urlscan.io logo urlscan.io
SecurityTrails logo

duckduckgo.com Open in urlscan Pro
79.125.108.55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bushra.spotdiy.com/
Effective URL: https://duckduckgo.com/
Submission: On June 04 via manual from TN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 27 HTTP transactions. The main IP is 79.125.108.55, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is duckduckgo.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 9th 2019. Valid for: a year.
This is the only time duckduckgo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2a05:d014:286... 16509 (AMAZON-02)
1 2 99.198.106.194 32475 (SINGLEHOP...)
1 172.64.171.22 13335 (CLOUDFLAR...)
1 1 54.88.48.137 14618 (AMAZON-AES)
1 2 54.236.66.149 14618 (AMAZON-AES)
3 6 147.135.243.181 16276 (OVH)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 3 52.0.120.49 14618 (AMAZON-AES)
1 188.164.249.105 35415 (WEBZILLA)
16 79.125.108.55 16509 (AMAZON-02)
2 52.213.95.108 16509 (AMAZON-02)
27 10
1    2606:4700:3035::681b:968b (United States)

ASN13335 (CLOUDFLARENET, US)
bushra.spotdiy.com
1    2a05:d014:286:3502:280f:5c03:88aa:6d81 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
trck.votarn.com
2    99.198.106.194 (Chicago, United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
offers.plantingo.com
1    172.64.171.22 (United States)

ASN13335 (CLOUDFLARENET, US)
yltenim.com
1    54.88.48.137 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-88-48-137.compute-1.amazonaws.com
ranewita.com
2    54.236.66.149 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-236-66-149.compute-1.amazonaws.com
tryd.pro
6    147.135.243.181 (Netherlands)

ASN16276 (OVH, FR)
PTR: ip181.ip-147-135-243.eu
core.royalads.net
1    2606:4700:20::681a:2bc (United States)

ASN13335 (CLOUDFLARENET, US)
popcash.net
3    52.0.120.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-120-49.compute-1.amazonaws.com
ps.popcash.net
1    188.164.249.105 (Netherlands)

ASN35415 (WEBZILLA, NL)
xml-ads.com
16    79.125.108.55 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
duckduckgo.com
2    52.213.95.108 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-95-108.eu-west-1.compute.amazonaws.com
improving.duckduckgo.com
Apex Domain
Subdomains		 Transfer
18 duckduckgo.com
duckduckgo.com
improving.duckduckgo.com
319 KB
6 royalads.net
core.royalads.net
3 KB
4 popcash.net
popcash.net
ps.popcash.net
1 KB
2 tryd.pro
tryd.pro
781 B
2 plantingo.com
offers.plantingo.com
2 KB
1 xml-ads.com
xml-ads.com
849 B
1 ranewita.com
ranewita.com
510 B
1 yltenim.com
yltenim.com
4 KB
1 votarn.com
trck.votarn.com
828 B
1 spotdiy.com
bushra.spotdiy.com
851 B
27 10
Domain Requested by
16 duckduckgo.com xml-ads.com
duckduckgo.com
6 core.royalads.net 3 redirects tryd.pro
ps.popcash.net
core.royalads.net
3 ps.popcash.net 2 redirects core.royalads.net
2 improving.duckduckgo.com duckduckgo.com
2 tryd.pro 1 redirects
2 offers.plantingo.com 1 redirects bushra.spotdiy.com
1 xml-ads.com core.royalads.net
1 popcash.net 1 redirects
1 ranewita.com 1 redirects
1 yltenim.com offers.plantingo.com
1 trck.votarn.com 1 redirects
1 bushra.spotdiy.com
27 12
Subject Issuer Validity Valid
offers.plantingo.com
Let's Encrypt Authority X3		 2020-04-30 -
2020-07-29		 3 months crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2020-02-21 -
2020-10-09		 8 months crt.sh
*.duckduckgo.com
DigiCert SHA2 Secure Server CA		 2019-08-09 -
2020-10-30		 a year crt.sh

This page contains 2 frames:

Primary Page: https://duckduckgo.com/
Frame ID: 37859BA5077639A79162324440ACFB33
Requests: 27 HTTP requests in this frame

