www.expedia.ca Open in urlscan Pro
104.126.112.248 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.expiedia.ca/
Effective URL:
https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIREC...
Submission: On March 28 via manual (March 28th 2024, 5:50:12 pm UTC) from CA — Scanned from CA

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 19 domains to perform 20 HTTP transactions. The main IP is 104.126.112.248, located in and belongs to . The main domain is www.expedia.ca.
TLS certificate: Issued by GeoTrust RSA CA 2018 on March 12th 2024. Valid for: 3 months.

This is the only time www.expedia.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	69.162.80.61 69.162.80.61	46475 (LIMESTONE...) (LIMESTONENETWORKS)
4	66.165.243.160 66.165.243.160	29802 (HVC-AS) (HVC-AS)
4	142.251.40.110 142.251.40.110	15169 (GOOGLE) (GOOGLE)
4 6	3.68.5.1 3.68.5.1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.80.72 142.250.80.72	15169 (GOOGLE) (GOOGLE)
1	162.247.243.39 162.247.243.39	54113 (FASTLY) (FASTLY)
1	3.211.43.54 3.211.43.54	14618 (AMAZON-AES) (AMAZON-AES)
1	3.209.177.37 3.209.177.37	14618 (AMAZON-AES) (AMAZON-AES)
1	18.205.42.100 18.205.42.100	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.197.104.62 34.197.104.62	14618 (AMAZON-AES) (AMAZON-AES)
1 1	69.172.200.185 69.172.200.185	19324 (DOSARREST) (DOSARREST)
1 1	52.45.8.64 52.45.8.64	14618 (AMAZON-AES) (AMAZON-AES)
1 1	44.209.27.255 44.209.27.255	() ()
1 1	54.157.157.147 54.157.157.147	() ()
1 1	5.150.170.6 5.150.170.6	() ()
1 1	3.20.93.47 3.20.93.47	() ()
1	104.126.112.248 104.126.112.248	() ()
20	12

2 69.162.80.61 (Dallas, United States) 1 redirects

ASN46475 (LIMESTONENETWORKS, US)
PTR: 61-80-162-69.static.reverse.lstn.net

www.expiedia.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.165.243.160 (Los Angeles, United States)

ASN29802 (HVC-AS, US)
PTR: 66-165-243-160.static.hvvc.us

r.zredirect.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.110 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.68.5.1 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: portal.noctemque.com

clcktrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
discounthero.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.72 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.243.39 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.211.43.54 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-211-43-54.compute-1.amazonaws.com

905trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.209.177.37 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-177-37.compute-1.amazonaws.com

lg.provenpixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.205.42.100 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-205-42-100.compute-1.amazonaws.com

kw-71.717trk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.197.104.62 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-104-62.compute-1.amazonaws.com

conestenation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.172.200.185 (Canada) 1 redirects

ASN19324 (DOSARREST, US)
PTR: maxbounty.com

afflat3a1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.45.8.64 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-8-64.compute-1.amazonaws.com

api.apptap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.209.27.255 (None, ) 1 redirects

ASN- ()

clk.omgt4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.157.157.147 (None, ) 1 redirects

ASN- ()

track.omguk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 5.150.170.6 (None, ) 1 redirects

ASN- ()

prf.hn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.20.93.47 (None, ) 1 redirects

ASN- ()

r.bttn.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.126.112.248 (None, )

ASN- ()

www.expedia.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	clcktrck.com 2 redirects clcktrck.com — Cisco Umbrella Rank: 220506	24 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34	21 KB
4	zredirect.com r.zredirect.com	11 KB
2	discounthero.org 2 redirects discounthero.org — Cisco Umbrella Rank: 321541	692 B
2	conestenation.com 1 redirects conestenation.com	2 KB
2	expiedia.ca 1 redirects www.expiedia.ca	994 B
1	expedia.ca www.expedia.ca
1	bttn.io 1 redirects r.bttn.io	599 B
1	prf.hn 1 redirects prf.hn	1016 B
1	omguk.com 1 redirects track.omguk.com	879 B
1	omgt4.com 1 redirects clk.omgt4.com	135 B
1	apptap.com 1 redirects api.apptap.com — Cisco Umbrella Rank: 840930	521 B
1	afflat3a1.com 1 redirects afflat3a1.com — Cisco Umbrella Rank: 713778	713 B
1	717trk.com kw-71.717trk.com	633 B
1	provenpixel.com lg.provenpixel.com — Cisco Umbrella Rank: 147024	1 KB
1	905trk.com 905trk.com — Cisco Umbrella Rank: 766916	1 KB
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 636	32 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 42	90 KB
0	nr-data.net Failed bam.eu01.nr-data.net Failed
20	19

	Domain	Requested by
4	clcktrck.com	2 redirects r.zredirect.com
4	www.google-analytics.com	r.zredirect.com www.google-analytics.com www.googletagmanager.com
4	r.zredirect.com	www.expiedia.ca r.zredirect.com
2	discounthero.org	2 redirects
2	conestenation.com	1 redirects kw-71.717trk.com
2	www.expiedia.ca	1 redirects
1	www.expedia.ca	www.expedia.ca
1	r.bttn.io	1 redirects
1	prf.hn	1 redirects
1	track.omguk.com	1 redirects
1	clk.omgt4.com	1 redirects
1	api.apptap.com	1 redirects
1	afflat3a1.com	1 redirects
1	kw-71.717trk.com	lg.provenpixel.com
1	lg.provenpixel.com	905trk.com
1	905trk.com
1	js-agent.newrelic.com	clcktrck.com
1	www.googletagmanager.com	www.google-analytics.com
0	bam.eu01.nr-data.net Failed	clcktrck.com
20	19

This site contains no links.

