
Host: ww2.thenannyonthemove.com
URL: https://ww2.thenannyonthemove.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS SEDO GmbH, DE),
Reverse DNS
Software
Parking/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://ww2.thenannyonthemove.com/

Response headers

x-cache-miss-from
parking-759f8f6b6-jwq5r
content-length
0
date
Thu, 13 Feb 2025 17:43:59 GMT
content-type
text/html; charset=UTF-8
server
Parking/1.0
sedo_logo.png
img.sedoparking.com/templates/logos/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://img.sedoparking.com/templates/logos/sedo_logo.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
205.234.175.175 , United States, ASN30081 (CACHENETWORKS, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 1124 /
Resource Hash
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 13_2_1) AppleWebKit/537.3666 (KHTML, like Gecko) Chrome/110.0.0.0.0 Safari/537.3666
Referer
https://ww2.thenannyonthemove.com/

Response headers

x-cf-rand
7.161
x-cf2
H
expires
Thu, 20 Feb 2025 17:43:59 GMT
x-cf1
11696:fS.ewr1:cf:nom:cacheN.ewr1-01:H
date
Thu, 13 Feb 2025 17:43:59 GMT
cf4ttl
31536000.000
content-type
image/png
x-cff
B
last-modified
Mon, 11 Jan 2021 07:44:34 GMT
x-cf-reqid
85d9ec01c851367923a967657cbd4de9
cf4age
2354427
cache-control
max-age=604800
x-cf3
H
accept-ranges
bytes
access-control-allow-origin
*
content-length
15086
x-cfhash
"def00c11b1596db4efee6a9fbe64fc27"
x-cf-tsc
1684184564
server
CFS 1124
redirect.php
ww2.thenannyonthemove.com/search/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ww2.thenannyonthemove.com
URL
https://ww2.thenannyonthemove.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3D%2AM5HGpxxFZs_0&v=MTI0NzY1YWMwMTNhYWNlMDc0NWY3OTVjOGNkOGJmMGIJMQl3dzIudGhlbmFubnlvbnRoZW1vdmUuY29tNjdhZTJmNWNmM2YwODkuNDU3MTExMzIJd3cyLnRoZW5hbm55b250aGVtb3ZlLmNvbTY3YWUyZjVjZjNmMzcwLjcxODk1MjExCTE3Mzk0Njg2MzgJYWRfNjNfMA%3D%3D&l=ogcijK-lD0MnKbV-vJ8TY6Mf_cu1XNjDrg_nhoeGUjc-jFbl94GN3AFUFARuLhusaiZ60W-G5X_V6-Jnb95W2G_98vuGQJxEyBVD6VGUhaEJfBp7pEL4w4V555g_V0838UbGV5jK4d03h1y329wYRLV_Hzpa8S6qwbDaJvYw6sGmdBFU7qcA75_CpcB4LE2w1g9GLoskEPxImnnz6hG0OhGET43YJyAkT6ZAmH0LfJ1jwuAzxbzpwq2Lcx3UrTwlXTUsPhRv0X_I-_l6DsnyEsIJkZP6pZNkhqgFnmuYCM7ds3ni0TrojKjBPkd55j1mpWE81OU7at7-fVaDsAk-sTj1rZmJU-zBdYFjiqrXuADrr6ze9fd3sK-x2XctE_ar9QOsTk0Ms340TueyT6iBYQerEDmPmKr672E-7HSpaABmsU2HINtOKfOsosOa3dFOu_Lw1cllsWeim3XTraPne7gLQtF5M08AXmMRgefk91wcd59jdyeDRiO4N_6-hEjJegY5LvX0ny_Fr0srVvhWBW7GVQL-NfhgOedJC_XqgLTC8bb6s6Zax69CfeXeoHD9BW6JNQ6K0YkJSDpOXsFbqGx-RtfWL2Z_ixXwZBdFNBect-CrM5QPVC7XzJgZYjyhtDBpZljBY_5WjGZgcBvCQ37i8mJnDN24TPoNx8egjtyOLn8qtJk7u9_SWpkul0za5p1ivhV7bNGFvm054mKdHgh7g