Frame: https://duckduckgo.com/post2.html
Frame ID: 898BE2D50E4B0DBBFBBB8F1A47FA2C69
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bushra.spotdiy.com/ Page URL
  2. https://trck.votarn.com/go/47651efb-ab0b-4568-8eb0-03343b3ae7b8 HTTP 302
    https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_... Page URL
  3. https://offers.plantingo.com/proc.php?2debe69b9b9763351eadbeac028ba4225f6d717a HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_... Page URL
  4. http://ranewita.com/0-%7Bcampaign_id%7D-pyoyasdgsaasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b1... HTTP 302
    http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b Page URL
  5. http://tryd.pro/ad/ad?p=216668&w=498903&t=996b854791278654&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmN... HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903 Page URL
  6. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Ftr... HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  7. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=4702bba5e9d141cb&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxh... HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699 Page URL
  8. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699&ref=http%3A%2F%2Fps... HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  9. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.... HTTP 302
    http://xml-ads.com/in.html Page URL
  10. https://duckduckgo.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

27
Requests

74 %
HTTPS

25 %
IPv6

10
Domains

12
Subdomains

10
IPs

4
Countries

341 kB
Transfer

1190 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bushra.spotdiy.com/ Page URL
  2. https://trck.votarn.com/go/47651efb-ab0b-4568-8eb0-03343b3ae7b8 HTTP 302
    https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1 Page URL
  3. https://offers.plantingo.com/proc.php?2debe69b9b9763351eadbeac028ba4225f6d717a HTTP 302
    https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349 Page URL
  4. http://ranewita.com/0-%7Bcampaign_id%7D-pyoyasdgsaasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903 HTTP 302
    http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b Page URL
  5. http://tryd.pro/ad/ad?p=216668&w=498903&t=996b854791278654&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903 Page URL
  6. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903%3Fclickid%3D3ec214bb-a607-11ea-a29c-0af384aff34b&scrw=1600&scrh=1200&nlc=1wsOpX7efqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  7. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=4702bba5e9d141cb&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699 Page URL
  8. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  9. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://xml-ads.com/in.html Page URL
  10. https://duckduckgo.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://trck.votarn.com/go/47651efb-ab0b-4568-8eb0-03343b3ae7b8 HTTP 302
  • https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
Request Chain 2
  • https://offers.plantingo.com/proc.php?2debe69b9b9763351eadbeac028ba4225f6d717a HTTP 302
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349
Request Chain 3
  • http://ranewita.com/0-%7Bcampaign_id%7D-pyoyasdgsaasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903 HTTP 302
  • http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
Request Chain 4
  • http://tryd.pro/ad/ad?p=216668&w=498903&t=996b854791278654&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Request Chain 5
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903%3Fclickid%3D3ec214bb-a607-11ea-a29c-0af384aff34b&scrw=1600&scrh=1200&nlc=1wsOpX7efqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://popcash.net/world/go/79141/465699 HTTP 301
  • http://ps.popcash.net/go/79141/465699
Request Chain 6
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=4702bba5e9d141cb&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699
Request Chain 7
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Request Chain 8
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://xml-ads.com/in.html

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
bushra.spotdiy.com/ 		590 B
851 B 		Document
General
Check archive.org
Download Go to
Full URL
http://bushra.spotdiy.com/
Protocol
HTTP/1.1
Server
2606:4700:3035::681b:968b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5f2bc770a772ea954044b5389f20d5d0ae951da75f554427922e9eecce7cd91

Request headers

Host
bushra.spotdiy.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Thu, 04 Jun 2020 02:01:02 GMT
Content-Type
text/html; charset=utf-8
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d39c2bbdf4dec37379c6eecaf2d4d44be1591236061; expires=Sat, 04-Jul-20 02:01:01 GMT; path=/; domain=.spotdiy.com; HttpOnly; SameSite=Lax
CF-Cache-Status
DYNAMIC
cf-request-id
031ea8813400001f1521bad200000001
Server
cloudflare
CF-RAY
59de10485dd81f15-FRA
Content-Encoding
gzip
/
offers.plantingo.com/
Redirect Chain
  • https://trck.votarn.com/go/47651efb-ab0b-4568-8eb0-03343b3ae7b8
  • https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
Requested by
Host: bushra.spotdiy.com
URL: http://bushra.spotdiy.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.198.106.194 Chicago, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx / PHP/7.3.4
Resource Hash
cc23eb34d799f84f8174e93af97ba2e2b70ef081fc7242f2e6da1c14002e97cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains;

Request headers

:method
GET
:authority
offers.plantingo.com
:scheme
https
:path
/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://bushra.spotdiy.com/