Subject Issuer	Validity	Valid
expiedia.ca R3	`2024-02-09` - `2024-05-09`	3 months	crt.sh
zredirect.com R3	`2024-03-10` - `2024-06-08`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
clcktrck.com R3	`2024-02-26` - `2024-05-26`	3 months	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2024 Q1	`2024-03-21` - `2025-04-22`	a year	crt.sh
905trk.com Go Daddy Secure Certificate Authority - G2	`2023-12-04` - `2025-01-04`	a year	crt.sh
*.provenpixel.com Go Daddy Secure Certificate Authority - G2	`2024-02-24` - `2025-03-27`	a year	crt.sh
*.717trk.com Go Daddy Secure Certificate Authority - G2	`2023-06-08` - `2024-06-07`	a year	crt.sh
conestenation.com R3	`2024-03-19` - `2024-06-17`	3 months	crt.sh
www.expedia.com GeoTrust RSA CA 2018	`2024-03-12` - `2024-06-20`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K
Frame ID: 5A6656043C7BE92928D323609ACF452F
Requests: 14 HTTP requests in this frame

Frame: https://r.zredirect.com/go?e=NA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV
Frame ID: 43EBB4AE8A522679763D61B06E373082
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.expiedia.ca/ Page URL
https://www.expiedia.ca/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MT... HTTP 302
https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb95... Page URL
https://clcktrck.com/ca/s/red_u_plain.php?t=direct&s=22140&d=expedia.ca&pub=22140&addedParams=tru... HTTP 302
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6... Page URL
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6... HTTP 302
https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fk... Page URL
https://lg.provenpixel.com/_x012e/plp.php?sigd=1600_1113_750_570_0_800_600.67d3e5.sb2k7u&zoneid=7869&fa... Page URL
https://kw-71.717trk.com/_x012e/trk/?s4428df7582d8af1&sig=718bfd.sb2k7u&u=https%3A%2F%2Fconestenation... Page URL
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b?subid=s4428df7582d8af1&Device=Mozilla%2... HTTP 307
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla... Page URL
https://afflat3a1.com/trk/lnk/FBBDCAAA-7B7C-48D6-8264-C39E3AB6733F/?o=26486&c=918271&a=312015&k=5F... HTTP 302
https://api.apptap.com/link/buy/android/tile.expedia.ca/e1?clinkID=xKX184O9j-Rqc0-b8v8KSvfnY7lzOimR... HTTP 302
https://discounthero.org/ca/s/red_u_plain.php?sub=ONPTKYLCMF2UK3DPORXHGT2VMF3XUNKMIRATU2TPLF2S2MSZ&s=... HTTP 302
https://discounthero.org/3340b07f6352b061e0908fa0e76668dc/1b744f1e5150c4bc8b49a513a91d23efc8aa9fc0155... HTTP 302
https://clk.omgt4.com/?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8b... HTTP 301
https://track.omguk.com/c?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8... HTTP 302
https://prf.hn/click/?camref=1101lpE53&adref=2342378&pubref=1c60bd9d62004a6b910d7bd6e646c5b... HTTP 302
https://r.bttn.io/?btn_ref=org-4250020ab4443b4b&btn_reach_pub=1011l251689&btn_reach_pub_name=o... HTTP 302
https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