Verdicts & Comments Add Verdict or Comment

1 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| request

5 Cookies

Domain/Path Name / Value
.track.routes.name/ Name: redcmps
Value: W3siaWQiOiI2N2FhODBmMjg2YzYzY2JmMDM1NTZiNTYiLCJ0IjoiMjAyNS0wMi0xM1QxNzo0Mzo1NC4wMTY5NjcwNTJaIn1d
.track.routes.name/ Name: redhash
Value: NjdhZTJmNWFkYzBiZGJlZjkyNmRmNDE3fDB8NjdhYTgwZjI4NmM2M2NiZjAzNTU2YjU2fHw3OTZiOTVlOC1jYTAyLTRhNDktYjRkYy1hOGNkZjBjMzA3MzZ8MTczOTQ2ODYzNA==
.trafficdecisions.com/ Name: __cf_bm
Value: L_k_uQl1uh5zkCYc_lQrUbrJTTIPs2z3kBT.Lyk6Lko-1739468634-1.0.1.1-irL0_DHOPlRdakAUK3E1V3BKjU3Y16zSDNiD3wVifRFshDIw0j6uG.mqzyB9nbgDPnTMkDGj6pRDOX3iNCAulA
.trafficdecisions.com/ Name: cf_clearance
Value: mgS8t7QLuzs8uT9LJcXDw7k0vJ08YfUP.bwVo83P5O8-1739468634-1.2.1.1-MT.MjjVgh5kUcratDjz7iOS0hrQy8LXPhhDUosyK6j3DyCCeE0FMKx2lA3jBZ_76mc6Ddr1hvEz64tgxAik5_NQlDw81.q00C9CRXltUa26uuHJ1T6_XblmEK2SmVBh43T5Es0eiCXZBkQWQvvD7vSKJAPaodmVsS2Oe39OYJedk1ebVt6A543l8wkWSl4nIMiM.BkR20E2czAh8Ae2jH.cEDmFfAvhxFwgdkhHwIX70BA6CH9QSvUIywf5XcOmmbBM3lc23ZWytzTal0Jk_U8Belu54rwIORAMsNKaO7G8
.c0nect.com/ Name: __cf_bm
Value: jcR_Q9lMBID0eKgqNW4avTRvweXC3jnfJtdm_k_xKC4-1739468635-1.0.1.1-DezyDb0RPmFaG06uCWuCcGMcGiCWIUwjyLaBGbbja_sA5iim.0SPP8ri7anAPXUZz8vrZsnHYs7Jp5E.Ioqsdw

3 Console Messages

Source Level URL
Text
rendering warning URL: https://ernus-dop.com/zclkvisitor/16114675-ea32-11ef-8dda-0afffadaeb63/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=162e4453-ea32-11ef-8dda-0afffadaeb63
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A010CD00AC100000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering warning URL: https://winfr-wtc.com/zclkvisitor/16151702-ea32-11ef-9c37-12c8eabf969d/cfcdab84-dabd-11ed-962d-0ad412f815c1?campaignid=1625b8d1-ea32-11ef-9c37-12c8eabf969d
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A010CD00AC100000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
network error URL: https://ww2.thenannyonthemove.com/img.sedoparking.com/images/js_preloader.gif
Message:
Failed to load resource: the server responded with a status of 441 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

d38psrni17bvxu.cloudfront.net
domaincntrol.com
ernus-dop.com
go.c0nect.com
img.sedoparking.com
redir.blowingwind.xyz
so-gre8.net
thenannyonthemove.com
track.routes.name
user-agent.trafficdecisions.com
winfr-wtc.com
ww2.thenannyonthemove.com
www.discount.bankoferica.com
www.toroexoclk.com
ww2.thenannyonthemove.com
100.29.110.19
104.247.81.53
104.248.224.96
198.211.113.186
205.234.175.175
2600:9000:28a0:ca00:1d:4618:5c80:21
2606:4700::6812:1b2d
2606:4700::6812:a88
2606:4700::6812:e0e
2a01:4ff:f3:56::1
5.161.89.212
64.190.63.136
64.225.91.73
06af64a6f206bcd17f97612ec1438d894f701df0d6fc4ef4174713dbf61cc723
0b4a0af5f699b1536a66520f683bfc142ed407d066f7b30728b57b64bcf687d7
1ea543e1c0e8e7656a0846a397055ed10469c05c5ab555076f850df0b557d3f9
3750f9c9ce0ce9c6a08380f18ca4071026b94f6b6ce30797050f2248dd70a42f
54a0e8c17ebb21a11f8a25b8042786ef7efe52441e6cc87e92c67e0c4c0c6e78
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30
79c99db700af4f3e45113eacd8b480411587a4989bd5c91eea2b0ae3700a6e6a
95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4
a206ea5a4c1eecc9c6627403651f4a6a48fb1c8af81d76d4f267ba0100bfff14
d33a937eef6ddeb29082e419977e683b1641d9430b3ca2e89bc9941aaea64c3c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fa823426cc914665c85ec9a7b6659ba63c1b54400951df146229e74a6521e49a