Submitted URL: http://ucflwdqs6n.beauty/offer/50?cid=149&imp=wgkfxnbbthcjc1708538068082
Effective URL: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748...
Submission: On February 22 via api from US — Scanned from US

Summary

This website contacted 6 IPs in 2 countries across 7 domains to perform 9 HTTP transactions. The main IP is 2606:4700:3035::ac43:92d2, located in United States and belongs to CLOUDFLARENET, US. The main domain is enastravel.com.
TLS certificate: Issued by E1 on January 19th 2024. Valid for: 3 months.
This is the only time enastravel.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.203.164.80 14618 (AMAZON-AES)
1 1 2600:1f18:66d... 14618 (AMAZON-AES)
2 3 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
2 104.21.73.203 13335 (CLOUDFLAR...)
3 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
9 6
Apex Domain
Subdomains
Transfer
3 ocmhood.com
sdk.ocmhood.com — Cisco Umbrella Rank: 36353
t.ocmhood.com — Cisco Umbrella Rank: 12045
13 KB
3 adspredictiv.com
adspredictiv.com
5 KB
2 cn-rtb.com
feed.cn-rtb.com — Cisco Umbrella Rank: 80997
t.cn-rtb.com — Cisco Umbrella Rank: 91779
881 B
2 enastravel.com
enastravel.com
21 KB
1 ocmtag.com
cdn.ocmtag.com — Cisco Umbrella Rank: 37984
824 B
1 cddtsecure.com
cddtsecure.com
3 KB
1 ucflwdqs6n.beauty
ucflwdqs6n.beauty
266 B
9 7
Domain Requested by
3 adspredictiv.com 2 redirects
2 t.ocmhood.com sdk.ocmhood.com
2 enastravel.com adspredictiv.com
enastravel.com
1 t.cn-rtb.com enastravel.com
1 cdn.ocmtag.com sdk.ocmhood.com
1 sdk.ocmhood.com enastravel.com
1 feed.cn-rtb.com enastravel.com
1 cddtsecure.com 1 redirects
1 ucflwdqs6n.beauty 1 redirects
9 9

This site contains no links.

Subject Issuer Validity Valid
adspredictiv.com
GTS CA 1P5
2023-12-31 -
2024-03-30
3 months crt.sh
enastravel.com
E1
2024-01-19 -
2024-04-18
3 months crt.sh
cn-rtb.com
GTS CA 1P5
2024-02-14 -
2024-05-14
3 months crt.sh
ocmhood.com
Cloudflare Inc ECC CA-3
2023-04-04 -
2024-04-03
a year crt.sh
ocmtag.com
Cloudflare Inc ECC CA-3
2023-12-25 -
2024-12-24
a year crt.sh

This page contains 1 frames:

Primary Page: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Frame ID: C26D1BA0D2572617CB6339186E2DBE1E
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Click Allow

Page URL History Show full URLs

  1. http://ucflwdqs6n.beauty/offer/50?cid=149&imp=wgkfxnbbthcjc1708538068082 HTTP 302
    https://cddtsecure.com/?a=155391&c=337952&co=204047&mt=7&s1=g&s2=wgkfxnbbthcjc1708538068082&s3=d HTTP 302
    https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&su... Page URL
  2. https://adspredictiv.com/jump/next.php?stamat=m%257CaTIhf3NhaQdH8AH0dEdHP3xP.18d%252CTwuhcE9ytvGl4nFR... HTTP 302
    https://adspredictiv.com/script/i.php?t=1&c=23770534&stamat=m%257C%252C%252CAhM243NmtGU3Bf-GH0dEdHP3x... HTTP 302
    https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R5... Page URL