20
Requests

90 %
HTTPS

0 %
IPv6

19
Domains

19
Subdomains

12
IPs

3
Countries

182 kB
Transfer

686 kB
Size

15
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.expiedia.ca/ Page URL
https://www.expiedia.ca/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxMTY1NTQwNSwiaWF0IjoxNzExNjQ4MjA1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjBmdHVhdG5xNHNraDc0ZG8waTZjdTIiLCJuYmYiOjE3MTE2NDgyMDUsInRzIjoxNzExNjQ4MjA1MzczNzczfQ.XD2y_AGS69eagYEX4jX2tM7EVx4d6O1SBKoIxuEOWOE&sid=9c1eae70-ed2b-11ee-90c8-87f5f0d334ea HTTP 302
https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e Page URL
https://clcktrck.com/ca/s/red_u_plain.php?t=direct&s=22140&d=expedia.ca&pub=22140&addedParams=true&sub=j3BvtxsmImMexFBVWQXajwZbDaEdRJqaWlK1qTsyDmL7gQrs5UWwcRsyVvE8IPstqmp0uRsmclL8AUqvqmpdZTsmEUM9gxXskaLWM0Zu13MdRTq&uid=d7f3734fb954c1de8da0a77869fc558e HTTP 302
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f Page URL
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f?&m=1 HTTP 302
https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c Page URL
https://lg.provenpixel.com/_x012e/plp.php?sigd=1600_1113_750_570_0_800_600.67d3e5.sb2k7u&zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c Page URL
https://kw-71.717trk.com/_x012e/trk/?s4428df7582d8af1&sig=718bfd.sb2k7u&u=https%3A%2F%2Fconestenation.com%2Fcbd5f43e-ec3f-4834-b970-392d95ce996b%3Fsubid%3Ds4428df7582d8af1%26Device%3DMozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%2529%2520AppleWebKit%252F537.36%2520%2528KHTML%252C%2520like%2520Gecko%2529%2520Chrome%252F123.0.0.0%2520Safari%252F537.36%26random%3Dju11ed629b%26type%3D4%26cost%3D0.06%26clickid%3DcIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%252BaDkAqTcHPak%252F%252FaK3iw4Uf3hR9Qde41 Page URL
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41 HTTP 307
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41 Page URL
https://afflat3a1.com/trk/lnk/FBBDCAAA-7B7C-48D6-8264-C39E3AB6733F/?o=26486&c=918271&a=312015&k=5F6C6251B59F14A34301963C9F6129CA&l=28093&s2=wfci5nuf1hn2ph603fdnn3ao HTTP 302
https://api.apptap.com/link/buy/android/tile.expedia.ca/e1?clinkID=xKX184O9j-Rqc0-b8v8KSvfnY7lzOimRlIQziLh7K4P4-7Kcnyw&pubID=m_z28oe4juhSblfVz_00X_zw&siteID=m_y_&placementID=312015&trackingID=1471439206&partnerCampaignID=26486&loc.country=%7B%7D HTTP 302
https://discounthero.org/ca/s/red_u_plain.php?sub=ONPTKYLCMF2UK3DPORXHGT2VMF3XUNKMIRATU2TPLF2S2MSZ&s=2727&t=direct&d=https%3A%2F%2Fwww.expedia.ca%2F&pub=ATd6h246uytw5c6adubyvxe6mj0 HTTP 302
https://discounthero.org/3340b07f6352b061e0908fa0e76668dc/1b744f1e5150c4bc8b49a513a91d23efc8aa9fc01553dc5853e7c3b83e098efaf65b10723ae20e9118105cabab5aef069e6026f73feb47287a4067fb100e1497d352db540e4cdf2587d7334fd3663f2e07535038459e3693447b0892f3f7ed8c2f467ccade79229b10ad266abb0a591b HTTP 302
https://clk.omgt4.com/?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8b94ec647e282835255bcb0 HTTP 301
https://track.omguk.com/c?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8b94ec647e282835255bcb0 HTTP 302
https://prf.hn/click/?camref=1101lpE53&adref=2342378&pubref=1c60bd9d62004a6b910d7bd6e646c5bf&destination=https%3A%2F%2Fwww.expedia.ca%2F HTTP 302
https://r.bttn.io/?btn_ref=org-4250020ab4443b4b&btn_reach_pub=1011l251689&btn_reach_pub_name=optimisemediameapteltd-vfyp&btn_mobile_url=https%3A%2F%2Fwww.expedia.ca%2F%3Fclickref%3D1100lyonmo7K%26affcid%3DCA.DIRECT.PHG.1011l251689.0%26ref_id%3D1100lyonmo7K%26my_ad%3DAFF.CA.DIRECT.PHG.1011l251689.0%26afflid%3D1100lyonmo7K&btn_network_ref=1100lyonmo7K&btn_url=https%3A%2F%2Fwww.expedia.ca%2F%3Fclickref%3D1100lyonmo7K%26affcid%3DCA.DIRECT.PHG.1011l251689.0%26ref_id%3D1100lyonmo7K%26my_ad%3DAFF.CA.DIRECT.PHG.1011l251689.0%26afflid%3D1100lyonmo7K&original_destination=https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K HTTP 302
https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://www.expiedia.ca/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxMTY1NTQwNSwiaWF0IjoxNzExNjQ4MjA1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjBmdHVhdG5xNHNraDc0ZG8waTZjdTIiLCJuYmYiOjE3MTE2NDgyMDUsInRzIjoxNzExNjQ4MjA1MzczNzczfQ.XD2y_AGS69eagYEX4jX2tM7EVx4d6O1SBKoIxuEOWOE&sid=9c1eae70-ed2b-11ee-90c8-87f5f0d334ea HTTP 302
https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e

Request Chain 8

https://clcktrck.com/ca/s/red_u_plain.php?t=direct&s=22140&d=expedia.ca&pub=22140&addedParams=true&sub=j3BvtxsmImMexFBVWQXajwZbDaEdRJqaWlK1qTsyDmL7gQrs5UWwcRsyVvE8IPstqmp0uRsmclL8AUqvqmpdZTsmEUM9gxXskaLWM0Zu13MdRTq&uid=d7f3734fb954c1de8da0a77869fc558e HTTP 302
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f

Request Chain 12

https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f?&m=1 HTTP 302
https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c

Request Chain 17

https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41 HTTP 307
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
www.expiedia.ca/ 477 B
754 B 237ms
62ms Document
text/html 69.162.80.61
LIMESTONENETWORKS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.expiedia.ca/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 69.162.80.61 Dallas, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS: 61-80-162-69.static.reverse.lstn.net
Software: Cowboy /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 477
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 17:50:05 GMT
server: Cowboy

