urlscan.io logo urlscan.io
SecurityTrails logo

duckduckgo.com Open in urlscan Pro
79.125.108.55  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://onieruco.com/rnd/setting?tesc=7GBWOlO4YXBMIAx9RxfeYQ==
Effective URL: https://duckduckgo.com/
Submission: On June 08 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 25 HTTP transactions. The main IP is 79.125.108.55, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is duckduckgo.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 9th 2019. Valid for: a year.
This is the only time duckduckgo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 172.67.70.77 13335 (CLOUDFLAR...)
1 2 52.0.120.49 14618 (AMAZON-AES)
3 6 147.135.243.181 16276 (OVH)
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
2 3 107.23.28.17 14618 (AMAZON-AES)
1 188.164.249.105 35415 (WEBZILLA)
18 79.125.108.55 16509 (AMAZON-02)
25 7
1    172.67.70.77 (United States)

ASN13335 (CLOUDFLARENET, US)
onieruco.com
2    52.0.120.49 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-120-49.compute-1.amazonaws.com
openad.pro
6    147.135.243.181 (Netherlands)

ASN16276 (OVH, FR)
PTR: ip181.ip-147-135-243.eu
core.royalads.net
1    2606:4700:20::681a:2bc (United States)

ASN13335 (CLOUDFLARENET, US)
popcash.net
3    107.23.28.17 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-28-17.compute-1.amazonaws.com
ps.popcash.net
1    188.164.249.105 (Netherlands)

ASN35415 (WEBZILLA, NL)
xml-ads.com
18    79.125.108.55 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
duckduckgo.com
improving.duckduckgo.com
Apex Domain
Subdomains		 Transfer
18 duckduckgo.com
duckduckgo.com
improving.duckduckgo.com
319 KB
6 royalads.net
core.royalads.net
3 KB
4 popcash.net
popcash.net
ps.popcash.net
1 KB
2 openad.pro
openad.pro
756 B
1 xml-ads.com
xml-ads.com
852 B
1 onieruco.com
onieruco.com
1 KB
25 6
Domain Requested by
16 duckduckgo.com xml-ads.com
duckduckgo.com
6 core.royalads.net 3 redirects openad.pro
ps.popcash.net
core.royalads.net
3 ps.popcash.net 2 redirects core.royalads.net
2 improving.duckduckgo.com duckduckgo.com
2 openad.pro 1 redirects onieruco.com
1 xml-ads.com core.royalads.net
1 popcash.net 1 redirects
1 onieruco.com
25 8
Subject Issuer Validity Valid
*.duckduckgo.com
DigiCert SHA2 Secure Server CA		 2019-08-09 -
2020-10-30		 a year crt.sh

This page contains 2 frames:

Primary Page: https://duckduckgo.com/
Frame ID: 44F5C026EA85B5BE2F8462569C0CD584
Requests: 25 HTTP requests in this frame

Frame: https://duckduckgo.com/post2.html
Frame ID: E8C4F2AE295E2E2A2E991EF8CAA2A746
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://onieruco.com/rnd/setting?tesc=7GBWOlO4YXBMIAx9RxfeYQ== Page URL
  2. http://openad.pro/go/216668/498903 Page URL
  3. http://openad.pro/ad/ad?p=216668&w=498903&t=d512194227528d6a&r=aHR0cCUzQSUyRiUyRm9uaWVydWNvLmN... HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903 Page URL
  4. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Fop... HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  5. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=59655d94477d840c&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxh... HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  6. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fps.popcash.net... HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  7. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.... HTTP 302
    http://xml-ads.com/in.html Page URL
  8. https://duckduckgo.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

