![](/screenshots/b53c8249-3b0b-4911-8b64-23e076a65984.png)
aha.youearnedit.com
Open in
urlscan Pro
35.199.32.36
Public Scan
Effective URL: https://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1NlbGZFdm...
Submission: On April 28 via manual from IL
Summary
TLS certificate: Issued by R3 on March 11th 2021. Valid for: 3 months.
This is the only time aha.youearnedit.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 5 | 35.199.32.36 35.199.32.36 | 15169 (GOOGLE) (GOOGLE) | |
4 | 2600:9000:211... 2600:9000:211e:b200:5:54af:3940:21 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 2a00:1450:400... 2a00:1450:4001:82f::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 151.101.114.110 151.101.114.110 | 54113 (FASTLY) (FASTLY) | |
2 | 162.247.243.147 162.247.243.147 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
10 | 5 |
ASN15169 (GOOGLE, US)
PTR: 36.32.199.35.bc.googleusercontent.com
app.highground.com | |
aha.youearnedit.com |
ASN16509 (AMAZON-02, US)
d2y682l68cpwit.cloudfront.net |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
cloudfront.net
d2y682l68cpwit.cloudfront.net |
152 KB |
3 |
highground.com
3 redirects
app.highground.com |
4 KB |
2 |
nr-data.net
bam-cell.nr-data.net |
1 KB |
2 |
googletagmanager.com
www.googletagmanager.com |
82 KB |
2 |
youearnedit.com
1 redirects
aha.youearnedit.com |
7 KB |
1 |
newrelic.com
js-agent.newrelic.com |
12 KB |
10 | 6 |
Domain | Requested by | |
---|---|---|
4 | d2y682l68cpwit.cloudfront.net |
aha.youearnedit.com
d2y682l68cpwit.cloudfront.net |
3 | app.highground.com | 3 redirects |
2 | bam-cell.nr-data.net |
js-agent.newrelic.com
|
2 | www.googletagmanager.com |
aha.youearnedit.com
www.googletagmanager.com |
2 | aha.youearnedit.com | 1 redirects |
1 | js-agent.newrelic.com |
aha.youearnedit.com
|
10 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
kazoohr.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.youearnedit.com R3 |
2021-03-11 - 2021-06-09 |
3 months | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2021-02-22 - 2022-02-21 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2021-04-13 - 2021-07-06 |
3 months | crt.sh |
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2021-04-26 - 2022-04-10 |
a year | crt.sh |
*.nr-data.net DigiCert SHA2 Secure Server CA |
2020-02-05 - 2022-02-08 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1NlbGZFdmFsU3RhcnQvMTg2YjNlNTAtOWUxNy0xMWViLTliNzEtMzc5ZTYzOGEyYjc5P2dpZD0xNWE5NTI0MC0yZDk0LTExZWItOTE1ZS1jN2U1MWY2OGEyODQ%3D
Frame ID: 6E7A3BE9519761EE8C618834EEB6700A
Requests: 10 HTTP requests in this frame
Screenshot
![](/screenshots/b53c8249-3b0b-4911-8b64-23e076a65984.png)
Page URL History Show full URLs
-
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vP2VtYWlsTGluaz1hSFIwY0hNNkx5O...
HTTP 302
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vP2VtYWlsTGluaz1hSFIwY0hNNkx5O... HTTP 302
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1Nlb... HTTP 302
http://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0... HTTP 308
https://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0... Page URL
Detected technologies
![](/vendor/wappa/icons/Lua.png)
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
![](/vendor/wappa/icons/OpenResty.png)
Detected patterns
- headers server /openresty(?:\/([\d.]+))?/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Terms
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vP2VtYWlsTGluaz1hSFIwY0hNNkx5OWhjSEF1YUdsbmFHZHliM1Z1WkM1amIyMHZQMlZ0WVdsc1RHbHVhejFoU0ZJd1kwaE5Oa3g1T1doalNFRjFZVWRzYm1GSFpIbGlNMVoxV2tNMWFtSXlNSFpKZVRsUlkyMDViV0ZYZUd4TU1GcHNXbGRTYVZsWFRuSk1NVTVzWWtkYVJtUnRSbk5WTTFKb1kyNVJkazFVWnpKWmFrNXNUbFJCZEU5WFZYaE9lVEI0VFZkV2FVeFViR2xPZWtWMFRYcGpOVnBVV1hwUFIwVjVXV3BqTlZBeVpIQmFSREI0VGxkRk5VNVVTVEJOUXpCNVdrUnJNRXhVUlhoYVYwbDBUMVJGTVZwVE1XcE9NbFV4VFZkWk1rOUhSWGxQUkZFOQ==
HTTP 302