Response headers

status
200
server
nginx
date
Thu, 04 Jun 2020 02:01:02 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
set-cookie
u=89ab3064346e8ac0dd158d3eb77f1263; expires=Fri, 04-Jun-2021 02:01:02 GMT; Max-Age=31536000; path=/
strict-transport-security
max-age=31536000; includeSubdomains;
content-encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 04 Jun 2020 02:01:02 GMT
Content-Type
text/html; charset=utf-8
Content-Length
430
Connection
keep-alive
Access-Control-Allow-Origin
*
Set-Cookie
bemob-uniq-visit:47651efb-ab0b-4568-8eb0-03343b3ae7b8=1; Domain=trck.votarn.com; Path=/; Expires=Fri, 05 Jun 2020 02:01:02 GMT; HttpOnly bemob-click-id=8ehJFFnatZgEY2SXdiMpp1; Domain=trck.votarn.com; Path=/; Expires=Fri, 05 Jun 2020 02:01:02 GMT; HttpOnly
Location
https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
Vary
Accept
X-Response-Time
8.812ms
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Strict-Transport-Security
max-age=0; includeSubDomains
JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m
yltenim.com/nh4ea/ciqM/fC6c/
Redirect Chain
  • https://offers.plantingo.com/proc.php?2debe69b9b9763351eadbeac028ba4225f6d717a
  • https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349
Requested by
Host: offers.plantingo.com
URL: https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.171.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2f0c1fd3002a6b4bd839ad461c1c5dcaa71335db02dde359e9bdcdd90b210e2

Request headers

:method
GET
:authority
yltenim.com
:scheme
https
:path
/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://offers.plantingo.com/?utm_medium=fd3921560df5a882ea29820bfb2409af744a7346&utm_campaign=target_DE_8d017d_private_desktop&cid=8ehJFFnatZgEY2SXdiMpp1&cid=8ehJFFnatZgEY2SXdiMpp1#

