auth.megabonus.com Open in urlscan Pro
54.217.74.74 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://promo.megabonus.com/click.html?x=a62e&lc=sZu&mc=L&s=Kfq&u=Q&z=xy05Osy&
Effective URL:
https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford...
Submission: On August 24 via manual (August 24th 2022, 1:39:22 pm UTC) from IN — Scanned from DE

Summary HTTP 43 Redirects Behaviour Indicators

Summary

This website contacted 10 IPs in 6 countries across 9 domains to perform 43 HTTP transactions. The main IP is 54.217.74.74, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is auth.megabonus.com.
TLS certificate: Issued by R3 on July 27th 2022. Valid for: 3 months.

This is the only time auth.megabonus.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.81.44 188.114.81.44	198881 (IMPLIX-PL-AS) (IMPLIX-PL-AS)
1 6	54.217.74.74 54.217.74.74	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5714	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2600:9000:225... 2600:9000:2251:7200:4:83b2:30c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5 11	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
6	2a00:1450:400... 2a00:1450:4001:806::2004	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1 2	80.239.201.14 80.239.201.14	1299 (TWELVE99 ...) (TWELVE99 Arelion)
4	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
43	10

1 188.114.81.44 (Poland) 1 redirects

ASN198881 (IMPLIX-PL-AS, PL)
PTR: mta-1.promo.megabonus.com

promo.megabonus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.217.74.74 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

megabonus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
auth.megabonus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2600:9000:2251:7200:4:83b2:30c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.megabonus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:806::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 80.239.201.14 (Sweden) 1 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)
PTR: 80-239-201-14.teliacarrier-cust.com

mc.webvisor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	megabonus.com 2 redirects promo.megabonus.com megabonus.com — Cisco Umbrella Rank: 489050 auth.megabonus.com cdn.megabonus.com — Cisco Umbrella Rank: 876625	846 KB
11	gstatic.com www.gstatic.com fonts.gstatic.com	579 KB
9	yandex.ru 4 redirects mc.yandex.ru — Cisco Umbrella Rank: 3880	5 KB
6	google.com www.google.com — Cisco Umbrella Rank: 9	63 KB
2	yandex.com 1 redirects mc.yandex.com — Cisco Umbrella Rank: 10960	587 B
2	webvisor.org 1 redirects mc.webvisor.org — Cisco Umbrella Rank: 22152	713 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 45	20 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 422	83 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	42 KB
43	9

	Domain	Requested by
10	cdn.megabonus.com	auth.megabonus.com
9	mc.yandex.ru	4 redirects auth.megabonus.com cdn.jsdelivr.net
7	www.gstatic.com	www.google.com www.gstatic.com
6	www.google.com	auth.megabonus.com www.gstatic.com www.google.com
5	auth.megabonus.com	auth.megabonus.com
4	fonts.gstatic.com	www.google.com
2	mc.yandex.com	1 redirects auth.megabonus.com
2	mc.webvisor.org	1 redirects auth.megabonus.com
2	www.google-analytics.com	auth.megabonus.com www.google-analytics.com
1	cdn.jsdelivr.net	auth.megabonus.com
1	www.googletagmanager.com	auth.megabonus.com
1	megabonus.com	1 redirects
1	promo.megabonus.com	1 redirects
43	13

This site contains no links.

Subject Issuer	Validity	Valid
auth.megabonus.com R3	`2022-07-27` - `2022-10-25`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
cdn.megabonus.com Amazon	`2021-12-14` - `2023-01-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2022-05-21` - `2022-10-31`	5 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-08-01` - `2022-10-24`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Frame ID: 24C91844812508D5DE6BE7DE22FDEE01
Requests: 28 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=2hbsaegzdmyt
Frame ID: 02830381E42F221AA27F3A88A68B9105
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=ycdakehdz3oe
Frame ID: 9EFECE67A98D4308C56AD69218BBC367
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

«Мегабонус» - войти в личный кабинет или зарегистрироваться

Page URL History Show full URLs

https://promo.megabonus.com/click.html?x=a62e&lc=sZu&mc=L&s=Kfq&u=Q&z=xy05Osy& HTTP 302
https://megabonus.com/shop/foxfordru?activate=true&revent=click&rassign=marketing&rcomptype=button... HTTP 307
https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=h... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

43
Requests

91 %
HTTPS

73 %
IPv6

9
Domains

13
Subdomains

10
IPs

6
Countries

1632 kB
Transfer

3439 kB
Size

31
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://promo.megabonus.com/click.html?x=a62e&lc=sZu&mc=L&s=Kfq&u=Q&z=xy05Osy& HTTP 302
https://megabonus.com/shop/foxfordru?activate=true&revent=click&rassign=marketing&rcomptype=button&rcompname=main_button&rsource=getresponse&rcid=foxfordru_24082022&rst=13.08.2022&utm_source=getresponse&utm_medium=email&utm_campaign=foxfordru_24082022&deeplink=https://foxford.ru/catalog/courses/?utm_source=admitad&utm_medium=cpa&utm_campaign=gen_add_all_bts-megabonus&placement=%7B%7Bpublisher_id%7D%7D&admitad_uid=%7B%7Badmitad_uid%7D%7D HTTP 307
https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&page-ref=&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A2%3Adp%3A0%3Als%3A1452626467074%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A590430106%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Ast%3A1661348355&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ti(2) HTTP 302
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A2%3Adp%3A0%3Als%3A1452626467074%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A590430106%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Ast%3A1661348355&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29