GET
H/1.1

200
OK

redirect Show response
r.zredirect.com/
Redirect Chain

https://www.expiedia.ca/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTcxMTY1NTQwNSwiaWF0IjoxNzExNjQ4MjA1LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIydjBmdHVhdG5xNHNraDc0ZG8...
https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e

836 B
1 KB

503ms
87ms

Document
text/html

66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
Requested by: Host: www.expiedia.ca
URL: https://www.expiedia.ca/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.23.3 / PHP/8.1.13
Resource Hash: c3c58daf47bcfa54db9d3da22428875d0d815960d71e2e42b5faef2044d9ce9a

Request headers

Referer: https://www.expiedia.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"
sec-ch-ua-platform-version: "10.0.0"

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Mar 2024 17:50:06 GMT
Server: nginx/1.23.3
Transfer-Encoding: chunked
X-Powered-By: PHP/8.1.13

Redirect headers

cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Thu, 28 Mar 2024 17:50:06 GMT
location: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
server: Cowboy

GET
H/1.1 200
OK adren.css
r.zredirect.com/css/ 243 B
479 B 90ms
89ms Stylesheet
text/css 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://r.zredirect.com/css/adren.css?n=3473411906
Requested by: Host: r.zredirect.com
URL: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.23.3 /
Resource Hash: e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 17:50:06 GMT
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Server: nginx/1.23.3
ETag: "60dff9aa-f3"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 243

GET
H/1.1 200
OK adren.min.js Show response
r.zredirect.com/js/ 7 KB
8 KB 177ms
85ms Script
application/javascript 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://r.zredirect.com/js/adren.min.js?n=3473411906
Requested by: Host: r.zredirect.com
URL: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.23.3 /
Resource Hash: 55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Thu, 28 Mar 2024 17:50:06 GMT
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Server: nginx/1.23.3
ETag: "60dff9aa-1d68"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7528

GET
H/1.1 200
OK go Show response
r.zredirect.com/ Frame 43EB 1 KB
2 KB 88ms
87ms Document
text/html 66.165.243.160
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://r.zredirect.com/go?e=NA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV
Requested by: Host: r.zredirect.com
URL: https://r.zredirect.com/js/adren.min.js?n=3473411906
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server: 66.165.243.160 Los Angeles, United States, ASN29802 (HVC-AS, US),
Reverse DNS: 66-165-243-160.static.hvvc.us
Software: nginx/1.23.3 / PHP/8.1.13
Resource Hash: bc52813b55b80d515dfca6e58feec955169d4f965fb81b65e09f7b63256bcfdc

Request headers

Referer: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 28 Mar 2024 17:50:06 GMT
Server: nginx/1.23.3
Transfer-Encoding: chunked
X-Powered-By: PHP/8.1.13

GET
H2 200 analytics.js
www.google-analytics.com/ Frame 43EB 52 KB
21 KB 107ms
31ms Script
text/javascript 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: r.zredirect.com
URL: https://r.zredirect.com/go?e=NA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 28 Mar 2024 15:51:49 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 7098
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 28 Mar 2024 17:51:49 GMT

POST
H2 200 collect
www.google-analytics.com/j/ Frame 43EB 15 B
159 B 47ms
46ms XHR
text/plain 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=360930872&t=pageview&_s=1&dl=https%3A%2F%2Fr.zredirect.com%2Fgo%3Fe%3DNA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=IEBAAEABAAAAACAAI~&jid=2060422946&gjid=56763608&cid=2146564221.1711648207&tid=UA-32454353-1&_gid=1983308377.1711648207&_r=1&_slc=1&z=1873137107

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform: "Win32"
Referer: https://r.zredirect.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 28 Mar 2024 17:50:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.zredirect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ Frame 43EB 35 B
194 B 31ms
31ms Image
image/gif 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=360930872&t=pageview&_s=2&dl=https%3A%2F%2Fr.zredirect.com%2Fgo%3Fe%3DNA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=800x600&vp=1600x1113&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2146564221.1711648207&tid=UA-32454353-1&_gid=1983308377.1711648207&cd1=LJA8L29hsUk8sTSwsTAioak8sUj%3D&z=1388429980

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.110 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s79-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 28 Mar 2024 04:24:08 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 48359
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2

200

d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4... Show response
clcktrck.com/3340b07f6352b061e0908fa0e76668dc/
Redirect Chain

https://clcktrck.com/ca/s/red_u_plain.php?t=direct&s=22140&d=expedia.ca&pub=22140&addedParams=true&sub=j3BvtxsmImMexFBVWQXajwZbDaEdRJqaWlK1qTsyDmL7gQrs5UWwcRsyVvE8IPstqmp0uRsmclL8AUqvqmpdZTsmEUM9gx...
https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0e...