25
Requests

72 %
HTTPS

14 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

335 kB
Transfer

1178 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://onieruco.com/rnd/setting?tesc=7GBWOlO4YXBMIAx9RxfeYQ== Page URL
  2. http://openad.pro/go/216668/498903 Page URL
  3. http://openad.pro/ad/ad?p=216668&w=498903&t=d512194227528d6a&r=aHR0cCUzQSUyRiUyRm9uaWVydWNvLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903 Page URL
  4. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Fopenad.pro%2Fgo%2F216668%2F498903&scrw=1600&scrh=1200&nlc=yDD7Po4Vfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://popcash.net/world/go/79141/465699 HTTP 301
    http://ps.popcash.net/go/79141/465699 Page URL
  5. http://ps.popcash.net/ad/ad?p=79141&w=465699&t=59655d94477d840c&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  6. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
    http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f Page URL
  7. http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
    http://xml-ads.com/in.html Page URL
  8. https://duckduckgo.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://openad.pro/ad/ad?p=216668&w=498903&t=d512194227528d6a&r=aHR0cCUzQSUyRiUyRm9uaWVydWNvLmNvbSUyRg==&vw=1600&vh=1200 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Request Chain 3
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Fopenad.pro%2Fgo%2F216668%2F498903&scrw=1600&scrh=1200&nlc=yDD7Po4Vfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://popcash.net/world/go/79141/465699 HTTP 301
  • http://ps.popcash.net/go/79141/465699
Request Chain 4
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=59655d94477d840c&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Request Chain 5
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087 HTTP 303
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Request Chain 6
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0 HTTP 302
  • http://xml-ads.com/in.html

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set setting
onieruco.com/rnd/ 		962 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://onieruco.com/rnd/setting?tesc=7GBWOlO4YXBMIAx9RxfeYQ==
Protocol
HTTP/1.1
Server
172.67.70.77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25679d4b19079151a61f0a3d1dc405a595f4e9df56bc092f8ad05cdaa2ea9265

Request headers

Host
onieruco.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 08 Jun 2020 18:26:58 GMT
Content-Type
text/html;charset=ISO-8859-1
Transfer-Encoding
chunked
Connection
keep-alive
Set-Cookie
__cfduid=d7557057d8639049a485aadc785f052441591640818; expires=Wed, 08-Jul-20 18:26:58 GMT; path=/; domain=.onieruco.com; HttpOnly; SameSite=Lax
Referrer-Policy
origin
Cache-control
no-store, no-cache
Vary
Accept-Encoding
CF-Cache-Status
DYNAMIC
cf-request-id
0336c89b4c0000f9ce0d15b200000001
Server
cloudflare
CF-RAY
5a04aa0baa85f9ce-PRG
Content-Encoding
gzip
498903
openad.pro/go/216668/ 		466 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
http://openad.pro/go/216668/498903
Requested by
Host: onieruco.com
URL: http://onieruco.com/rnd/setting?tesc=7GBWOlO4YXBMIAx9RxfeYQ==
Protocol
HTTP/1.1
Server
52.0.120.49 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-0-120-49.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Host
openad.pro
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://onieruco.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://onieruco.com/

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 08 Jun 2020 18:26:58 GMT
Server
nginx
Vary
Accept-Encoding
Content-Length
309
Connection
keep-alive
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://openad.pro/ad/ad?p=216668&w=498903&t=d512194227528d6a&r=aHR0cCUzQSUyRiUyRm9uaWVydWNvLmNvbSUyRg==&vw=1600&vh=1200
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
952 B
873 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Requested by
Host: openad.pro
URL: http://openad.pro/go/216668/498903
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://openad.pro/go/216668/498903
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://openad.pro/go/216668/498903

Response headers

Server
nginx
Date
Mon, 08 Jun 2020 18:27:01 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=182;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Mon, 08 Jun 2020 18:26:58 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Server
nginx
Content-Length
115
Connection
keep-alive
465699
ps.popcash.net/go/79141/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903&ref=http%3A%2F%2Fopenad.pro%2Fgo%2F216668%2F498903&scrw=1600&scrh=1200&nlc=yDD7Po4Vfqk8VCNv&ven=&ver=&p=falsexundef...
  • http://popcash.net/world/go/79141/465699
  • http://ps.popcash.net/go/79141/465699
469 B
502 B 		Document
General
Check archive.org
Download Go to
Full URL
http://ps.popcash.net/go/79141/465699
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903
Protocol
HTTP/1.1
Server
107.23.28.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-28-17.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e34f6f196cd880299a37002e1adc10dd834cdc2a00046dee6ac656b4c1e4a0ff

Request headers

Host
ps.popcash.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
__cfduid=dde5200ef12356d1241e349e3d4eab6871591640819
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f&site=498903