Request Chain 10

https://mc.yandex.ru/watch/37456880?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A1%3Adp%3A0%3Als%3A308268586629%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A916919166%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661348355%3At%3A%C2%AB%D0%9C%D0%B5%D0%B3%D0%B0%D0%B1%D0%BE%D0%BD%D1%83%D1%81%C2%BB%20-%20%D0%B2%D0%BE%D0%B9%D1%82%D0%B8%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82%20%D0%B8%D0%BB%D0%B8%20%D0%B7%D0%B0%D1%80%D0%B5%D0%B3%D0%B8%D1%81%D1%82%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%D1%81%D1%8F&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)rqnl(1)ti(2) HTTP 302
https://mc.yandex.ru/watch/37456880/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A1%3Adp%3A0%3Als%3A308268586629%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A916919166%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661348355%3At%3A%C2%AB%D0%9C%D0%B5%D0%B3%D0%B0%D0%B1%D0%BE%D0%BD%D1%83%D1%81%C2%BB%20-%20%D0%B2%D0%BE%D0%B9%D1%82%D0%B8%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82%20%D0%B8%D0%BB%D0%B8%20%D0%B7%D0%B0%D1%80%D0%B5%D0%B3%D0%B8%D1%81%D1%82%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%D1%81%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Request Chain 22

https://mc.webvisor.org/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9740.nMaldD1MAsYikUhtlxZH7l9tPni82LTfYqCKXIMIJ_9dlF1n8WYvjkV9CT6ZCUsH.FL_SVi5RmV2u1u37T7pZ8IFVSck%2C HTTP 302
https://mc.webvisor.org/sync_cookie_image_decide?token=9740.c2mMIdcPunwUgn-evAJphrWv14u1oZDQq4wzrDlTH36VV0EYClOunkPc3DdIkkefrV3CjYsSwmfv7HuYXx64Ooxtx4rItPYGDuaxBGMiLX4%2C.cUtJV1eEzONupVHmtFdvD2gh4Ng%2C

Request Chain 23

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9740.rGZAXPrWhvSWUZypoFLDtEywiMN4Ab3Qrm0pT9iOZbsQiaFgOuFz0iMolVnKDZpJ.Qew2cLdGJRPflzWXjVTMPQ9W7ug%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=9740.LgwA1DVGXWR-hMyIOSuh5K3jxqzSlEYoqtQAt3cTHxc5GKVQea2unOlyEBljh3Ey2xIwWiioMxeMnVpo2Y3TZrm6AkDq7rQZVZxDheNO8AQ%2C.EvtHi-yZxOEl3zmro_gXVs8k-lk%2C

43 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
auth.megabonus.com/
Redirect Chain

https://promo.megabonus.com/click.html?x=a62e&lc=sZu&mc=L&s=Kfq&u=Q&z=xy05Osy&
https://megabonus.com/shop/foxfordru?activate=true&revent=click&rassign=marketing&rcomptype=button&rcompname=main_button&rsource=getresponse&rcid=foxfordru_24082022&rst=13.08.2022&utm_source=getres...
https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad

86 KB
17 KB

200ms
92ms

Document
text/html

54.217.74.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.217.74.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

818f6375f2b3eebbaf60ff9cc346cc73f42fadba89cb45367a33a59a34c51fa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Aug 2022 13:39:14 GMT
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 24 Aug 2022 13:39:14 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Location: https://auth.megabonus.com?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Pragma: no-cache
Server: nginx
Strict-Transport-Security: max-age=31536000; includeSubdomains
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK main.css
auth.megabonus.com/css/ 8 KB
1 KB 51ms
51ms Stylesheet
text/css 54.217.74.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.megabonus.com/css/main.css?id=d91faccdb0bf94b635d9

Requested by

Host: auth.megabonus.com
URL: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.217.74.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

dfaed2fca3e0636a498c3befb579b92ed2872385f48d2ff251190b7e632d74cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 13:39:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 26 Mar 2021 14:31:45 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"605df051-1e02"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 107 KB
42 KB 70ms
29ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-77989466-18

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2b2cad6d24d7d49a25a6394d8848eec3da664f6796dfec38739f2baea1f36a27

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:14 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42015
x-xss-protection: 0
last-modified: Wed, 24 Aug 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Aug 2022 13:39:14 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 67ms
16ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1998
date: Wed, 24 Aug 2022 13:05:57 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 24 Aug 2022 15:05:57 GMT

GET
H/1.1 200
OK ga_and_ym.js Show response
auth.megabonus.com/js/ 89 KB
31 KB 152ms
77ms Script
application/javascript 54.217.74.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.megabonus.com/js/ga_and_ym.js?id=18f919ecafd90ea78f7d

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.217.74.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

848235dae85e4305146efcfd8bde6014fe0047036c5c32a849cef922ae3e5c5e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 13:39:15 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Wed, 08 Jun 2022 11:47:50 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"62a08c66-162e0"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 24 Aug 2023 13:39:15 GMT

GET
H/1.1 200
OK authPage.css
auth.megabonus.com/css/ 97 KB
9 KB 93ms
42ms Stylesheet
text/css 54.217.74.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.megabonus.com/css/authPage.css?id=e6044668e8b54c01ff93

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.217.74.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

26f381edf6d5bd781d264ce05b141fa1faa3181fa3101d34f2bac42ee61aa1b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 13:39:14 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Fri, 15 Apr 2022 10:19:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"625946b8-185c3"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1 200
OK auth.js Show response
auth.megabonus.com/js/ 802 KB
237 KB 156ms
82ms Script
application/javascript 54.217.74.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.megabonus.com/js/auth.js?id=5efbf5b0743a63d3af8e

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

54.217.74.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-217-74-74.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

93209fa8d7302c93a55c778453eb3d42e7ac09d5da5a2c24bfc0dcd410f708fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

Date: Wed, 24 Aug 2022 13:39:15 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Tue, 16 Aug 2022 13:45:47 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: W/"62fb9f8b-c88fc"
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: max-age=31536000
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Thu, 24 Aug 2023 13:39:15 GMT