Response headers

status
200
date
Thu, 04 Jun 2020 02:01:03 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d236523a7d82ce425d8a2c88d54db84721591236063; expires=Sat, 04-Jul-20 02:01:03 GMT; path=/; domain=.yltenim.com; HttpOnly; SameSite=Lax TR7A3jMiISYwstsFmTB2nnIHQbldWUy4oIejVz55dlg%3D=4daa4586e4e18e6a38a1dc6335b9cb4b_1591236063.123; domain=yltenim.com; path=/; expires=Sun, 02-Jun-2030 02:01:03 UTC b5lq9eygwZllzl4luI4VBgQgNE5fCh5dQrQRotUx370%3D=1591236063.1252; domain=yltenim.com; path=/; expires=Sun, 02-Jun-2030 02:01:03 UTC vHgNpuORtFmyejMz%2Fu4SCq%2BJuUygP9Fo7yvtcHxZqjM%3D=WHlvZ1RKeTY5eW1UQkpKSmh1Sjl3V0JtN1hXa1d6NVhReDZwM2NmSlM1KzE2eXJzN3dCZlFUYURISVUyaUx0cw%3D%3D; domain=yltenim.com; path=/; expires=Sun, 02-Jun-2030 02:01:03 UTC 4daa4586e4e18e6a38a1dc6335b9cb4b_1591236063.123_ck=N3hQZmdab3cweW53akh4UnJQSEhNREtMZk9YOWtBaEdJZy95RTdSRi9rb2k1M1BQWjQySklvQjZqbG9XRFRMNEdFZjhrazh2ajh5MXJRbVByYUF5S1drOThMU3Q0WVp6K1krVGpuZTB5TnE4VDNNQVk1WXUrK1U3TS9Ld0VjQS8yNlJyUzc1RDM2NE5manViQWhaVkVzRnl5VzdNdlM2NXg3OTNtNWc0R1N6czhLOGhvdVRQSWFkZHBrcUxnd1lBS20rNzVOMFVvVDJsbVhScTZFQXJjOFlPQlNCaXE3b1llY2ZXcTBjL1BwUzN0K2pxV1E0QXAweisxbnA5Qlh3a0VTUDVxay80SHJ2aldoWk5tNGdJVUl0Z2t6aERkbGVlRCtMK0l5U3VnTi9UU2hpSkVIL0pVMXVHWDBRNDFCeVFyQzRQREhxSHdsVENkaVdOV3Vnbyt2bmRzL1A1dUxiQ3hyZFY1STl5bHRDd2NOVEdjN1NnTVRJUTVxNFlHOEZYeVBUaFVCb2lkWTQ2NDNSYTd1bHFMYnFyZDJrbnN0MTMxSjJNaHYzMmhYMzgxSm5WblYzZEc4Q3RDVDQrUEl0WkEwN1h2WTFnOWorZ1ZvdjJSc0JyYVJjOWdDSzJuMFZSM3Jtc3BQYzU1QkFkMCtwYUQ0NUVTMFQwUnZXVUJnbG1Kb3QrTDg1T0pSMDVkSWpQY24zUHFnMmZoa3lXQjc4NHR6TFYxcG5qdHcrcFpMKzE1VUYydWFhWi9uSlR0LzE4Nk9Eb1FOSEFyeW5MTEUyWnY2djN3WG1QVXNWcVZUTnpwY3ZyT1VCTUl3TWxSTjZUZkhNOHRISUFWTjJmY29YRGtwamFnTi9wQlNaNklsUlp4OTR2UE5WSjIvZFZvUGNjVDBOTmR4WkFnbDc1OGNFOWpIMHU3WUc5WVhjMGNWWi8wMVJjRW0zS0d6Lzg0WEZ6TTdTSXJYcDNDczhHMEo0am5FcGUyRDhaS0JhdVlyYStkak16YnBEclNzS3NkRjhCYkFWZmZSRnJJZEpGTk1uc2NCYW1WZnZnUG9URlF2cmFDeFovcFluM1JlMXkwQkZoRVlHaXBRektVZDRwTE12eGpiaDF5WG5jdkplaThTcEZkK2JzcjExZDFYSTlLK3hCczNackVIa09iNmRhZ1VtWWgwcDVEVGRCaE1YdHRIZVVVQ0xPWnhqaHpFQWExU1NGOFFZTnpSeHhTNGFsWm1MQU96T0NwMkRBRVpoRERmRlJyRFFFTDVXN3prZFBUSTU1a1Ftcnk2OCthRGtxaTB4K2w3VUFRTHBZUDRTWmdMc2I2ZmVpTzhUVWo3SXRIZU1WTnNtUmJEUEhGUy9VT1pqREcrZmJhcUk2SDd1UDU5aHN1NWJWOFA3Ym1GcnNkVXVkOG5ORTk2MmhLOUY3Y3hhZCszSVU3dC9JV0NVMkJFTjR4czhKRlVoWHpISTdjK1h5NFF1Zzg1dWZ1TUtBS3FpNFlDU3J5RGNCV0RnNlcyVk8weGJEd3UyTkxCTnVUTGIvSHl0TjNRMFZUTkQ1UjFyUUxxWFM2SjF3VTdnV0xiNUI3UlgxOXdOQVlEbWExbkRiTjFKaVBOalVOVmNJVXhSSnYvUkRtM3F6U21zL1d2cUIyRXRnS1UxaE9UNVN2OWRRUlVGWjF3a1M3aUU9; domain=yltenim.com; path=/; expires=Sun, 02-Jun-2030 02:01:03 UTC f%2BNxABd9BuS%2BD6mZ%2FBtNNoR%2BezmypWHgySeOvF3EM0s%3D=eWtOY2l4UnY5MnJuMG55ckhOdGtWbDY0MHJ1cVgzVk96ekN3Q21KbEVPNFZIeldsT3dQMjBtajM4dXc4QWhCWFNQUU00anBvTWU5UktWYWFWV29ubVpaNkswMVBvcFlLU0pMVURuaHE4U2c9; domain=yltenim.com; path=/; expires=Thu, 04-Jun-2020 03:06:03 UTC SERVERID=sfc55; path=/
vary
Accept-Encoding
cache-control
no-store, no-cache, must-revalidate, no-transform, max-age=0, post-check=0, pre-check=0
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
cf-request-id
031ea8877f00000b370f32d200000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
59de10526f840b37-AMS

Redirect headers

status
302
server
nginx
date
Thu, 04 Jun 2020 02:01:02 GMT
content-type
text/html; charset=UTF-8
location
https://yltenim.com/nh4ea/ciqM/fC6c/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m?diM=WW_MS_Feb20&subid=6834306846522606419&ext1=16349
x-powered-by
PHP/7.3.4
cache-control
no-store, no-cache, must-revalidate, max-age=0
pragma
no-cache
expires
Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security
max-age=31536000; includeSubdomains;
498903
tryd.pro/go/216668/
Redirect Chain
  • http://ranewita.com/0-%7Bcampaign_id%7D-pyoyasdgsaasg?adTagId=ee795150-730c-11e8-800a-0ae8b840b174&cpm=0.05&fallbackUrl=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903
  • http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
466 B
522 B 		Document
General
Check archive.org
Download Go to
Full URL
http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
Protocol
HTTP/1.1
Server
54.236.66.149 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-236-66-149.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Host
tryd.pro
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
https://yltenim.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://yltenim.com/nh4ea/ciqM/Zzuf/JGLJgY-JXI7dCF0hEEPEzsWwHNQ4sNfptIX6cqz9_8IvUF2vJ91m/ICqci42OFY3aXFl3EUnTzlaPK_v9DEU?ori=55x&ex=6&pbi=5ed855df42a540.240100985