Response headers

Content-Encoding
gzip
Content-Type
text/html
Date
Mon, 08 Jun 2020 18:26:59 GMT
Server
nginx
Vary
Accept-Encoding
Content-Length
314
Connection
keep-alive

Redirect headers

Date
Mon, 08 Jun 2020 18:26:59 GMT
Content-Type
text/html
Content-Length
162
Connection
keep-alive
Set-Cookie
__cfduid=dde5200ef12356d1241e349e3d4eab6871591640819; expires=Wed, 08-Jul-20 18:26:59 GMT; path=/; domain=.popcash.net; HttpOnly; SameSite=Lax
Location
http://ps.popcash.net/go/79141/465699
CF-Cache-Status
DYNAMIC
cf-request-id
0336c89e010000178abc309200000001
Server
cloudflare
CF-RAY
5a04aa100960178a-FRA
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://ps.popcash.net/ad/ad?p=79141&w=465699&t=59655d94477d840c&r=aHR0cCUzQSUyRiUyRmNvcmUucm95YWxhZHMubmV0JTJG&vw=1600&vh=1200
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
943 B
869 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Requested by
Host: ps.popcash.net
URL: http://ps.popcash.net/go/79141/465699
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
e36fcc5d5a90369815eb420d206f28f6238e15e6b9a631bef4a0ea87c29ed86b

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://ps.popcash.net/go/79141/465699
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
cflag=182; hash=3712acb5-9cf4-4a07-adde-2952b4f0d11f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://ps.popcash.net/go/79141/465699

Response headers

Server
nginx
Date
Mon, 08 Jun 2020 18:27:02 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=282;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Mon, 08 Jun 2020 18:26:59 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Server
nginx
Content-Length
99
Connection
keep-alive
Cookie set /
core.royalads.net/click/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fps.popcash.net%2Fgo%2F79141%2F465699&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0
  • http://ps.popcash.net/ad/ad?p=201730&w=488087&d=821f52f841fd93b97d45-1556198054488087
  • http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
931 B
849 B 		Document
General
Check archive.org
Download Go to
Full URL
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Protocol
HTTP/1.1
Server
147.135.243.181 , Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ip181.ip-147-135-243.eu
Software
nginx /
Resource Hash
bf0042919298c141c6dec3324f807d5543834867122a35685437437e1133f98c

Request headers

Host
core.royalads.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Cookie
hash=3712acb5-9cf4-4a07-adde-2952b4f0d11f
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f

Response headers

Server
nginx
Date
Mon, 08 Jun 2020 18:27:02 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
no-cache
Set-Cookie
cflag=282;Domain=core.royalads.net;Path=/
Content-Encoding
gzip

Redirect headers

Content-Type
text/html; charset=utf-8
Date
Mon, 08 Jun 2020 18:26:59 GMT
Location
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Server
nginx
Content-Length
99
Connection
keep-alive
in.html
xml-ads.com/
Redirect Chain
  • http://core.royalads.net/go/?pub=668b66e2-62b7-461c-8a81-1988701f230f&ref=http%3A%2F%2Fcore.royalads.net%2F&scrw=1600&scrh=1200&nlc=eY4MwQCgfqk8VCNv&ven=&ver=&p=falsexundefined&iif=0
  • http://xml-ads.com/in.html
1 KB
852 B 		Document
General
Check archive.org
Download Go to
Full URL
http://xml-ads.com/in.html
Requested by
Host: core.royalads.net
URL: http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f
Protocol
HTTP/1.1
Server
188.164.249.105 , Netherlands, ASN35415 (WEBZILLA, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Host
xml-ads.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://core.royalads.net/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://core.royalads.net/click/?pub=668b66e2-62b7-461c-8a81-1988701f230f

Response headers

Server
nginx
Date
Mon, 08 Jun 2020 18:25:00 GMT
Content-Type
text/html text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 08 Jun 2020 18:27:02 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Location
http://xml-ads.com/in.html
Cache-Control
no-cache
Primary Request /
duckduckgo.com/ 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/
Requested by
Host: xml-ads.com
URL: http://xml-ads.com/in.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a5486d8d38153468d861582c68b9b53bba4f7d63dda10c585c4c9f703f67b6ae
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

:method
GET
:authority
duckduckgo.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
http://xml-ads.com/in.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
http://xml-ads.com/in.html