GET
H2 200 tag.js Show response
cdn.jsdelivr.net/npm/yandex-metrica-watch/ 206 KB
83 KB 108ms
50ms Script
application/javascript 2606:4700::6810:5714
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7b132db7903bd7cecb0c153900efa9da862eb5e00a66dfd3c7481c283ef6f3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 14990
x-jsd-version: 1.241.0
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19179-FRA, cache-cdg20725-CDG
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"33651-gyzSE5ybnHdnG+haf+T/Rwp+jXk"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=23WqlVlQtkBS9LRCdkos%2Bp5Yl%2BrOvvynfgbPfPpcT5ihjsPXsV9CaYFyoozCHwry3HSssnLlxt1fdz%2F2MI5qKR1OaFAdk8iLe7uxsaQdrY9c3HwcHEj484JmthXQ9k%2BEI%2BVPEC5y9NR%2BRMds3PI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
cf-ray: 73fc7e33bcd5020d-ZRH
access-control-expose-headers: *

GET
H2 200 auth_back1680x700.png
cdn.megabonus.com/images/mb_auth/ 424 KB
425 KB 82ms
19ms Image
image/png 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/mb_auth/auth_back1680x700.png
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/authPage.css?id=e6044668e8b54c01ff93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0007e61a070397719c2bdec4ab8841a3e0a8c654641ea011eda4110d187dcfdb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: a7G1E1App0On6adLDiMGCbHALQ1ukKIy
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Thu, 01 Aug 2019 15:11:58 GMT
server: AmazonS3
age: 34657
etag: "39e79ae5c30401146f7a37f162978e9c"
x-cache: Hit from cloudfront
content-type: image/png
date: Wed, 24 Aug 2022 04:01:39 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 434375
x-amz-cf-id: _HHapaWi_HjMzjdRhlHzez6Zrn09MyYYov12bpmULGV5aWpsEFCmeQ==

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
208 B 26ms
25ms XHR
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1806777674&t=pageview&_s=1&dl=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&ul=en-us&de=UTF-8&dt=%C2%AB%D0%9C%D0%B5%D0%B3%D0%B0%D0%B1%D0%BE%D0%BD%D1%83%D1%81%C2%BB%20-%20%D0%B2%D0%BE%D0%B9%D1%82%D0%B8%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82%20%D0%B8%D0%BB%D0%B8%20%D0%B7%D0%B0%D1%80%D0%B5%D0%B3%D0%B8%D1%81%D1%82%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%D1%81%D1%8F&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEDAAUABAAAAAC~&jid=1687169822&gjid=904343157&cid=1184599225.1661348355&tid=UA-77989466-18&_gid=138635117.1661348355&_r=1&gtm=2ou8m0&z=507964638

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://auth.megabonus.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:15 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://auth.megabonus.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/3/
Redirect Chain

https://mc.yandex.ru/watch/3?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252...
https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%2...

167 B
249 B

70ms
69ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/3/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A2%3Adp%3A0%3Als%3A1452626467074%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A590430106%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Ast%3A1661348355&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29

Requested by

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

aaf73d76b3b08180775af05deef70af6a2503d5ec669429c6f32c9fe570e879f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24-Aug-2022 13:39:15 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 167
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:15 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:15 GMT
last-modified: Wed, 24-Aug-2022 13:39:15 GMT
location: /watch/3/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&page-ref&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A2%3Adp%3A0%3Als%3A1452626467074%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A590430106%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Ast%3A1661348355&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:15 GMT

GET
H2

200

1 Show response
mc.yandex.ru/watch/37456880/
Redirect Chain

https://mc.yandex.ru/watch/37456880?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%2...
https://mc.yandex.ru/watch/37456880/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A...

638 B
673 B

75ms
75ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/37456880/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A1%3Adp%3A0%3Als%3A308268586629%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A916919166%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661348355%3At%3A%C2%AB%D0%9C%D0%B5%D0%B3%D0%B0%D0%B1%D0%BE%D0%BD%D1%83%D1%81%C2%BB%20-%20%D0%B2%D0%BE%D0%B9%D1%82%D0%B8%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82%20%D0%B8%D0%BB%D0%B8%20%D0%B7%D0%B0%D1%80%D0%B5%D0%B3%D0%B8%D1%81%D1%82%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%D1%81%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29

Requested by

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

a4233d84a829174d5129d07d58072abb79de4e1f86e48ec89e242042b85d0d66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:15 GMT
x-content-type-options: nosniff
last-modified: Wed, 24-Aug-2022 13:39:15 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 638
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:15 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:15 GMT
last-modified: Wed, 24-Aug-2022 13:39:15 GMT
location: /watch/37456880/1?wmode=7&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A880%3Acn%3A1%3Adp%3A0%3Als%3A308268586629%3Ahid%3A62333360%3Az%3A0%3Ai%3A20220824133915%3Aet%3A1661348355%3Ac%3A1%3Arn%3A916919166%3Arqn%3A1%3Au%3A1661348355909350918%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Acpf%3A1%3Ans%3A1661348354033%3Ads%3A23%2C84%2C92%2C1%2C671%2C0%2C%2C%2C%2C%2C%2C%2C%3Awv%3A2%3Aco%3A0%3Arqnl%3A1%3Ast%3A1661348355%3At%3A%C2%AB%D0%9C%D0%B5%D0%B3%D0%B0%D0%B1%D0%BE%D0%BD%D1%83%D1%81%C2%BB%20-%20%D0%B2%D0%BE%D0%B9%D1%82%D0%B8%20%D0%B2%20%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B9%20%D0%BA%D0%B0%D0%B1%D0%B8%D0%BD%D0%B5%D1%82%20%D0%B8%D0%BB%D0%B8%20%D0%B7%D0%B0%D1%80%D0%B5%D0%B3%D0%B8%D1%81%D1%82%D1%80%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D1%82%D1%8C%D1%81%D1%8F&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29rqnl%281%29ti%282%29
strict-transport-security: max-age=31536000
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:15 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
1000 B 67ms
28ms Script
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q