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vP2VtYWlsTGluaz1hSFIwY0hNNkx5OWhjSEF1YUdsbmFHZHliM1Z1WkM1amIyMHZJeTlRY205bWFXeGxMMFpsWldSaVlXTnJMMU5sYkdaRmRtRnNVM1JoY25Rdk1UZzJZak5sTlRBdE9XVXhOeTB4TVdWaUxUbGlOekV0TXpjNVpUWXpPR0V5WWpjNVAyZHBaRDB4TldFNU5USTBNQzB5WkRrMExURXhaV0l0T1RFMVpTMWpOMlUxTVdZMk9HRXlPRFE9 HTTP 302
https://app.highground.com/?emailLink=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1NlbGZFdmFsU3RhcnQvMTg2YjNlNTAtOWUxNy0xMWViLTliNzEtMzc5ZTYzOGEyYjc5P2dpZD0xNWE5NTI0MC0yZDk0LTExZWItOTE1ZS1jN2U1MWY2OGEyODQ= HTTP 302
http://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1NlbGZFdmFsU3RhcnQvMTg2YjNlNTAtOWUxNy0xMWViLTliNzEtMzc5ZTYzOGEyYjc5P2dpZD0xNWE5NTI0MC0yZDk0LTExZWItOTE1ZS1jN2U1MWY2OGEyODQ%3D HTTP 308
https://aha.youearnedit.com/users/sign_in?&redirectTo=aHR0cHM6Ly9hcHAuaGlnaGdyb3VuZC5jb20vIy9Qcm9maWxlL0ZlZWRiYWNrL1NlbGZFdmFsU3RhcnQvMTg2YjNlNTAtOWUxNy0xMWViLTliNzEtMzc5ZTYzOGEyYjc5P2dpZD0xNWE5NTI0MC0yZDk0LTExZWItOTE1ZS1jN2U1MWY2OGEyODQ%3D Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
sign_in
aha.youearnedit.com/users/ Redirect Chain
|
12 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-dadecbe417beb6269dedf1c7dff7b3a6331f3dc5979a06f4468a2157ddb44e44.css
d2y682l68cpwit.cloudfront.net/assets/ |
11 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-e0a01f366e4d30d76117ca29f28fce3e522a04b4606c0c97001489a5dc8b978b.js
d2y682l68cpwit.cloudfront.net/assets/ |
427 KB 144 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kazoo-logo.svg
d2y682l68cpwit.cloudfront.net/yei/images/default/layout/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
96 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kazoo-login-pattern.svg
d2y682l68cpwit.cloudfront.net/yei/images/default/layout/ |
7 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nr-1208.min.js
js-agent.newrelic.com/ |
31 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
117 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
f2f9e9e31a
bam-cell.nr-data.net/1/ |
57 B 646 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
f2f9e9e31a
bam-cell.nr-data.net/events/1/ |
24 B 495 B |
XHR
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| NREUM object| newrelic function| __nr_require function| $ function| jQuery object| jQuery112405206653349597112 function| webpackJsonp object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| React object| jQuery111102859468465177497 function| _ function| underscore object| yei object| dataLayer object| google_tag_manager function| onYouTubeIframeAPIReady1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
aha.youearnedit.com/ | Name: _session_id Value: 16d92b22f596233f6341f2544f2c5d82 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' 'unsafe-inline' https: data: 'unsafe-eval'; font-src 'self' data: 'unsafe-inline' https://cloud.typography.com https://*.cloudfront.net https://*.kazoohr.io https://cdnjs.cloudflare.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains max-age=31536000 |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aha.youearnedit.com
app.highground.com
bam-cell.nr-data.net
d2y682l68cpwit.cloudfront.net
js-agent.newrelic.com
www.googletagmanager.com
151.101.114.110
162.247.243.147
2600:9000:211e:b200:5:54af:3940:21
2a00:1450:4001:82f::2008
35.199.32.36
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
4014ca31d3c8e768608a40ed160a405ae39836a5b2c43f256bee3bdf427dd67f
7739af94eaf7fceeeaf2467222d3d5a4211ec3a820ee54f02a490a5347e0021e
7fa5e2104bb36b8154a70a14bffa5ca62d48033f046f44427d9507ad856da372
8c05e993da3b8c1b5b72547358e7fe834b0231992db348b696beb53f6facd99b
d10c94b6cdb747904baee9070f003bb45849da46f8100b1320f286c21cbcaaa1
d8a555283059be8c525cda8b96b6d1d0f435f87d8e65bb80ce3dfab58b920a17
dadecbe417beb6269dedf1c7dff7b3a6331f3dc5979a06f4468a2157ddb44e44
e0a01f366e4d30d76117ca29f28fce3e522a04b4606c0c97001489a5dc8b978b
f9412937e4812b405b035bcf0b5be8b4188a2aaf502b55fdd7eaaf0cb5d045db