Response headers

status
403
server
nginx
date
Mon, 08 Jun 2020 18:27:00 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
etag
W/"5ede8031-126e"
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
x-xss-protection
1;mode=block
x-content-type-options
nosniff
referrer-policy
origin
expect-ct
max-age=0
content-encoding
br
s1902.css
duckduckgo.com/ 		209 KB
40 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/s1902.css
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e44aa57f4ac673d7576b034280788d2692b21637dfcaf353b1fb6d1bc804bcc4
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
40351
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 17:59:06 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed7e4ea-9d9f"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
o1902.css
duckduckgo.com/ 		27 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/o1902.css
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
23609bad917697e4228ee0b3054f580903c539549f98b37bc70f9b85a521ec28
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
4401
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 03 Jun 2020 17:59:06 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed7e4ea-1131"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/css
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
l116.js
duckduckgo.com/lib/ 		156 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/lib/l116.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a38212500d5b913f4a3e13c36445d764d895db361324b2b6ef3464bee33806d0
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
52957
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Thu, 04 Jun 2020 02:05:42 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed856f6-cedd"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
duckduckgo14.js
duckduckgo.com/locale/en_US/ 		505 B
719 B 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/locale/en_US/duckduckgo14.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
790f083d45a4a716dbec546771888883690e58379526146fc429cf310df9a49f
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
282
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Mon, 10 Jun 2019 17:43:35 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5cfe96c7-11a"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
u452.js
duckduckgo.com/util/ 		78 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/util/u452.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
28fb895822937f70277ddcf6894aba9224c257348c9710c2ddc13d7452d08849
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
26018
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Thu, 04 Jun 2020 22:32:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5ed97692-65a2"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
d2809.js
duckduckgo.com/ 		619 KB
128 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/d2809.js
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e04e0a8f4e9bf7b532198d421a6ad12fa34a8a0ccc1c51dbfa78434def8cc2d0
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding, Accept-Encoding
content-length
130145
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Fri, 05 Jun 2020 18:47:10 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
"5eda932e-1fc61"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
application/x-javascript
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
ProximaNova-Reg-webfont.woff2
duckduckgo.com/font/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-Reg-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l116.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c219a877eb2c47380ba959748793187f3aaed9533061abace5461024cd7d0704
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-469c"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
logo_homepage.normal.v108.svg
duckduckgo.com/assets/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/logo_homepage.normal.v108.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l116.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2cf6e05e04f305de66708f94f05a3f65ce113334451551cfccfa3c417cdddac9
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Wed, 06 Feb 2019 19:44:53 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5c5b3935-1296"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
ProximaNova-Sbold-webfont.woff2
duckduckgo.com/font/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-Sbold-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l116.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
42c30588d9adaeee4cea28af0afda91efc7484528c6eea2ce7d591d927fd1a69
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-46ec"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
05ea6357028f2a0cbb71d3b59e64bb54ccd3b87f01e548b8146448422eb98080

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

Content-Type
application/x-font-woff;charset=utf-8
post2.html
duckduckgo.com/ Frame E8C4 		540 B
675 B 		Document
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/post2.html
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/d2809.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4aa4e6c44b36c12b6b0f694ea744b4fcfb64d5f5e7d88ca393ca766d5affe38b
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

:method
GET
:authority
duckduckgo.com
:scheme
https
:path
/post2.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://duckduckgo.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/

Response headers

status
200
server
nginx
date
Mon, 08 Jun 2020 18:27:00 GMT
content-type
text/html; charset=UTF-8
last-modified
Tue, 24 Jan 2017 00:25:19 GMT
vary
Accept-Encoding
etag
W/"58869eef-21c"
strict-transport-security
max-age=31536000
x-frame-options
SAMEORIGIN
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
x-xss-protection
1;mode=block
x-content-type-options
nosniff
referrer-policy
origin
expect-ct
max-age=0
expires
Tue, 09 Jun 2020 18:27:00 GMT
cache-control
max-age=86400
x-duckduckgo-locale
en_US
content-encoding
br
install_arrow.svg
duckduckgo.com/assets/ 		1 KB
950 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/install_arrow.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l116.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0a75a8519cc22927259de5ea9f0e7facafc61c722332441ff7e459ee9d7b93a4
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Mon, 12 Feb 2018 22:04:22 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5a820f66-4ea"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
ProximaNova-ExtraBold-webfont.woff2
duckduckgo.com/font/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://duckduckgo.com/font/ProximaNova-ExtraBold-webfont.woff2
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/lib/l116.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
244cafaa19e0b1b166816a194cdb9782eb293eaf967501f98a2fc902537d6f40
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://duckduckgo.com/
Origin
https://duckduckgo.com