Requested by

Host: auth.megabonus.com
URL: https://auth.megabonus.com/js/auth.js?id=5efbf5b0743a63d3af8e

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e475d972e772015866d8e8aafacc840e923f85246c2119d6339e2f4b2a98cfe3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 587
x-xss-protection: 1; mode=block
expires: Wed, 24 Aug 2022 13:39:15 GMT

GET
H2 200 bg-logo-ru.png
cdn.megabonus.com/images/ 2 KB
3 KB 16ms
15ms Image
image/png 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/bg-logo-ru.png
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 70d78ab78ad509f7adc87d8e0d16d79300d43ee440126e87cf4eec7055da814f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Sat, 13 Aug 2022 06:10:15 GMT
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Mon, 15 Nov 2021 09:25:57 GMT
server: AmazonS3
age: 977341
etag: "bf00ae3666e57d9bf09660f939feee29"
x-cache: Hit from cloudfront
x-amz-version-id: ExKw1gMGrPc.pi3Orvw3VrcfqAaPA8mg
cache-control: max-age=315360000, no-transform, public
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: image/png
content-length: 2217
x-amz-cf-id: _-2mPBY7ShO7Y7wtLb-6bpBmLD6vPfYS6o9jkdNywjfILDKqEmGzUw==

GET
H2 200 russia.svg
cdn.megabonus.com/images/countries/svg/ 926 B
1 KB 17ms
16ms Image
image/svg+xml 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/countries/svg/russia.svg
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 39f98019b7aee345b81a07cabfae056cbbda99fa46fc0fcc15e77fc6bc94b597

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: xHuYfeDtBTW.3IrGd.1g9SlyD4H4DQ2R
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Tue, 03 Nov 2020 09:09:07 GMT
server: AmazonS3
age: 42185
etag: "6e8cc30d0459394d1b354fe292913564"
x-cache: Hit from cloudfront
content-type: image/svg+xml
date: Wed, 24 Aug 2022 02:05:07 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 926
x-amz-cf-id: YQA_A34gCgye96DXkBjvPs3KgX1mI3SUyM2ZKZZVSQQMZFlpS0Wr2g==

GET
H2 200 arrow.svg
cdn.megabonus.com/images/mb_auth/ 623 B
984 B 18ms
18ms Image
image/svg+xml 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/mb_auth/arrow.svg
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 250168d898322692b07f8abda4ca6e083a3c69fe077a23ec3520960c7c06c404

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: .s7LD6CKfGmGUP04eetqsd7P1hq0DnuB
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Thu, 01 Aug 2019 15:44:47 GMT
server: AmazonS3
age: 27583
etag: "64cd2637df35bac481a10bd4177d1df0"
x-cache: Hit from cloudfront
content-type: image/svg+xml
date: Wed, 24 Aug 2022 06:01:22 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 623
x-amz-cf-id: B4nhN-VoS_uNP0cmVu3vm56yA59MtinDlFCV2cDOKvUwNUxLSHEy9g==

GET
H2 200 vk.svg
cdn.megabonus.com/images/mb_auth/ 2 KB
3 KB 19ms
18ms Image
image/svg+xml 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/mb_auth/vk.svg
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/authPage.css?id=e6044668e8b54c01ff93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1eb2e32ea251ffde51e9d5af63e71c6d1d4a5327e38a9e6fce24d0d4b11971cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: 6uBxjCZGcFsUjYDoOjy_YyjcQ0kMUwYP
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Thu, 01 Aug 2019 15:44:44 GMT
server: AmazonS3
age: 38031
etag: "dd3e6236da8d599e3293d6a137f17239"
x-cache: Hit from cloudfront
content-type: image/svg+xml
date: Wed, 24 Aug 2022 03:05:25 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 2490
x-amz-cf-id: X60Jr6P5NWgs-96-MB_b_HO_1l827Tf_ElBl0TSmE1uqCIlBdsUX9Q==

GET
H2 200 google.svg
cdn.megabonus.com/images/mb_auth/ 717 B
1 KB 18ms
18ms Image
image/svg+xml 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/mb_auth/google.svg
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/authPage.css?id=e6044668e8b54c01ff93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d6830e77433b6a74129ac7e33673278916f625587fab179d035ad85ee69c62b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: R9ZRiw5KbZVjLZgpkdUFNZWIl11smZ6q
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Thu, 01 Aug 2019 15:44:50 GMT
server: AmazonS3
age: 42674
etag: "e5ca2b8fbf38fe5a7d43fc2a0136d25c"
x-cache: Hit from cloudfront
content-type: image/svg+xml
date: Wed, 24 Aug 2022 02:21:42 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 717
x-amz-cf-id: Ih6iJdQ4r_RWsM1x3EA1jSzXclyASvmzlGrdfbf1ybR7hztv526hwA==

GET
H2 200 ok.svg
cdn.megabonus.com/images/mb_auth/ 2 KB
3 KB 19ms
19ms Image
image/svg+xml 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/mb_auth/ok.svg
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/authPage.css?id=e6044668e8b54c01ff93
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ad47c2519af48339950c3a533c4327d47e6d4fa0ca88a2894abe90b1f6dd1c66

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

x-amz-version-id: 7c4RtPOmhTfMdx7h8KXw.P9.IPB6xC6B
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Thu, 01 Aug 2019 15:44:50 GMT
server: AmazonS3
age: 36776
etag: "4d6b17347ced9a41c27215b2b220daeb"
x-cache: Hit from cloudfront
content-type: image/svg+xml
date: Wed, 24 Aug 2022 03:26:20 GMT
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-length: 2320
x-amz-cf-id: 9x6obe1V1IwTUsvJIyBERQo5XsLmLRwmYbha8YSzQvs0ouMVMBfWZA==