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 04 Jun 2020 02:01:03 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked
Connection
keep-alive

Redirect headers

Date
Thu, 04 Jun 2020 02:01:03 GMT
Content-Length
0
Connection
keep-alive
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
Location
http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
Server
ZeroPark-Traffic
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://tryd.pro/ad/ad?p=216668&w=498903&t=996b854791278654&r=aHR0cHMlM0ElMkYlMkZ5bHRlbmltLmNvbSUyRg==&vw=1600&vh=1200
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
995 B
905 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Requested by
Host: tryd.pro
URL: http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://tryd.pro/go/216668/498903?clickid=3ec214bb-a607-11ea-a29c-0af384aff34b

Response headers

Server
nginx
Date
Thu, 04 Jun 2020 02:01:07 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=706;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 04 Jun 2020 02:01:04 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Server
nginx
Content-Length
115
Connection
keep-alive
465699
ps.popcash.net/go/79141/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Ftryd.pro%2Fgo%2F216668%2F498903%3Fclickid%3D3ec214bb-a607-11ea-a29c-0af384aff34b&scrw=1600&scrh=12...
  • http://popcash.net/world/go/79141/465699
  • http://ps.popcash.net/go/79141/465699
469 B
525 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ps.popcash.net/go/79141/465699
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Protocol
HTTP/1.1
Server
52.0.120.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-120-49.compute-1.amazonaws.com
Software
nginx /
Resource Hash
103a79997dfce8d453ebd1e8e31512f21a580554b2b415ca7e88e17356909bca

Request headers

Host
ps.popcash.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
__cfduid=d0e73a015e2d67988e657d0c4dce88d7c1591236065
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 04 Jun 2020 02:01:05 GMT
Server
nginx
Vary
Accept-Encoding
transfer-encoding
chunked
Connection
keep-alive

Redirect headers

Date
Thu, 04 Jun 2020 02:01:05 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Set-Cookie
__cfduid=d0e73a015e2d67988e657d0c4dce88d7c1591236065; expires=Sat, 04-Jul-20 02:01:05 GMT; path=/; domain=.popcash.net; HttpOnly; SameSite=Lax
Location
http://ps.popcash.net/go/79141/465699
CF-Cache-Status
DYNAMIC
cf-request-id
031ea8903d0000646d870fe200000001
Server
cloudflare
CF-RAY
59de10606a5e646d-FRA
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=4702bba5e9d141cb&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699
955 B
872 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699
Requested by
Host: ps.popcash.net
URL: http://ps.popcash.net/go/79141/465699
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
88808b01ee9503b4f61e07093d62e2b5c972b06a27a62ababc69f50c39521538

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ps.popcash.net/go/79141/465699
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
hash=4a0e0e35-8e5c-4b1f-bccd-e1e2014b43c1
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://ps.popcash.net/go/79141/465699

Response headers

Server
nginx
Date
Thu, 04 Jun 2020 02:01:09 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=906;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 04 Jun 2020 02:01:06 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699
Server
nginx
Content-Length
115
Connection
keep-alive
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexun...
  • http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
931 B
848 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
4d83185eba1d250cd2387f969ce53b75695e2c004b8473855f6eb8ea2e9b0ee3

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
hash=4a0e0e35-8e5c-4b1f-bccd-e1e2014b43c1; cflag=906
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=465699

Response headers

Server
nginx
Date
Thu, 04 Jun 2020 02:01:09 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=906;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Thu, 04 Jun 2020 02:01:06 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Server
nginx
Content-Length
99
Connection
keep-alive
in.html
xml-ads.com/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=61zR9p7FfqytzDpn&ven=&ver=&p=falsexundefined&iif=0
  • http://xml-ads.com/in.html
1 KB
849 B 		Document
General
Check archive.org
Download Go to
Full URL
http://xml-ads.com/in.html
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Protocol
HTTP/1.1
Server
188.164.249.105 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash
ef70fc0b859877aec4ccb64d8bfd822630a22cd5d045a7aa43fd820da0031332