Page Statistics

9
Requests

100 %
HTTPS

71 %
IPv6

7
Domains

9
Subdomains

6
IPs

2
Countries

39 kB
Transfer

85 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ucflwdqs6n.beauty/offer/50?cid=149&imp=wgkfxnbbthcjc1708538068082 HTTP 302
    https://cddtsecure.com/?a=155391&c=337952&co=204047&mt=7&s1=g&s2=wgkfxnbbthcjc1708538068082&s3=d HTTP 302
    https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g Page URL
  2. https://adspredictiv.com/jump/next.php?stamat=m%257CaTIhf3NhaQdH8AH0dEdHP3xP.18d%252CTwuhcE9ytvGl4nFRHB_Ai_s-mlABFntchTzo96_d71nm-YrFntijGBe2eO8epAAQjXEP0nDT1_u_tjicNB2AmZhdgisgTTe8LWTWP5sjMoZHyi3GRdnjesOzr6-FYDPz&cbpage=https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g&cbur=0.4531150239390511&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
    https://adspredictiv.com/script/i.php?t=1&c=23770534&stamat=m%257C%252C%252CAhM243NmtGU3Bf-GH0dEdHP3xP.b3c%252CaGXoyFIV-LorRQgyV6OjHjBdyaUu6rLryNnHVhnwGwpqsvhjxH76SpwV3xVTzcKVWSDYnpyH9bnrEPcY3C_Qx-Yzqxp08I3ytZ2fbdN3pYGrmVLFgA7rP4AvTruMQmy4NjEw7HJBJOZPz-3Ym0SAUk3yyCZnSW5RbMlagiNc_sZ2dG3RLFQulrjbTYF-ymkcEqalqsXFTnhgQy2chCIcPauuNoJVM9zMY9j1CFPXTHQfjyK4n53eOP4aWFMUeKVKvWiA0kCWY5VJ7GgN7H7_5L7DT9XzeozxpGz7wsA3Gu1dA-7MoIrK09TwT2Ra5N5bEs9ZdtS3QNPrRN1hmEsZ-e4KbeVZfKzY0A0aJ9G1YR2JjeeJUaGjpgLlRkHKQu4Ga63yImCh3yiZnihcTaPOQQDxnuEjawOfIVnVilM_Q2-AEi6YOZ43BZYx5V-_GBjbXToriQjNbBlNmRuarjbBMrtJcSkVzbC5XsmsH6Zz9uqPEAkQACN1U9olQr_PHmh6m-XDmwsIqWmqEPCCQ9jmcTm8YjYcFCH8VUrf0MhNpJvS-9ULQzptFQ147iV7DdEmK8AxuunXSZMFx9GZ5VJve3mWDEeaHQX2LHW-_1fYSY8xDNx3CicS_3Thd6mZxjypSrfz-pf1Ld92rJ25onnSkPzZqE96qK206xneIxP8JvmS0K_7TiN2LUTEYGqITK6p HTTP 302
    https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ucflwdqs6n.beauty/offer/50?cid=149&imp=wgkfxnbbthcjc1708538068082 HTTP 302
  • https://cddtsecure.com/?a=155391&c=337952&co=204047&mt=7&s1=g&s2=wgkfxnbbthcjc1708538068082&s3=d HTTP 302
  • https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
next.php
adspredictiv.com/jump/
Redirect Chain
  • http://ucflwdqs6n.beauty/offer/50?cid=149&imp=wgkfxnbbthcjc1708538068082
  • https://cddtsecure.com/?a=155391&c=337952&co=204047&mt=7&s1=g&s2=wgkfxnbbthcjc1708538068082&s3=d
  • https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g
7 KB
3 KB
Document
General
Full URL
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::6815:cef , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
859a9f21cb6e287e-MIA
content-encoding
br
content-type
text/html; charset=utf-8
date
Thu, 22 Feb 2024 22:21:21 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BAowdRhjFEnds2f%2BZzJkDmdjdbpsMuavTp7KbcoIYtolfS%2BZEoq6s3eu3l%2Fx3vnDKMWcT4xjd2TWNuiU5ZPZSaNQQEi2jZ9GW2v5fYlwkGzoWOr1pSeuF9728U99hVxXOtUYhVDK1UkX7fH2x4Ul"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With,X-Auth,Pasha-Jlob
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
content-language
en-US
content-type
text/html;charset=ISO-8859-1
date
Thu, 22 Feb 2024 22:21:21 GMT
location
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g
server
nginx
Primary Request /
enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/
Redirect Chain
  • https://adspredictiv.com/jump/next.php?stamat=m%257CaTIhf3NhaQdH8AH0dEdHP3xP.18d%252CTwuhcE9ytvGl4nFRHB_Ai_s-mlABFntchTzo96_d71nm-YrFntijGBe2eO8epAAQjXEP0nDT1_u_tjicNB2AmZhdgisgTTe8LWTWP5sjMoZHyi3G...
  • https://adspredictiv.com/script/i.php?t=1&c=23770534&stamat=m%257C%252C%252CAhM243NmtGU3Bf-GH0dEdHP3xP.b3c%252CaGXoyFIV-LorRQgyV6OjHjBdyaUu6rLryNnHVhnwGwpqsvhjxH76SpwV3xVTzcKVWSDYnpyH9bnrEPcY3C_Qx-...
  • https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
32 KB
20 KB
Document
General
Full URL
https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Requested by
Host: adspredictiv.com
URL: https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:92d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c8c7535a94fe9c2fc642ce8a9040e9211a148159eac9f2fddde406da61bc1d8