60 KB
23 KB

443ms
443ms

Document
text/html

3.68.5.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f
Requested by: Host: r.zredirect.com
URL: https://r.zredirect.com/go?e=NA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.68.5.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: portal.noctemque.com
Software: nginx /
Resource Hash: 8dfdcbaa5ad9eb2d3e5220ab082d7aea4b446d8fd4cc5c102dad599de6f0a003

Request headers

Referer: https://r.zredirect.com/redirect?redirect_id=7d7a67efed70ed6df1b3ccb176275e6a&request_id=d7f3734fb954c1de8da0a77869fc558e
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 17:50:07 GMT
expires: Thu, 1 Jan 1970 00:00:00 GMT
pragma: no-cache
referrer-policy: origin
server: nginx
vary: Accept-Encoding

Redirect headers

cache-control: no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 17:50:07 GMT
expires: Thu, 1 Jan 1970 00:00:00 GMT
location: https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f
pragma: no-cache
referrer-policy: origin
server: nginx

GET
H2 200 js
www.googletagmanager.com/gtag/ Frame 43EB 251 KB
90 KB 148ms
73ms Script
application/javascript 142.250.80.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.72 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Thu, 28 Mar 2024 17:50:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 91745
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 28 Mar 2024 17:50:07 GMT

POST
H3 204 collect
www.google-analytics.com/g/ Frame 43EB 0
17 B 48ms
47ms Ping
text/plain 142.251.40.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-TG55WX34R2&gtm=45je43p0v9114755507za200&_p=1711648207141&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-us&sr=800x600&cid=2146564221.1711648207&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B123.0.6312.86%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.86&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=ABAI&_s=1&dl=https%3A%2F%2Fr.zredirect.com%2Fgo%3Fe%3DNA-pFFutvVvglB8WTsYAvCdfQCt1aq8y0X2MlLeLUqVcFW0VzsmcPMe4Qst1KW50Gr_xUCuHFA80KL0SJsuqvCetvVvkaqajGs-ZvC8uPrYcFL9cQsyDGL8gQAtgFWexGr_xaCutFBsImqkgxs6p2E1VJAvgaCaZTA21GCeLKC5faC9ymrXgvEuHPss13F89SsyDUM8AaX-bFLRu2Z_pPEmV3XTEwLwbHVyLFL55QL80KX99SA78SMefwXW13pjA2Xy0KBe4Qruk3F91GsyR3BeLaXWclB4u0X2MFLefwVu1aBefxXvyaLuHPquk3pj5QAu1aFlZ3KWkKW0gHr_VPn1pKrtgvV&sid=1711648207&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=536
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TG55WX34R2&cx=c&_slc=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.110 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga25s79-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://r.zredirect.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 28 Mar 2024 17:50:07 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://r.zredirect.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 nr-spa-1.253.0.min.js
js-agent.newrelic.com/ 99 KB
32 KB 76ms
21ms Script
application/javascript 162.247.243.39
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1.253.0.min.js

Requested by

Host: clcktrck.com
URL: https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.247.243.39 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://clcktrck.com/
Origin: https://clcktrck.com
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fCBpomkNr2k.mGTnq1v.Ze6YZpq.zil8
content-encoding: br
via: 1.1 varnish
date: Thu, 28 Mar 2024 17:50:08 GMT
strict-transport-security: max-age=300
x-amz-request-id: 75B21ZPW4EQHMSAZ
x-amz-server-side-encryption: AES256
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 32390
x-amz-id-2: dP8iUhefodoIs0lMottZKMwV4Xpo/LK/u3zrYYPdlFpb2ewr6Q1jXIU5REzhujscRsvwaBGzD0Q=
x-served-by: cache-yyz4546-YYZ
last-modified: Wed, 13 Mar 2024 21:07:25 GMT
server: AmazonS3
etag: "4a6ecb6da3c4e819773b0e3331ff5e7a"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=86400, stale-if-error=86400
accept-ranges: bytes
x-cache-hits: 6441

GET
H2

200

plp.php
905trk.com/
Redirect Chain

https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0e...
https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia...

2 KB
1 KB

151ms
41ms

Document
text/html

3.211.43.54
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.211.43.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-211-43-54.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache no-store must-revalidate proxy-revalidate
content-encoding: gzip
content-length: 1139
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 17:50:08 GMT
expires: 0
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: nginx
vary: Accept-Encoding

Redirect headers

cache-control: no-cache, private max-age=0, no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 17:50:08 GMT
expires: Thu, 1 Jan 1970 00:00:00 GMT
location: https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c
pragma: no-cache
referrer-policy: origin
server: nginx

GET
H2 200 favicon.ico
clcktrck.com/ 0
158 B 120ms
120ms Other
image/x-icon 3.68.5.1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://clcktrck.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.68.5.1 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: portal.noctemque.com
Software: nginx /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://clcktrck.com/
accept-language: en-CA,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Thu, 28 Mar 2024 17:50:08 GMT
server: nginx
content-type: image/x-icon
cache-control: max-age=0, no-cache, no-store, must-revalidate
accept-ranges: bytes
content-length: 0
expires: Thu, 1 Jan 1970 00:00:00 GMT

POST NRJS-f9fc585c87dfd7b0710
bam.eu01.nr-data.net/1/ 0
0

GET
H2 200 plp.php
lg.provenpixel.com/_x012e/ 1 KB
1 KB 331ms
246ms Document
text/html 3.209.177.37
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://lg.provenpixel.com/_x012e/plp.php?sigd=1600_1113_750_570_0_800_600.67d3e5.sb2k7u&zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c
Requested by: Host: 905trk.com
URL: https://905trk.com/plp.php?zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.209.177.37 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-209-177-37.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://905trk.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-cache no-store must-revalidate proxy-revalidate
content-encoding: gzip
content-length: 544
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 17:50:08 GMT
expires: 0
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
server: nginx
vary: Accept-Encoding