GET
H2 200 ProximaNova-Thin.woff
cdn.megabonus.com/fonts/proxima-nova/ 53 KB
53 KB 79ms
37ms Font
application/font-woff 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.megabonus.com/fonts/proxima-nova/ProximaNova-Thin.woff
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/main.css?id=d91faccdb0bf94b635d9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5d9c0d55e67cdd872ba9cbba41ef342bf267acf4fd4972c5cc314381b67e7b8d

Request headers

Referer: https://auth.megabonus.com/
Origin: https://auth.megabonus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 17 Aug 2022 01:00:13 GMT
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 650343
x-cache: Hit from cloudfront
content-length: 54164
last-modified: Fri, 31 Jan 2020 12:50:59 GMT
server: AmazonS3
etag: "5beace7760a29db2e2a21c1e22a160f6"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, POST
x-amz-version-id: wHmsnb3yjEtewD8XRaIw3h_t3pBLEYJY
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: application/font-woff
x-amz-cf-id: stIKYdkTWb8Xd8tEfIK9TsEL9CeknA-AFLPRN1X5DiWmyhdcIq904g==

GET
H2 200 ProximaNova-Regular.woff2
cdn.megabonus.com/fonts/proxima-nova/ 49 KB
50 KB 61ms
18ms Font
binary/octet-stream 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.megabonus.com/fonts/proxima-nova/ProximaNova-Regular.woff2
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/css/main.css?id=d91faccdb0bf94b635d9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0aa5b278147b49c793cb6611c040feba5bf3a64bfe413f9684bea3b7eed6b6d1

Request headers

Referer: https://auth.megabonus.com/
Origin: https://auth.megabonus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 04:54:32 GMT
via: 1.1 231be1c97cc722fa08b64d21072ebfac.cloudfront.net (CloudFront)
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
age: 204284
x-cache: Hit from cloudfront
content-length: 50504
last-modified: Fri, 31 Jan 2020 12:50:58 GMT
server: AmazonS3
etag: "ee02afa2bdbeba9c575bd35947b10f9f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, POST
x-amz-version-id: Sjf8EmPlLuI_U28KL6HIkes7OSGehgrK
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: binary/octet-stream
x-amz-cf-id: tD7Wf_8pbNVkz8Sv9v3Be78WmYSkwWDHxzEnjc1mdVMEOTxDfXOlUw==

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
186 B 70ms
70ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
last-modified: Tue, 23 Aug 2022 14:08:03 GMT
etag: "6304b513-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Aug 2022 14:39:15 GMT

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ 390 KB
156 KB 55ms
15ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151bac179d2ce855508abc6505e6a2c5b3a02a923a30a17c70acc2c2b0169640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://auth.megabonus.com/
Origin: https://auth.megabonus.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:14:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158666
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 13:14:45 GMT

GET
H2

200

sync_cookie_image_decide
mc.webvisor.org/
Redirect Chain

https://mc.webvisor.org/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.webvisor.org&token=9740.nMaldD1MAsYikUhtlxZH7l9tPni82LTfYqCKXIMIJ_9dlF1n8WYvjkV9CT6ZCUsH.FL_SVi5RmV2u1u37T7pZ8IFVSck%2C
https://mc.webvisor.org/sync_cookie_image_decide?token=9740.c2mMIdcPunwUgn-evAJphrWv14u1oZDQq4wzrDlTH36VV0EYClOunkPc3DdIkkefrV3CjYsSwmfv7HuYXx64Ooxtx4rItPYGDuaxBGMiLX4%2C.cUtJV1eEzONupVHmtFdvD2gh4N...

43 B
359 B

70ms
70ms

Image
image/gif

80.239.201.14
TWELVE99 Arelion

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.webvisor.org/sync_cookie_image_decide?token=9740.c2mMIdcPunwUgn-evAJphrWv14u1oZDQq4wzrDlTH36VV0EYClOunkPc3DdIkkefrV3CjYsSwmfv7HuYXx64Ooxtx4rItPYGDuaxBGMiLX4%2C.cUtJV1eEzONupVHmtFdvD2gh4Ng%2C

Requested by

Protocol

Server

80.239.201.14 , Sweden, ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE),

Reverse DNS

80-239-201-14.teliacarrier-cust.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.webvisor.org/sync_cookie_image_decide?token=9740.c2mMIdcPunwUgn-evAJphrWv14u1oZDQq4wzrDlTH36VV0EYClOunkPc3DdIkkefrV3CjYsSwmfv7HuYXx64Ooxtx4rItPYGDuaxBGMiLX4%2C.cUtJV1eEzONupVHmtFdvD2gh4Ng%2C
date: Wed, 24 Aug 2022 13:39:15 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=9740.rGZAXPrWhvSWUZypoFLDtEywiMN4Ab3Qrm0pT9iOZbsQiaFgOuFz0iMolVnKDZpJ.Qew2cLdGJRPflzWXjVTMPQ9W7ug%2C
https://mc.yandex.com/sync_cookie_image_decide?token=9740.LgwA1DVGXWR-hMyIOSuh5K3jxqzSlEYoqtQAt3cTHxc5GKVQea2unOlyEBljh3Ey2xIwWiioMxeMnVpo2Y3TZrm6AkDq7rQZVZxDheNO8AQ%2C.EvtHi-yZxOEl3zmro_gXVs8k-lk%2C

43 B
333 B

69ms
69ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=9740.LgwA1DVGXWR-hMyIOSuh5K3jxqzSlEYoqtQAt3cTHxc5GKVQea2unOlyEBljh3Ey2xIwWiioMxeMnVpo2Y3TZrm6AkDq7rQZVZxDheNO8AQ%2C.EvtHi-yZxOEl3zmro_gXVs8k-lk%2C