Request headers

Referer
https://adspredictiv.com/jump/next.php?r=6536598&pub_clickid=17a64dc67d7747d58627c0efb747b86920999&sub1=155391&sub2=g
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
859a9f264c5e1277-MIA
content-encoding
br
content-type
text/html
date
Thu, 22 Feb 2024 22:21:22 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u3LR3TJHbpkckk%2BGakg9dxkF64nrc2FlegdxQEIRcpvoeKZ5EGnXk8PfS8FstyU0DlIQNqjoFzjhn5MpwYyHhWXnOOUmphFp1Rw7%2FHyeqkU7%2Fp%2FiTiMbLGTVpvS2psK26evHITnnvXlUtxWvIA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
859a9f24b8617489-MIA
content-type
text/html; charset=utf-8
date
Thu, 22 Feb 2024 22:21:22 GMT
location
https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YQeP017XHFPjKbgh2HfddEoquA7OLFAXl%2F9AO7iuPAi5GcvN29MMWW%2BZXwc3ZbHbxeR9CEPxc1q7%2FlCGSQWdnxioFBT%2B8TaYgR8HCaVLg%2Fn0wWXsfXrr6zQEhMrMXjzLz%2FmqhUjayYspHwjznIbG"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ee3df69641a083faeda162fce068aef31075856f15c43c74eada446496b865f2

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type
image/png
AFU1kAAPatM
feed.cn-rtb.com/v1/native/
784 B
881 B
Fetch
General
Full URL
https://feed.cn-rtb.com/v1/native/AFU1kAAPatM?subid=73571&uid=51a3ec55-bfd6-44dd-9a47-7e3242662a1e&kw=download%20install&ud_tpcid=kgd_xhUTLl3bR2tEBfgnvdi--YT3hi0o
Requested by
Host: enastravel.com
URL: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.73.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
48e0a8062115d3cc0cd6b4a9ee05ed5f2bd570e17e25c22abd5c46700dc1a179

Request headers

accept-language
en-US,en;q=0.9
Referer
https://enastravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 22:21:23 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8OhOjsI3ZqKqssbX9ZNLlFOxhL%2F6RHQnTVmNJtzy%2B0YjO0CwfdXzCROU94sf4KGSKHFXZQRxQExm9nwPFR9twpSkgmMY9urQdnNaIGchpLuyIkbDGlGr%2BwbbPel%2BUmSYGJo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache
cf-ray
859a9f27e92467e6-MIA
alt-svc
h3=":443"; ma=86400
conf.json
enastravel.com/hood/ZW5hc3RyYXZlbC5jb20=/
49 B
412 B
Fetch
General
Full URL
https://enastravel.com/hood/ZW5hc3RyYXZlbC5jb20=/conf.json
Requested by
Host: enastravel.com
URL: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:92d2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba30b846f3d4e5f4ad51cd1624c831b13f38a7994b6c027830217aff603475d3

Request headers

accept-language
en-US,en;q=0.9
Referer
https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 22:21:22 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
last-modified
Fri, 19 Jan 2024 13:10:15 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"65aa74b7-31"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7%2F3F9PCgKMAnX3bYGh9CYgW%2FDcenXgdK0tgQTjtmFFLbk2ooCXlk5bTeHEzrahzDwMyOKHO%2FYIezMqRUV9uBRRH8E%2BMGExk0LFjnq0lhV1XbbvC7DMNlvHwz7DvWURaguQ8Zat13MHg%2FH6KVqg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json
cf-ray
859a9f274d1f1277-MIA
alt-svc
h3=":443"; ma=86400
truncated
/
9 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
260b073c6af7b2e361f1ba7f05d23007587adbdd79de704fc1999c9d64cd737e

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

Content-Type
image/jpeg
ht.js
sdk.ocmhood.com/sdk/
33 KB
13 KB
Script
General
Full URL
https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Requested by
Host: enastravel.com
URL: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4809 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f706bda48b3539c7053f43bb5c6b73b2d877d4e14e321a4de4549f24255ffafa