GET
H2 200 /
kw-71.717trk.com/_x012e/trk/ 1 KB
633 B 131ms
38ms Document
text/html 18.205.42.100
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://kw-71.717trk.com/_x012e/trk/?s4428df7582d8af1&sig=718bfd.sb2k7u&u=https%3A%2F%2Fconestenation.com%2Fcbd5f43e-ec3f-4834-b970-392d95ce996b%3Fsubid%3Ds4428df7582d8af1%26Device%3DMozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%2529%2520AppleWebKit%252F537.36%2520%2528KHTML%252C%2520like%2520Gecko%2529%2520Chrome%252F123.0.0.0%2520Safari%252F537.36%26random%3Dju11ed629b%26type%3D4%26cost%3D0.06%26clickid%3DcIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%252BaDkAqTcHPak%252F%252FaK3iw4Uf3hR9Qde41
Requested by: Host: lg.provenpixel.com
URL: https://lg.provenpixel.com/_x012e/plp.php?sigd=1600_1113_750_570_0_800_600.67d3e5.sb2k7u&zoneid=7869&fallback=https%3A%2F%2Fclcktrck.com%2Fca%2Fskptn.php%3Fkey%3DeyJpdiI6IjdjL1hyYnZxanNjNWFyeU1Idm1CSHc9PSIsInZhbHVlIjoidFFLWUlxUldqYmhyV0tNbEkyeUNDOXk4R2R4SWFia0diWnVCNENIMjUwTjRyaWh4VkdGQmo2Z3cyRWpDTnV5NXYwSURKMUk5TnpROTZYMEx0QnFhNzg3aGxzZ21heTlnQy85cHZKOWIxTjBJaE43aGtMK2NVaWMzODMzWEIwOVUiLCJtYWMiOiI1YWE1YTI3MjdhYzA1MzU5YTEzOTVmZTVmNDNkYzIyOTM0NWU2MjRmNmM3YWZmMWExYmFiODgxZjA2YWFmYmI4In0%253D&oadest=https%3A%2F%2Fexpedia.ca&clickid=3e630ddd78df9dfe368d8cc0be9c888e&x_pid3=s8UIOP51_s8UIOP51_EVQJDp9c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.205.42.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-205-42-100.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Referer: https://lg.provenpixel.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-length: 501
content-type: text/html; charset=UTF-8
date: Thu, 28 Mar 2024 17:50:08 GMT
referrer-policy: no-referrer
server: nginx
vary: Accept-Encoding

GET
H2

200

2 Show response
conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/
Redirect Chain

https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20lik...
https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20l...

422 B
980 B

38ms
38ms

Document
text/html

34.197.104.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41
Requested by: Host: kw-71.717trk.com
URL: https://kw-71.717trk.com/_x012e/trk/?s4428df7582d8af1&sig=718bfd.sb2k7u&u=https%3A%2F%2Fconestenation.com%2Fcbd5f43e-ec3f-4834-b970-392d95ce996b%3Fsubid%3Ds4428df7582d8af1%26Device%3DMozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%2529%2520AppleWebKit%252F537.36%2520%2528KHTML%252C%2520like%2520Gecko%2529%2520Chrome%252F123.0.0.0%2520Safari%252F537.36%26random%3Dju11ed629b%26type%3D4%26cost%3D0.06%26clickid%3DcIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%252BaDkAqTcHPak%252F%252FaK3iw4Uf3hR9Qde41
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.197.104.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-104-62.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 7e3d10b666d419ba9ac12cdcb6e32ff385f91fa722ecd7ce541b8d676d5c18c0

Request headers

Referer: https://kw-71.717trk.com/_x012e/trk/?s4428df7582d8af1&sig=718bfd.sb2k7u&u=https%3A%2F%2Fconestenation.com%2Fcbd5f43e-ec3f-4834-b970-392d95ce996b%3Fsubid%3Ds4428df7582d8af1%26Device%3DMozilla%252F5.0%2520%2528Windows%2520NT%252010.0%253B%2520Win64%253B%2520x64%2529%2520AppleWebKit%252F537.36%2520%2528KHTML%252C%2520like%2520Gecko%2529%2520Chrome%252F123.0.0.0%2520Safari%252F537.36%26random%3Dju11ed629b%26type%3D4%26cost%3D0.06%26clickid%3DcIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%252BaDkAqTcHPak%252F%252FaK3iw4Uf3hR9Qde41
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, pre-check=0, post-check=0
content-type: text/html;charset=UTF-8
date: Thu, 28 Mar 2024 17:50:09 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
server: nginx

Redirect headers

accept-ch: sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-full-version-list,sec-ch-ua-full-version,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-length: 0
date: Thu, 28 Mar 2024 17:50:08 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41
pragma: no-cache
server: nginx