Requested by

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=9740.LgwA1DVGXWR-hMyIOSuh5K3jxqzSlEYoqtQAt3cTHxc5GKVQea2unOlyEBljh3Ey2xIwWiioMxeMnVpo2Y3TZrm6AkDq7rQZVZxDheNO8AQ%2C.EvtHi-yZxOEl3zmro_gXVs8k-lk%2C
date: Wed, 24 Aug 2022 13:39:15 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 0283 42 KB
22 KB 73ms
38ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=2hbsaegzdmyt

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0e5c4ad8d29f80dd381795aee5590cd8c162f4ffb6110d476732abfbf917e3e8

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-viG02oppDXV2fFwFPbuwPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.megabonus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22168
content-security-policy: script-src 'report-sample' 'nonce-viG02oppDXV2fFwFPbuwPQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 13:39:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 9EFE 42 KB
22 KB 65ms
33ms Document
text/html 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0a205d8c1cb4e3284751bde467efc6d0a5cb833b1a6a8e138777986313853f6b

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-uxXvl9Ferp71NUkD357kqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.megabonus.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22212
content-security-policy: script-src 'report-sample' 'nonce-uxXvl9Ferp71NUkD357kqg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 24 Aug 2022 13:39:15 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 9EFE 52 KB
24 KB 48ms
16ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=ycdakehdz3oe

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:02:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 10:02:44 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 9EFE 390 KB
155 KB 64ms
31ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151bac179d2ce855508abc6505e6a2c5b3a02a923a30a17c70acc2c2b0169640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:14:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158666
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 13:14:45 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 0283 52 KB
24 KB 46ms
19ms Stylesheet
text/css 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 10:02:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 12991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24251
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 10:02:44 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/ Frame 0283 390 KB
155 KB 67ms
40ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151bac179d2ce855508abc6505e6a2c5b3a02a923a30a17c70acc2c2b0169640

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:14:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1470
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 158666
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 20:03:29 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 24 Aug 2023 13:14:45 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 9EFE 2 KB
2 KB 16ms
15ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 496746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 25 Aug 2022 19:40:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9EFE 15 KB
16 KB 58ms
16ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 73954
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Aug 2023 17:06:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9EFE 15 KB
15 KB 62ms
20ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 22:21:19 GMT
x-content-type-options: nosniff
age: 141476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 22:21:19 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 0283 2 KB
2 KB 15ms
15ms Image
image/png 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Thu, 18 Aug 2022 19:40:09 GMT
x-content-type-options: nosniff
age: 496746
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 25 Aug 2022 19:40:09 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0283 15 KB
15 KB 41ms
37ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 17:06:41 GMT
x-content-type-options: nosniff
age: 73954
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 23 Aug 2023 17:06:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 0283 15 KB
15 KB 36ms
32ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Mon, 22 Aug 2022 22:21:19 GMT
x-content-type-options: nosniff
age: 141476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 22 Aug 2023 22:21:19 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 9EFE 102 B
134 B 24ms
24ms Other
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

67c7cf2537681e76ae6b64e0159beaaa71413f83e01c809b7274f17c0ad9bd21

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=ycdakehdz3oe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 24 Aug 2022 13:39:15 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 0283 102 B
134 B 24ms
24ms Other
text/javascript 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

67c7cf2537681e76ae6b64e0159beaaa71413f83e01c809b7274f17c0ad9bd21

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=2hbsaegzdmyt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Wed, 24 Aug 2022 13:39:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Wed, 24 Aug 2022 13:39:15 GMT

GET
H2 200 chrome.png
cdn.megabonus.com/images/user/ 7 KB
8 KB 17ms
17ms Image
image/png 2600:9000:2251:7200:4:83b2:30c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.megabonus.com/images/user/chrome.png
Requested by: Host: auth.megabonus.com
URL: https://auth.megabonus.com/?redirect_url=https://megabonus.com/transit/498?com=shop_deeplink&deeplink=https%3A%2F%2Ffoxford.ru%2Fcatalog%2Fcourses%2F%3Futm_source%3Dadmitad
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2251:7200:4:83b2:30c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: fe75724040fda5f2ced9b71329c7d277217e5c3abd760058b015713b3c3ff2eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://auth.megabonus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 16 Aug 2022 05:08:37 GMT
via: 1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
last-modified: Fri, 31 Jan 2020 13:58:27 GMT
server: AmazonS3
age: 721839
etag: "5ea384df96b753f26729395c38b6a817"
x-cache: Hit from cloudfront
x-amz-version-id: Gqwg1ft.sBANm9g03ZUJ5.7HP7l05dMT
cache-control: max-age=31536000
x-amz-cf-pop: FRA60-P3
accept-ranges: bytes
content-type: image/png
content-length: 7472
x-amz-cf-id: t-GZztAG5c1N4qZJthrCVxVENb9rOLuyKEK6WwVquM9h0Ti5r9u8aA==

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 9EFE 31 KB
18 KB 59ms
59ms XHR
application/json 2a00:1450:4001:806::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/PRMRaAwB3KlylGQR57Dyk-pF/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a978770292e538d1a1947b5c168424ffac2df8ac411752b55b6b5f0fed6d82bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdONZwUAAAAADsNL4oIZ_tlp-G7lcmakl76MT6Q&co=aHR0cHM6Ly9hdXRoLm1lZ2Fib251cy5jb206NDQz&hl=de&v=PRMRaAwB3KlylGQR57Dyk-pF&size=invisible&cb=ycdakehdz3oe
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Wed, 24 Aug 2022 13:39:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18556
x-xss-protection: 1; mode=block
expires: Wed, 24 Aug 2022 13:39:16 GMT