Request headers

Referer
https://enastravel.com/
Origin
https://enastravel.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 22:21:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5232
alt-svc
h3=":443"; ma=86400
service-worker-allowed
/
last-modified
Thu, 22 Feb 2024 09:26:48 GMT
server
cloudflare
etag
W/"65d71358-3035"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzvNM6IClHsPKLDtkE7E%2F4Uy%2B0CF4S8eE716BR359s6kfd0A7rCqnDeaPPNJn1v8a2MKTyYhJtJpGxDJG91bfNLsanQzxM3SbJkkbtHplxDDS6GH4pbJy0hMXTzcukw6SdKiRT1wmm3nyXgHIg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
859a9f285c883707-MIA
NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-.js
cdn.ocmtag.com/tag/
423 B
824 B
Script
General
Full URL
https://cdn.ocmtag.com/tag/NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-.js
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:513 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b70a06f5cdbef2540906f23f488cda2a7010fb3ff229e488d843488cfda3bedf

Request headers

accept-language
en-US,en;q=0.9
Referer
https://enastravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 22:21:22 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1523
alt-svc
h3=":443"; ma=86400
service-worker-allowed
/
last-modified
Fri, 19 Jan 2024 10:39:48 GMT
server
cloudflare
etag
W/"65aa5174-1a7"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yDnlI62J2ZFpa2%2FSRoMlmC6iSfK9Ysj%2FRlLOdlacYimpJmsNUoEOFK7FPfu4eu0xeJxD7YoPROgB1yYGzep42WwDIVGczerCcgzV80o9kd062XYr20WV%2FzCSbaIHURkTL2QALzXCh4TdCr48Ag%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=14400
cf-ray
859a9f294bcb8e03-MIA
activity
t.ocmhood.com/v2/
0
434 B
Ping
General
Full URL
https://t.ocmhood.com/v2/activity
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4809 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://enastravel.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 22 Feb 2024 22:21:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1XYhhGtBfxt6ozIWL8KMjwcG2z5o1exYOh5uMCdw6nY0nsEQprgLZuvOETZbzXoCCtahVyCLlD6KpesxaO4YDqvQiZBz7%2F6ebwrRMzZqgMRgmS7hXF40YVqM5nq%2FRCuULIMO9%2F4FAUcw4HU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
no-cache
cf-ray
859a9f2a5a7c227d-MIA
alt-svc
h3=":443"; ma=86400
activity
t.ocmhood.com/v2/
0
268 B
Ping
General
Full URL
https://t.ocmhood.com/v2/activity
Requested by
Host: sdk.ocmhood.com
URL: https://sdk.ocmhood.com/sdk/ht.js?tag=NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4809 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://enastravel.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 22 Feb 2024 22:21:22 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YzbD83Nn9V9dKjTw3gekW8DQq9MDUBcjs6FTShkvpW4vMttwJ%2B%2FEtg0WtHL8kbdcKsLwkPZdyGU9fjJWaqN12IeLr2giy7ydxE6bOcxo7vEVRyiROOQVvYHNPvK5WRfS4%2BmNl9na%2ByKVGFI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/octet-stream
cache-control
no-cache
cf-ray
859a9f2a5a79227d-MIA
alt-svc
h3=":443"; ma=86400
imp
t.cn-rtb.com/
0
0
Fetch
General
Full URL
https://t.cn-rtb.com/imp?l2=iiOmTxm6aPbfB7pn8R0QA1wz7QsozBhowxiqR_gDHLSKGeXdm9eEiNxzUdmKYpvyKHItAKyEe_bi3TvJG304B8uVJGNmIc2Hmy51MN2n1n9pBQkSWu3Df3M0Rq8Q3IantPcQ-BpfVQC3NoJbcWpcEkyIvtJqqSK03x3fOANDlgpzX62-9AQ9SrqbAN4e7nGL4Bn9c7L8t64gN1Noz1fuuobP47QW4RDE3kl_0t6yteerMu94b7fOBZmtEDzNxtNw
Requested by
Host: enastravel.com
URL: https://enastravel.com/IkNsIudfKulJKtIk5UZxb8NiokuxkithEQ6HdECRKx8/?cid=170864048110000TUSTV62001R550R1d05R1RR136Ve0748&pubid=3744083-898608764-30677878
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.73.203 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://enastravel.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.57 Safari/537.36