Response headers

date
Mon, 08 Jun 2020 18:27:00 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Wed, 13 May 2020 17:53:50 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ebc342e-5224"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
text/html; charset=UTF-8
cache-control
max-age=31536000
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:00 GMT
atbhi_chrome_v224-6
improving.duckduckgo.com/t/ 		43 B
482 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://improving.duckduckgo.com/t/atbhi_chrome_v224-6?3156020&va=r&atbva=k&l=en_US&p=mac
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:01 GMT
x-content-type-options
nosniff
status
200
x-duckduckgo-moreinfo
See https://help.duckduckgo.com/duckduckgo-help-pages/privacy/atb/
content-length
43
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
expect-ct
max-age=0
strict-transport-security
max-age=0
content-type
image/gif
cache-control
no-cache
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Mon, 08 Jun 2020 18:27:00 GMT
laptop.svg
duckduckgo.com/assets/add-to-browser/cppm/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/add-to-browser/cppm/laptop.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
650e5fdfd48f4ab48813bd9d021bde8bef7a9db308b7735dd41f78967c939168
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:01 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Tue, 12 May 2020 00:27:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5eb9ed54-7b1"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:01 GMT
search.svg
duckduckgo.com/assets/home/landing/icons/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/home/landing/icons/search.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2b7a02e09e809e21c7e9b64751293348ffcccf9d749ab85e373438dba6110d94
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:01 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Mon, 18 May 2020 18:28:36 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5ec2d3d4-8f0"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:01 GMT
mobile.svg
duckduckgo.com/assets/add-to-browser/cppm/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckduckgo.com/assets/add-to-browser/cppm/mobile.svg
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
91762ec30f3c6fbb5bd01a6e9351b1580ce2fd8e3fc34a863f4f258900178820
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:01 GMT
content-encoding
br
x-content-type-options
nosniff
status
200
vary
Accept-Encoding
x-xss-protection
1;mode=block
referrer-policy
origin
last-modified
Tue, 12 May 2020 00:27:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
etag
W/"5eb9ed54-5e4"
expect-ct
max-age=0
strict-transport-security
max-age=31536000
content-type
image/svg+xml
cache-control
max-age=31536000, public
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Tue, 08 Jun 2021 18:27:01 GMT
hi
improving.duckduckgo.com/t/ 		43 B
482 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://improving.duckduckgo.com/t/hi?9608574&b=chrome&atbi=true&ei=true&i=false&d=d&l=en_US&p=mac&atb=v224-6&va=r&atbva=k
Requested by
Host: duckduckgo.com
URL: https://duckduckgo.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
79.125.108.55 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-79-125-108-55.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Content-Security-Policy default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1;mode=block

Request headers

Referer
https://duckduckgo.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 08 Jun 2020 18:27:01 GMT
x-content-type-options
nosniff
status
200
x-duckduckgo-moreinfo
See https://help.duckduckgo.com/duckduckgo-help-pages/privacy/atb/
content-length
43
x-xss-protection
1;mode=block
x-duckduckgo-locale
en_US
referrer-policy
origin
last-modified
Mon, 28 Sep 1970 06:00:00 GMT
server
nginx
x-frame-options
SAMEORIGIN
expect-ct
max-age=0
strict-transport-security
max-age=0
content-type
image/gif
cache-control
no-cache
content-security-policy
default-src https: blob: data: 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self'
expires
Mon, 08 Jun 2020 18:27:00 GMT