POST
H2 200 37456880 Show response
mc.yandex.ru/webvisor/ 43 B
248 B 262ms
69ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/37456880?wmode=0&wv-part=1&wv-hit=62333360&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&rn=747921808&wv-type=3&browser-info=bt%3A1%3Agdpr%3A14%3Aet%3A1661348358%3Aw%3A1600x1200%3Av%3A880%3Az%3A0%3Ai%3A20220824133918%3Au%3A1661348355909350918%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Awe%3A1%3Ast%3A1661348358&t=gdpr(14)ti(2)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.megabonus.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:18 GMT
last-modified: Wed, 24-Aug-2022 13:39:18 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:18 GMT

POST
H2 200 37456880 Show response
mc.yandex.ru/webvisor/ 43 B
73 B 66ms
65ms XHR
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/webvisor/37456880?wmode=0&wv-part=1&wv-hit=62333360&page-url=https%3A%2F%2Fauth.megabonus.com%2F%3Fredirect_url%3Dhttps%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink%26deeplink%3Dhttps%253A%252F%252Ffoxford.ru%252Fcatalog%252Fcourses%252F%253Futm_source%253Dadmitad&rn=633592205&wv-type=3&browser-info=gdpr%3A14%3Aet%3A1661348358%3Aw%3A1600x1200%3Av%3A880%3Az%3A0%3Ai%3A20220824133918%3Au%3A1661348355909350918%3Avf%3A2ofv6mafcjh9urjbet5rlk%3Awe%3A1%3Ast%3A1661348358&t=gdpr(14)ti(2)

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/yandex-metrica-watch/tag.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

Referer: https://auth.megabonus.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 24 Aug 2022 13:39:18 GMT
last-modified: Wed, 24-Aug-2022 13:39:18 GMT
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: https://auth.megabonus.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 24-Aug-2022 13:39:18 GMT

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

31 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 09:48:20	Name: _GRECAPTCHA Value: 09AMjm62WLheE_tlDaEAM4uLOrfu9DmqG1V0taaOoEdzygGCoSlKG5gFFVUf-uCb-f6uI-svG-4Zpn7OntnP61Lpo
.promo.megabonus.com/	1970-01-20 14:13:55	Name: tms Value: a%3A1%3A%7Bi%3A0%3Ba%3A6%3A%7Bi%3A0%3Bs%3A2%3A%22bo%22%3Bi%3A1%3Bs%3A1%3A%22Q%22%3Bi%3A2%3Bs%3A3%3A%22Kfq%22%3Bi%3A3%3Bs%3A4%3A%22a62e%22%3Bi%3A4%3Bs%3A3%3A%22sZu%22%3Bi%3A5%3Bs%3A1%3A%22Q%22%3B%7D%7D
.promo.megabonus.com/	1970-01-20 14:13:55	Name: tmc Value: a%3A1%3A%7Bi%3A0%3Ba%3A4%3A%7Bi%3A0%3Bs%3A2%3A%22bo%22%3Bi%3A1%3Bs%3A3%3A%22Kfq%22%3Bi%3A2%3Bs%3A3%3A%22sZu%22%3Bi%3A3%3Bs%3A4%3A%22a62e%22%3B%7D%7D
.promo.megabonus.com/	1970-01-20 14:13:55	Name: xsid Value: a62e_Kfq
.megabonus.com/	1970-01-20 15:05:08	Name: country Value: ru
.megabonus.com/	1970-01-20 15:05:08	Name: clang Value: ru
.megabonus.com/	1970-01-20 14:14:44	Name: sessions Value: k6l7ni8o5r0iv13276n8rgoqcc5imkqs
.megabonus.com/	1970-01-20 14:14:44	Name: redirectUrl Value: https%3A%2F%2Fmegabonus.com%2Ftransit%2F498%3Fcom%3Dshop_deeplink
.megabonus.com/	1970-01-20 05:29:15	Name: XSRF-TOKEN Value: eyJpdiI6IlwvYjVcL042c3M4NDU2N0grR0ZsZE1pUT09IiwidmFsdWUiOiJzQ3RCVTVyMGxLK3FEdU5iSDlValREa1AxQmlMTWdWN0lMOHpDbVA3VHBrQTlLb3lUZGpmamx6VE1QTlpmeU1mIiwibWFjIjoiMGI0NmNlZmU4Mjg2Nzk3MTU2NTViYzk2YzNlNzE5Y2U3NzdmZDE4Y2I0YWZiNzQ0M2ZjYmZkOWE1M2NiZDgyZCJ9
.megabonus.com/	1970-01-20 05:29:15	Name: mb_auth_session Value: eyJpdiI6IjMrb2RQSTQ3MDBIMFptQzlqeHFVZWc9PSIsInZhbHVlIjoiRkw3T2NYRzk1aVFJeEhBWHBHVWFrbm1ZNVVhK1N3RTNCVmp6OE13aG00MFN5dWhZWnBBem4zOEdZNFwvemNkVHUxZ3BPdlJlNmVzVVg4MlJuTk1cL2NuZEJDS1RWc2NiZVYzZkpRazZhUHpCVXVvZEJZbXA4eERNYTlnbmVLbzY2NSIsIm1hYyI6ImQyMWRmYTdmZGFmNGUyYmZlZTk0YWM5YmY0NzBkYmI2ZTY4YmJmMWI1YjVlNWZkMzRhNjVkODEzNWUxMTVjMTQifQ%3D%3D
.megabonus.com/	1970-01-20 15:05:08	Name: _ga Value: GA1.2.1184599225.1661348355
.megabonus.com/	1970-01-20 05:30:34	Name: _gid Value: GA1.2.138635117.1661348355
.megabonus.com/	1970-01-20 05:29:08	Name: _gat_gtag_UA_77989466_18 Value: 1
.megabonus.com/	1970-01-20 14:14:44	Name: _ym_uid Value: 1661348355909350918
.megabonus.com/	1970-01-20 14:14:44	Name: _ym_d Value: 1661348355
.yandex.ru/	1970-01-20 14:14:44	Name: ymex Value: 1692884355.yrts.1661348355#1692884355.yrtsi.1661348355
.yandex.ru/	1970-01-20 14:14:44	Name: yandexuid Value: 2046641241661348355
.yandex.ru/	1970-01-20 14:14:44	Name: yuidss Value: 2046641241661348355
mc.yandex.ru/	1969-12-31 23:59:59	Name: yabs-sid Value: 2518858451661348355
.yandex.ru/	1970-01-20 15:05:08	Name: i Value: wI+Px5LTqq7syM4C7hoVDwnX1/pg7WaT5EwzV9Sqdg2UbvFr5Znm5IVidu6mvPOip6Mp+CzmyWKiN31qFzDpTNB/h5E=
.megabonus.com/	1970-01-20 05:30:20	Name: _ym_isad Value: 2
.megabonus.com/	1970-01-20 05:29:10	Name: _ym_visorc Value: w
.mc.yandex.com/	1970-01-20 05:29:08	Name: sync_cookie_csrf Value: 3770133331fake
.mc.webvisor.org/	1970-01-20 05:29:08	Name: sync_cookie_csrf Value: 1539693201fake
.yandex.com/	1970-01-20 15:05:08	Name: yandexuid Value: 2046641241661348355
.yandex.com/	1970-01-20 15:05:08	Name: yuidss Value: 2046641241661348355
.mc.yandex.com/	1970-01-20 05:30:34	Name: sync_cookie_ok Value: synced
.mc.yandex.ru/	1970-01-20 05:29:08	Name: sync_cookie_csrf Value: 3378665722fake
.webvisor.org/	1970-01-20 15:05:08	Name: yandexuid Value: 2046641241661348355
.webvisor.org/	1970-01-20 15:05:08	Name: yuidss Value: 2046641241661348355
.mc.webvisor.org/	1970-01-20 05:30:34	Name: sync_cookie_ok Value: synced