GET
H2

429

Primary Request /
www.expedia.ca/
Redirect Chain

https://afflat3a1.com/trk/lnk/FBBDCAAA-7B7C-48D6-8264-C39E3AB6733F/?o=26486&c=918271&a=312015&k=5F6C6251B59F14A34301963C9F6129CA&l=28093&s2=wfci5nuf1hn2ph603fdnn3ao
https://api.apptap.com/link/buy/android/tile.expedia.ca/e1?clinkID=xKX184O9j-Rqc0-b8v8KSvfnY7lzOimRlIQziLh7K4P4-7Kcnyw&pubID=m_z28oe4juhSblfVz_00X_zw&siteID=m_y_&placementID=312015&trackingID=14714...
https://discounthero.org/ca/s/red_u_plain.php?sub=ONPTKYLCMF2UK3DPORXHGT2VMF3XUNKMIRATU2TPLF2S2MSZ&s=2727&t=direct&d=https%3A%2F%2Fwww.expedia.ca%2F&pub=ATd6h246uytw5c6adubyvxe6mj0
https://discounthero.org/3340b07f6352b061e0908fa0e76668dc/1b744f1e5150c4bc8b49a513a91d23efc8aa9fc01553dc5853e7c3b83e098efaf65b10723ae20e9118105cabab5aef069e6026f73feb47287a4067fb100e1497d352db540e4...
https://clk.omgt4.com/?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8b94ec647e282835255bcb0
https://track.omguk.com/c?PID=52775&AID=2342378&UID=7c445b77b8b94ec647e282835255bcb0&UID2=7c445b77b8b94ec647e282835255bcb0
https://prf.hn/click/?camref=1101lpE53&adref=2342378&pubref=1c60bd9d62004a6b910d7bd6e646c5bf&destination=https%3A%2F%2Fwww.expedia.ca%2F
https://r.bttn.io/?btn_ref=org-4250020ab4443b4b&btn_reach_pub=1011l251689&btn_reach_pub_name=optimisemediameapteltd-vfyp&btn_mobile_url=https%3A%2F%2Fwww.expedia.ca%2F%3Fclickref%3D1100lyonmo7K%26a...
https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K

209 KB
0

335ms
219ms

Document
text/html

104.126.112.248

General

Check archive.org

Show headers Download Go to

Full URL

https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.126.112.248 -, , ASN (),

Reverse DNS

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=7776000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://conestenation.com/cbd5f43e-ec3f-4834-b970-392d95ce996b/2?subid=s4428df7582d8af1&Device=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F123.0.0.0%20Safari%2F537.36&random=ju11ed629b&type=4&cost=0.06&clickid=cIqgOUCLycDtjmlJYLYliL3zBG7VR8ZnHV7CuzU7qvAnUFMBCddrkY3C6sQRdRUuzSRulXheg6cj8CbZ%2BaDkAqTcHPak%2F%2FaK3iw4Uf3hR9Qde41
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-CA,en;q=0.9
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

akamai-expedia-global-grn: 0.07747e68.1711648212.1102493
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-language: en-CA
content-length: 35649
content-security-policy: frame-ancestors 'self'
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 17:50:12 GMT
server: istio-envoy
strict-transport-security: max-age=7776000; includeSubDomains;
trace-id: 97482a9b-0554-47ad-9ac9-ae8c3bafc9c9
vary: accept-encoding
x-app-info: captcha-pwa,2c639708f6003f8450bdfdd56b101e51c9b7d0a5
x-b3-traceid: 97482a9b055447ad9ac9ae8c3bafc9c9
x-cgp-info: noJvmRouteSet;a04fe0bb-ed2b-11ee-896e-024211497862
x-content-type-options: nosniff
x-download-options: noopen
x-envoy-upstream-service-time: 8
x-frame-options: SAMEORIGIN
x-page-id: arkose-challenge
x-permitted-cross-domain-policies: none
x-xss-protection: 1

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 379
content-type: text/html; charset=utf-8
date: Thu, 28 Mar 2024 17:50:12 GMT
expires: 0
location: https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K
pragma: no-cache
x-button-request: req-clubj5h3w0a4x0slccbox9xlr
x-robots-tag: noindex

GET logo.svg
www.expedia.ca/_dms/header/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: bam.eu01.nr-data.net
URL: https://bam.eu01.nr-data.net/1/NRJS-f9fc585c87dfd7b0710?a=431133262&v=1.253.0&to=MhBSZQoZXhYCARBQWAtacVIMEV8LTBcKUlkKAl4%3D&rst=1020&ck=0&s=c916b19f7da825a2&ref=https://clcktrck.com/3340b07f6352b061e0908fa0e76668dc/d53c39e58c4a8980dfcf5cef36c7f1786d2302ea2a6965b6722f4cb62e9d13235b9672aba042a9e7b579b633ddbe822b7813eee32a804c5a40ffbcdea3e34056dc4a5fd9703dd0ee001693da33547e3a68109e7c257178266f0ddf74a91138dc941c4127befb22340003c8618310ee7f&hr=0&af=err,xhr,stn,ins,spa&ap=6&be=826&fe=43&dc=40&at=HldRE0IDTRg%3D&fsh=1&perf=%7B%22timing%22:%7B%22of%22:1711648207128,%22n%22:0,%22r%22:3,%22re%22:383,%22f%22:383,%22dn%22:383,%22dne%22:383,%22c%22:383,%22s%22:383,%22ce%22:383,%22rq%22:384,%22rp%22:827,%22rpe%22:827,%22di%22:866,%22ds%22:866,%22de%22:866,%22dc%22:867,%22l%22:867,%22le%22:869%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=883&fcp=883