Request headers

Host
xml-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f

Response headers

Server
nginx
Date
Thu, 04 Jun 2020 01:59:07 GMT
Content-Type
text/html text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Thu, 04 Jun 2020 02:01:09 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Location
http://xml-ads.com/in.html
Cache-Control
no-cache
Primary Request /
duckduckgo.com/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/
Requested by
Host: xml-ads.com
URL: http://xml-ads.com/in.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
10366664c4a85ba31eb5633801f2f2ebba96f0e9b76ff997933af365504a6a5f
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

:method
GET
:authority
duckduckgo.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://xml-ads.com/in.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://xml-ads.com/in.html

Response headers

status
403
server
nginx
date
Thu, 04 Jun 2020 02:01:07 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
etag
W/"5ed821cd-126e"
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
x-xss-protection
1;mode=block
x-content-type-options
nosniff
referrer-policy
origin
expect-ct
max-age=0
content-encoding
br
s1902.css
duckduckgo.com/ 		209 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/s1902.css
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e44aa57f4ac673d7576b034280788d2692b21637dfcaf353b1fb6d1bc804bcc4
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
40351
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 17:59:08 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed7e4ec-9d9f"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
o1902.css
duckduckgo.com/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/o1902.css
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
23609bad917697e4228ee0b3054f580903c539549f98b37bc70f9b85a521ec28
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
4401
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 17:59:08 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed7e4ec-1131"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
l115.js
duckduckgo.com/lib/ 		156 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/lib/l115.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0082e92230131c5c7243eb693a3f5a9122397004e7634853981b43617dc1d787
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
53303
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Thu, 28 May 2020 22:11:10 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed036fe-d037"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
duckduckgo14.js
duckduckgo.com/locale/en_US/ 		505 B
719 B 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/locale/en_US/duckduckgo14.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
790f083d45a4a716dbec546771888883690e58379526146fc429cf310df9a49f
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
282
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Mon, 10 Jun 2019 17:43:38 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5cfe96ca-11a"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
u449.js
duckduckgo.com/util/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/util/u449.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
71a0f52d287a9a5daf14863039b54e3bff5bbdbcbcd8d06bf95f13c8ca9937a0
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
26121
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 22:18:30 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed821b6-6609"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
d2804.js
duckduckgo.com/ 		619 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/d2804.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
eeb44f5e34cc19e4f9a6c3c74089a699ae399e166af1ebfe416990727b1e0f33
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
130081
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 22:18:30 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed821b6-1fc21"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
ProximaNova-Reg-webfont.woff2
duckduckgo.com/font/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-Reg-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l115.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c219a877eb2c47380ba959748793187f3aaed9533061abace5461024cd7d0704
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-469c"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
logo_homepage.normal.v108.svg
duckduckgo.com/assets/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/logo_homepage.normal.v108.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l115.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2cf6e05e04f305de66708f94f05a3f65ce113334451551cfccfa3c417cdddac9
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Fri, 10 May 2019 21:13:28 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5cd5e978-1296"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
ProximaNova-Sbold-webfont.woff2
duckduckgo.com/font/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-Sbold-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l115.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
42c30588d9adaeee4cea28af0afda91efc7484528c6eea2ce7d591d927fd1a69
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-46ec"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05ea6357028f2a0cbb71d3b59e64bb54ccd3b87f01e548b8146448422eb98080

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

Content-Type
application/x-font-woff;charset=utf-8
post2.html
duckduckgo.com/ Frame 898B 		540 B
675 B 		Document
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/post2.html
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/d2804.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4aa4e6c44b36c12b6b0f694ea744b4fcfb64d5f5e7d88ca393ca766d5affe38b
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

:method
GET
:authority
duckduckgo.com
:scheme
https
:path
/post2.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://duckduckgo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/