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.megabonus.com
cdn.jsdelivr.net
cdn.megabonus.com
fonts.gstatic.com
mc.webvisor.org
mc.yandex.com
mc.yandex.ru
megabonus.com
promo.megabonus.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
188.114.81.44
2600:9000:2251:7200:4:83b2:30c0:93a1
2606:4700::6810:5714
2a00:1450:4001:803::2003
2a00:1450:4001:806::2004
2a00:1450:4001:806::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82a::200e
2a02:6b8::1:119
54.217.74.74
80.239.201.14
0007e61a070397719c2bdec4ab8841a3e0a8c654641ea011eda4110d187dcfdb
0a205d8c1cb4e3284751bde467efc6d0a5cb833b1a6a8e138777986313853f6b
0aa5b278147b49c793cb6611c040feba5bf3a64bfe413f9684bea3b7eed6b6d1
0e5c4ad8d29f80dd381795aee5590cd8c162f4ffb6110d476732abfbf917e3e8
151bac179d2ce855508abc6505e6a2c5b3a02a923a30a17c70acc2c2b0169640
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1eb2e32ea251ffde51e9d5af63e71c6d1d4a5327e38a9e6fce24d0d4b11971cf
250168d898322692b07f8abda4ca6e083a3c69fe077a23ec3520960c7c06c404
26f381edf6d5bd781d264ce05b141fa1faa3181fa3101d34f2bac42ee61aa1b2
2b2cad6d24d7d49a25a6394d8848eec3da664f6796dfec38739f2baea1f36a27
39f98019b7aee345b81a07cabfae056cbbda99fa46fc0fcc15e77fc6bc94b597
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5d9c0d55e67cdd872ba9cbba41ef342bf267acf4fd4972c5cc314381b67e7b8d
67c7cf2537681e76ae6b64e0159beaaa71413f83e01c809b7274f17c0ad9bd21
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70d78ab78ad509f7adc87d8e0d16d79300d43ee440126e87cf4eec7055da814f
818f6375f2b3eebbaf60ff9cc346cc73f42fadba89cb45367a33a59a34c51fa8
848235dae85e4305146efcfd8bde6014fe0047036c5c32a849cef922ae3e5c5e
93209fa8d7302c93a55c778453eb3d42e7ac09d5da5a2c24bfc0dcd410f708fd
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a4233d84a829174d5129d07d58072abb79de4e1f86e48ec89e242042b85d0d66
a978770292e538d1a1947b5c168424ffac2df8ac411752b55b6b5f0fed6d82bf
aaf73d76b3b08180775af05deef70af6a2503d5ec669429c6f32c9fe570e879f
ad47c2519af48339950c3a533c4327d47e6d4fa0ca88a2894abe90b1f6dd1c66
b7b132db7903bd7cecb0c153900efa9da862eb5e00a66dfd3c7481c283ef6f3c
caf2650aa985d277b2dd131a6261888bc64e6c9bc15e5564bfb9b380bcf82a10
d6830e77433b6a74129ac7e33673278916f625587fab179d035ad85ee69c62b5
dfaed2fca3e0636a498c3befb579b92ed2872385f48d2ff251190b7e632d74cd
e475d972e772015866d8e8aafacc840e923f85246c2119d6339e2f4b2a98cfe3
fe75724040fda5f2ced9b71329c7d277217e5c3abd760058b015713b3c3ff2eb

auth.megabonus.com Open in urlscan Pro 54.217.74.74 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

43 Requests

91 %HTTPS

73 %IPv6

9 Domains

13 Subdomains

10 IPs

6 Countries

1632 kBTransfer

3439 kBSize

31 Cookies

0 Outgoing links

Page URL History

Redirected requests

43 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

auth.megabonus.com Open in urlscan Pro
54.217.74.74 Public Scan

Screenshot
Live screenshot

Full Image

43
Requests

91 %
HTTPS

73 %
IPv6

9
Domains

13
Subdomains

10
IPs

6
Countries

1632 kB
Transfer

3439 kB
Size

31
Cookies

43 HTTP transactions
0 data transactions