Response headers

date
Thu, 22 Feb 2024 22:21:23 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UK4HFP6%2BEmeCVnLcHX4fKfFtgvW5kcVFsHfeQLryVVQSEBXKGKkO3zVODp7dd2WqJlb9dNx1b97sb9qX9fcUcTb%2FK6ug0JqVIJsLclKAwEjXhIqbUXCQPO8c9Iuphfk%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
cache-control
no-cache
cf-ray
859a9f2e1ae467e6-MIA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| qs string| lwp function| snippetGetEngineDomain function| snippetGetAllLocations object| campaign_domains function| importOmpServiceWorker function| initOmpServiceWorker function| clearSession function| getLpType function| fetchAd function| getOCP function| popme function| finalRedirect function| goNextStep function| goToRedirectonAllow function| goToRedirectSmart2 function| isPushApiSupported function| uuidv4 function| initLpPush function| startOmpWorker function| getLpIdParamIfSet function| getSourcePrefix object| ad number| cpc number| o_eid string| o_ocid string| source_prefix string| fallback_url function| before_redirect_block object| sParams string| cc function| toggleFullScreen function| Hood function| NjY4ZwSkNAFfmDQ2BTMxNDY4MjE0Ntj-

13 Cookies

Domain/Path Name / Value
.cddtsecure.com/ Name: gdm_uid_v2_1_001
Value: T6LrcUInC41lku0cXQWCGJAl31VacSiD0NSK9ilRX4pIHKJysPTSoBCCiAKiN8Pa
.cddtsecure.com/ Name: gdm_uid_v1_1_001
Value: T6LrcUInC41lku0cXQWCGJAl31VacSiD0NSK9ilRX4pIHKJysPTSoBCCiAKiN8Pa
.cddtsecure.com/ Name: gdm_suid_v2_1_001
Value: HPfHs3OFxkaNOwO68jCjbQ==
.cddtsecure.com/ Name: gdm_sid_v1_3_001
Value: dZZNvfUpePgiFL/JS09Kr4eXp9nTKBTsxLWF/PAVPXAJiWX/QTg2SneOUPGBfBV/nqdUG+AoWIO6Yinc5n5l58/vwFHLk9ALA3uF8TH6jXOOtFBzJQsr3gT8h8cvaVbxK3Yh4K1nZGgwnRedQztlnrZfdafbE9PcpWMHmE/vbL/x3X/UFwKW5Z7rOhjeDgNds6K7KhPV/NP3KRavfpOizvL3d/K+swAS+RQE2e+i1wIyBs6YxcFVUGG5HLz5dX2ZeD0vRhs2T8eLcz5+DkJWiG/v3bGw9CNCop1zXPf0uvPE9fn69N95KmeBkRR4SSR4wrLSOnYk4h7PQXTBK+0IFK1DBGwlHbMMw6jNNriGCsel7SJCqScjQnjLtRet8hfP1r+3DfVZ5PaXmKy5Wnl36aebr+s+VZkueVTXJFeTbtE7lNkpE6zxfZT2IQLfnQkzXO6nA1vGfNXwldgXVlgH7bNlGj41y/VFBYOpg12k1DTeiDCOBcBKPYJmkk09KLdlxUYAHJhEq6qOtLJWMhP5pFuf+rX7kMASqE0jAcFvUo9kKT1li2qxKQHZWg2gI8veCSZxEVwfUwr6UryaFXMkE/genuof0rL6CoB9xaoydX+7SdyL0ZlWVF6i/svRevujV8TFuxhSzM5mTDX+KPsldBQNdinIXdNUB/XraKmaMaIuTQrzN018lh275keZeQFNS1ac/hf6e6LCKfWR070IuUD8vgyG8rDybnTf5I4pRF4mSw0sgSQ6R9io