Domain: www.expedia.ca
URL: https://www.expedia.ca/_dms/header/logo.svg?locale=en_CA&siteid=undefined

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.expiedia.ca/	1970-01-21 05:03:28	Name: sid Value: 9c1eae70-ed2b-11ee-90c8-87f5f0d334ea
r.zredirect.com/	1970-01-20 19:28:54	Name: uuid Value: 818113099669018624
.zredirect.com/	1970-01-21 05:03:28	Name: _ga Value: GA1.2.2146564221.1711648207
.zredirect.com/	1970-01-20 19:28:54	Name: _gid Value: GA1.2.1983308377.1711648207
.zredirect.com/	1970-01-20 19:27:28	Name: _gat Value: 1
.zredirect.com/	1970-01-21 05:03:28	Name: _ga_TG55WX34R2 Value: GS1.2.1711648207.1.1.1711648207.0.0.0
.provenpixel.com/	1970-01-21 04:13:04	Name: pxid Value: 00043978-65fc83b6-b2f9d687-141e2b408419
.provenpixel.com/	1970-01-21 04:13:04	Name: pxDC Value: 8cf7eJyrVjI0MjYzNFeyMjQ3NDQzsTAysKgFADKiBLE%3D
.provenpixel.com/	1970-01-21 04:13:04	Name: pxLBI Value: e88beJyrVkrKTPFMUbJSMjMzME1MSTHQTUlNMtI1SUtN1E1KMbTUNTI0NDFLNku0sDA0MLA0UtJRSgRrMDQyNjM0rwUATjQRFg%3D%3D
.provenpixel.com/	1970-01-21 04:13:04	Name: OXLCA Value: 123617.sb2k7k-7869
.conestenation.com/	1970-01-20 19:28:54	Name: cbd5f43e-ec3f-4834-b970-392d95ce996b-v4 Value: eO4YjI0vI63Wq6nbybmDPHv4XrEqnwUJX1D1kCIc_oY
.conestenation.com/	1970-01-21 04:13:04	Name: cc-v4 Value: y3Ff3ROGaSj%2B5VnzQfobSf6dwfoS%2B540TYfTpUBk%2BgYoVIPm5ZhGHMIm6JOfmeZj1d4Wc3UwoAGvp7fJBPVv%2BeDiz3cSHvOWfghoMcQdtQvfI4RgKSiEbzWveDa4PsUV20fVBKI7zEn894ck%2FEma4Q%3D%3D
afflat3a1.com/	1970-01-21 05:03:28	Name: I Value: 1471439206
.apptap.com/	1970-01-21 05:03:28	Name: apt Value: b8d659cb35964a029bb0363885367642
.apptap.com/	1969-12-31 23:59:59	Name: fv Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.expedia.ca/?clickref=1100lyonmo7K&affcid=CA.DIRECT.PHG.1011l251689.0&ref_id=1100lyonmo7K&my_ad=AFF.CA.DIRECT.PHG.1011l251689.0&afflid=1100lyonmo7K Message: Failed to load resource: the server responded with a status of 429 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

905trk.com
afflat3a1.com
api.apptap.com
bam.eu01.nr-data.net
clcktrck.com
clk.omgt4.com
conestenation.com
discounthero.org
js-agent.newrelic.com
kw-71.717trk.com
lg.provenpixel.com
prf.hn
r.bttn.io
r.zredirect.com
track.omguk.com
www.expedia.ca
www.expiedia.ca
www.google-analytics.com
www.googletagmanager.com
bam.eu01.nr-data.net
www.expedia.ca
104.126.112.248
142.250.80.72
142.251.40.110
162.247.243.39
18.205.42.100
3.20.93.47
3.209.177.37
3.211.43.54
3.68.5.1
34.197.104.62
44.209.27.255
5.150.170.6
52.45.8.64
54.157.157.147
66.165.243.160
69.162.80.61
69.172.200.185
55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec
7e3d10b666d419ba9ac12cdcb6e32ff385f91fa722ecd7ce541b8d676d5c18c0
8dfdcbaa5ad9eb2d3e5220ab082d7aea4b446d8fd4cc5c102dad599de6f0a003
bc52813b55b80d515dfca6e58feec955169d4f965fb81b65e09f7b63256bcfdc
c3c58daf47bcfa54db9d3da22428875d0d815960d71e2e42b5faef2044d9ce9a
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

www.expedia.ca Open in urlscan Pro 104.126.112.248 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

90 %HTTPS

0 %IPv6

19 Domains

19 Subdomains

12 IPs

3 Countries

182 kBTransfer

686 kBSize

15 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

15 Cookies

1 Console Messages

Indicators

www.expedia.ca Open in urlscan Pro
104.126.112.248 Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

90 %
HTTPS

0 %
IPv6

19
Domains

19
Subdomains

12
IPs

3
Countries

182 kB
Transfer

686 kB
Size

15
Cookies

20 HTTP transactions
0 data transactions