Response headers

status
200
server
nginx
date
Thu, 04 Jun 2020 02:01:07 GMT
content-type
text/html; charset=UTF-8
last-modified
Fri, 10 May 2019 21:13:33 GMT
vary
Accept-Encoding
etag
W/"5cd5e97d-21c"
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
x-xss-protection
1;mode=block
x-content-type-options
nosniff
referrer-policy
origin
expect-ct
max-age=0
expires
Fri, 05 Jun 2020 02:01:07 GMT
cache-control
max-age=86400
x-duckduckgo-locale
en_US
content-encoding
br
install_arrow.svg
duckduckgo.com/assets/ 		1 KB
950 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/install_arrow.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l115.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0a75a8519cc22927259de5ea9f0e7facafc61c722332441ff7e459ee9d7b93a4
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Fri, 10 May 2019 21:13:28 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5cd5e978-4ea"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
ProximaNova-ExtraBold-webfont.woff2
duckduckgo.com/font/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-ExtraBold-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l115.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
244cafaa19e0b1b166816a194cdb9782eb293eaf967501f98a2fc902537d6f40
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Thu, 04 Jun 2020 02:01:07 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-5224"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:07 GMT
atbhi_chrome_v224-1
improving.duckduckgo.com/t/ 		43 B
483 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://improving.duckduckgo.com/t/atbhi_chrome_v224-1?2172660&va=r&atbva=k&l=en_US&p=mac&rg=0400ffe8-b2e7-4d61-be2e-c429fcfe5751
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.213.95.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-95-108.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:08 GMT
x-content-type-options
nosniff
status
200
x-duckduckgo-moreinfo
See https://help.duckduckgo.com/duckduckgo-help-pages/privacy/atb/
content-length
43
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
expect-ct
max-age=0
strict-transport-security
max-age=0
content-type
image/gif
cache-control
no-cache
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Thu, 04 Jun 2020 02:01:07 GMT
laptop.svg
duckduckgo.com/assets/add-to-browser/cppm/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/add-to-browser/cppm/laptop.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
650e5fdfd48f4ab48813bd9d021bde8bef7a9db308b7735dd41f78967c939168
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Tue, 12 May 2020 00:27:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5eb9ed54-7b1"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:08 GMT
search.svg
duckduckgo.com/assets/home/landing/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/home/landing/icons/search.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2b7a02e09e809e21c7e9b64751293348ffcccf9d749ab85e373438dba6110d94
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Mon, 18 May 2020 18:28:37 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ec2d3d5-8f0"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:08 GMT
mobile.svg
duckduckgo.com/assets/add-to-browser/cppm/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/add-to-browser/cppm/mobile.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
91762ec30f3c6fbb5bd01a6e9351b1580ce2fd8e3fc34a863f4f258900178820
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:08 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Tue, 12 May 2020 00:27:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5eb9ed54-5e4"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Fri, 04 Jun 2021 02:01:08 GMT
hi
improving.duckduckgo.com/t/ 		43 B
482 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://improving.duckduckgo.com/t/hi?979185&b=chrome&atbi=true&ei=true&i=false&d=d&l=en_US&p=mac&atb=v224-1&va=r&atbva=k&rg=0400ffe8-b2e7-4d61-be2e-c429fcfe5751
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.213.95.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-213-95-108.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 04 Jun 2020 02:01:08 GMT
x-content-type-options
nosniff
status
200
x-duckduckgo-moreinfo
See https://help.duckduckgo.com/duckduckgo-help-pages/privacy/atb/
content-length
43
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
expect-ct
max-age=0
strict-transport-security
max-age=0
content-type
image/gif
cache-control
no-cache
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Thu, 04 Jun 2020 02:01:07 GMT

Verdicts & Comments Add Verdict or Comment

226 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| settings_js_version string| locale function| sprintf object| locale_data object| locale_simple function| l_dry function| l_dir function| l_lang function| ltd function| ln function| lp function| lnp function| ld function| ldn function| ldp function| ldnp object| Handlebars object| html5 object| Modernizr function| $ function| jQuery function| EventEmitter2 function| decodeURIComponentSafe function| relativeDate function| tinycolor object| polyline function| Gettext function| rg object| DDG boolean| SM2_DEFER object| d object| w undefined| cd number| dz number| da number| fk number| fb number| fs undefined| fm number| fe number| fl number| fo number| fa number| fn number| fq number| fz undefined| ie undefined| io undefined| ir undefined| is undefined| ga undefined| gd undefined| rc undefined| rd undefined| rs object| rsd number| rdc number| rsc number| rtc number| rii number| rin undefined| rir undefined| rl undefined| rp object| reb number| rebc number| sx number| sy number| tl number| tlz number| tac object| tr object| ts number| tn number| tsl number| tz function| nir string| kurl number| is_mobile undefined| dow undefined| iosx function| ncku function| nckd function| ncf function| ncg function| nis function| nkda function| nkua function| nke function| nko function| nkt function| nkd function| nkn function| nkm function| nksb function| nks function| nkdc function| nkdm function| nkdt function| nkds function| nkf string| mousewheelevt function| nkw function| nrv function| nro function| nrs function| sendCount function| nrj function| nrc function| nrg function| nrl function| nrrel function| nrb function| nrm function| appendAdClass function| nrn function| nsr function| nul function| nutp function| nua function| nug function| nun function| iframeOpen function| openBlankWindow function| getLinkType function| adOrOrganicClick function| organicClick function| adClick number| iadt number| iad3 number| iad2 number| iad number| ieof number| fmy number| fmx number| daia number| daiq number| dam number| il number| irl number| rpc boolean| is_retina number| viewport_width number| viewport_height number| is_mobile_device string| k0 string| k1 string| k2 string| k3 string| k4 string| k5 string| k6 string| k7 string| k8 string| k9 string| ka string| kaa string| kb string| kab string| kc string| kac string| kd string| kad string| ke string| kae string| kf string| kaf string| kg string| kag string| kh string| kah string| ki string| kai string| kj string| kaj string| kk string| kak string| kl string| kal string| km string| kam string| kn string| kan string| ko string| kao string| kp string| kap string| kq string| kaq string| kr string| kar string| ks string| kas string| kt string| kat string| ku string| kau string| kv string| kav string| kw string| kaw string| kx string| kax string| ky string| kay string| kz string| kaz string| k10 string| k11 string| k12 string| k13 string| k14 string| k15 string| k16 string| k17 string| k18 string| k19 string| k20 string| k21 object| err object| errm function| seterr string| t string| objectKey