4iw6uTlCg4/IKFzgSFjsb6sU5xb/VX82aOKDVNOXBxmellaVvnP0DjrF+U96uapQfNTYrgOWBowdH6Z5eHMCka0Vx8GX23H5ErLLfNgX8WnemhdcZctaOMafEhvvQoyIhO8EYDXGz5LFkWCrZHM/RJNeDUynrnXN4naSOuMEEG533etnHBUvOPWx3rZjWfY6L85bHimjjyonoZaXzTHX2AGS999VQEap2qFxPOZz3pjcfQ3gyK5ZZvoFIfeAFZj0XDaMey4VU24TIz+7eMkrTOqP6I+LeQr6u6gLt2eU9ddKrpj0Kdd4zvfPLfBsgAeWnNI1IB009D0Fs4rwWYN07VZZq6KzcXfffsDFBhbTQLJQdt1Hhzs=
.cddtsecure.com/ Name: gdm_click_adv_freq_v1_1_001
Value: WGP2hL1mCj4amHrx09xyl5ez8VKEBfdsQVEDT89VMAFbCxlLU4T9ArLnGKAFl9Ze
.cddtsecure.com/ Name: gdm_sid_v2_3_001
Value: dZZNvfUpePgiFL/JS09Kr4eXp9nTKBTsxLWF/PAVPXAJiWX/QTg2SneOUPGBfBV/nqdUG+AoWIO6Yinc5n5l58/vwFHLk9ALA3uF8TH6jXOOtFBzJQsr3gT8h8cvaVbxK3Yh4K1nZGgwnRedQztlnrZfdafbE9PcpWMHmE/vbL/x3X/UFwKW5Z7rOhjeDgNds6K7KhPV/NP3KRavfpOizvL3d/K+swAS+RQE2e+i1wIyBs6YxcFVUGG5HLz5dX2ZeD0vRhs2T8eLcz5+DkJWiG/v3bGw9CNCop1zXPf0uvPE9fn69N95KmeBkRR4SSR4wrLSOnYk4h7PQXTBK+0IFK1DBGwlHbMMw6jNNriGCsel7SJCqScjQnjLtRet8hfP1r+3DfVZ5PaXmKy5Wnl36aebr+s+VZkueVTXJFeTbtE7lNkpE6zxfZT2IQLfnQkzXO6nA1vGfNXwldgXVlgH7bNlGj41y/VFBYOpg12k1DTeiDCOBcBKPYJmkk09KLdlxUYAHJhEq6qOtLJWMhP5pFuf+rX7kMASqE0jAcFvUo9kKT1li2qxKQHZWg2gI8veCSZxEVwfUwr6UryaFXMkE/genuof0rL6CoB9xaoydX+7SdyL0ZlWVF6i/svRevujV8TFuxhSzM5mTDX+KPsldBQNdinIXdNUB/XraKmaMaIuTQrzN018lh275keZeQFNS1ac/hf6e6LCKfWR070IuUD8vgyG8rDybnTf5I4pRF4mSw0sgSQ6R9io4iw6uTlCg4/IKFzgSFjsb6sU5xb/VX82aOKDVNOXBxmellaVvnP0DjrF+U96uapQfNTYrgOWBowdH6Z5eHMCka0Vx8GX23H5ErLLfNgX8WnemhdcZctaOMafEhvvQoyIhO8EYDXGz5LFkWCrZHM/RJNeDUynrnXN4naSOuMEEG533etnHBUvOPWx3rZjWfY6L85bHimjjyonoZaXzTHX2AGS999VQEap2qFxPOZz3pjcfQ3gyK5ZZvoFIfeAFZj0XDaMey4VU24TIz+7eMkrTOqP6I+LeQr6u6gLt2eU9ddKrpj0Kdd4zvfPLfBsgAeWnNI1IB009D0Fs4rwWYN07VZZq6KzcXfffsDFBhbTQLJQdt1Hhzs=
.cddtsecure.com/ Name: gdm_click_freq_v2_1_001
Value: PP3JcjNA73u1+Rhf7CuRLJ46sV5THqClzz+Gm+1D4fsXuAV/NqyQ7V/uADJ8DXT0
.cddtsecure.com/ Name: gdm_click_freq_v1_1_001
Value: PP3JcjNA73u1+Rhf7CuRLJ46sV5THqClzz+Gm+1D4fsXuAV/NqyQ7V/uADJ8DXT0
.cddtsecure.com/ Name: gdm_suid_v1_1_001
Value: HPfHs3OFxkaNOwO68jCjbQ==
.cddtsecure.com/ Name: gdm_click_adv_freq_v2_1_001
Value: WGP2hL1mCj4amHrx09xyl5ez8VKEBfdsQVEDT89VMAFbCxlLU4T9ArLnGKAFl9Ze
enastravel.com/ Name: session
Value: kgd_xhUTLl3bR2tEBfgnvdi--YT3hi0o
.enastravel.com/ Name: _ht_v
Value: 1708640482.3454096511
.enastravel.com/ Name: _ht_s
Value: 1708640482.2