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bushra.spotdiy.com
core.royalads.net
duckduckgo.com
improving.duckduckgo.com
offers.plantingo.com
popcash.net
ps.popcash.net
ranewita.com
trck.votarn.com
tryd.pro
xml-ads.com
yltenim.com
147.135.243.181
172.64.171.22
188.164.249.105
2606:4700:20::681a:2bc
2606:4700:3035::681b:968b
2a05:d014:286:3502:280f:5c03:88aa:6d81
52.0.120.49
52.213.95.108
54.236.66.149
54.88.48.137
79.125.108.55
99.198.106.194
0082e92230131c5c7243eb693a3f5a9122397004e7634853981b43617dc1d787
05ea6357028f2a0cbb71d3b59e64bb54ccd3b87f01e548b8146448422eb98080
0a75a8519cc22927259de5ea9f0e7facafc61c722332441ff7e459ee9d7b93a4
10366664c4a85ba31eb5633801f2f2ebba96f0e9b76ff997933af365504a6a5f
103a79997dfce8d453ebd1e8e31512f21a580554b2b415ca7e88e17356909bca
23609bad917697e4228ee0b3054f580903c539549f98b37bc70f9b85a521ec28
244cafaa19e0b1b166816a194cdb9782eb293eaf967501f98a2fc902537d6f40
2b7a02e09e809e21c7e9b64751293348ffcccf9d749ab85e373438dba6110d94
2cf6e05e04f305de66708f94f05a3f65ce113334451551cfccfa3c417cdddac9
42c30588d9adaeee4cea28af0afda91efc7484528c6eea2ce7d591d927fd1a69
4aa4e6c44b36c12b6b0f694ea744b4fcfb64d5f5e7d88ca393ca766d5affe38b
4d83185eba1d250cd2387f969ce53b75695e2c004b8473855f6eb8ea2e9b0ee3
650e5fdfd48f4ab48813bd9d021bde8bef7a9db308b7735dd41f78967c939168
71a0f52d287a9a5daf14863039b54e3bff5bbdbcbcd8d06bf95f13c8ca9937a0
790f083d45a4a716dbec546771888883690e58379526146fc429cf310df9a49f
88808b01ee9503b4f61e07093d62e2b5c972b06a27a62ababc69f50c39521538
91762ec30f3c6fbb5bd01a6e9351b1580ce2fd8e3fc34a863f4f258900178820
c219a877eb2c47380ba959748793187f3aaed9533061abace5461024cd7d0704
cc23eb34d799f84f8174e93af97ba2e2b70ef081fc7242f2e6da1c14002e97cf
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e44aa57f4ac673d7576b034280788d2692b21637dfcaf353b1fb6d1bc804bcc4
eeb44f5e34cc19e4f9a6c3c74089a699ae399e166af1ebfe416990727b1e0f33
ef70fc0b859877aec4ccb64d8bfd822630a22cd5d045a7aa43fd820da0031332
f2f0c1fd3002a6b4bd839ad461c1c5dcaa71335db02dde359e9bdcdd90b210e2
f5f2bc770a772ea954044b5389f20d5d0ae951da75f554427922e9eecce7cd91