Verdicts & Comments Add Verdict or Comment

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate string| settings_js_version string| locale function| sprintf object| locale_data object| locale_simple function| l_dry function| l_dir function| l_lang function| ltd function| ln function| lp function| lnp function| ld function| ldn function| ldp function| ldnp object| Handlebars object| html5 object| Modernizr function| $ function| jQuery function| EventEmitter2 function| decodeURIComponentSafe function| relativeDate function| tinycolor object| polyline function| Gettext object| DDG boolean| SM2_DEFER object| d object| w undefined| cd number| dz number| da number| fk number| fb number| fs undefined| fm number| fe number| fl number| fo number| fa number| fn number| fq number| fz undefined| ie undefined| io undefined| ir undefined| is undefined| ga undefined| gd undefined| rc undefined| rd undefined| rs object| rsd number| rdc number| rsc number| rtc number| rii number| rin undefined| rir undefined| rl undefined| rp object| reb number| rebc number| sx number| sy number| tl number| tlz number| tac object| tr object| ts number| tn number| tsl number| tz function| nir string| kurl number| is_mobile undefined| dow undefined| iosx function| ncku function| nckd function| ncf function| ncg function| nis function| nkda function| nkua function| nke function| nko function| nkt function| nkd function| nkn function| nkm function| nksb function| nks function| nkdc function| nkdm function| nkdt function| nkds function| nkf string| mousewheelevt function| nkw function| nrv function| nro function| nrs function| sendCount function| nrj function| nrc function| nrg function| nrl function| nrrel function| nrb function| nrm function| appendAdClass function| nrn function| nsr function| nul function| nutp function| nua function| nug function| nun function| iframeOpen function| openBlankWindow function| getLinkType function| adOrOrganicClick function| organicClick function| adClick number| iadt number| iad3 number| iad2 number| iad number| ieof number| fmy number| fmx number| daia number| daiq number| dam number| il number| irl number| rpc boolean| is_retina number| viewport_width number| viewport_height number| is_mobile_device string| k0 string| k1 string| k2 string| k3 string| k4 string| k5 string| k6 string| k7 string| k8 string| k9 string| ka string| kaa string| kb string| kab string| kc string| kac string| kd string| kad string| ke string| kae string| kf string| kaf string| kg string| kag string| kh string| kah string| ki string| kai string| kj string| kaj string| kk string| kak string| kl string| kal string| km string| kam string| kn string| kan string| ko string| kao string| kp string| kap string| kq string| kaq string| kr string| kar string| ks string| kas string| kt string| kat string| ku string| kau string| kv string| kav string| kw string| kaw string| kx string| kax string| ky string| kay string| kz string| kaz string| k10 string| k11 string| k12 string| k13 string| k14 string| k15 string| k16 string| k17 string| k18 string| k19 string| k20 string| k21 object| err object| errm function| seterr string| t string| objectKey

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

core.royalads.net
duckduckgo.com
improving.duckduckgo.com
onieruco.com
openad.pro
popcash.net
ps.popcash.net
xml-ads.com
107.23.28.17
147.135.243.181
172.67.70.77
188.164.249.105
2606:4700:20::681a:2bc
52.0.120.49
79.125.108.55
05ea6357028f2a0cbb71d3b59e64bb54ccd3b87f01e548b8146448422eb98080
0a75a8519cc22927259de5ea9f0e7facafc61c722332441ff7e459ee9d7b93a4
23609bad917697e4228ee0b3054f580903c539549f98b37bc70f9b85a521ec28
244cafaa19e0b1b166816a194cdb9782eb293eaf967501f98a2fc902537d6f40
25679d4b19079151a61f0a3d1dc405a595f4e9df56bc092f8ad05cdaa2ea9265
28fb895822937f70277ddcf6894aba9224c257348c9710c2ddc13d7452d08849
2b7a02e09e809e21c7e9b64751293348ffcccf9d749ab85e373438dba6110d94
2cf6e05e04f305de66708f94f05a3f65ce113334451551cfccfa3c417cdddac9
42c30588d9adaeee4cea28af0afda91efc7484528c6eea2ce7d591d927fd1a69
4aa4e6c44b36c12b6b0f694ea744b4fcfb64d5f5e7d88ca393ca766d5affe38b
650e5fdfd48f4ab48813bd9d021bde8bef7a9db308b7735dd41f78967c939168
790f083d45a4a716dbec546771888883690e58379526146fc429cf310df9a49f
91762ec30f3c6fbb5bd01a6e9351b1580ce2fd8e3fc34a863f4f258900178820
a38212500d5b913f4a3e13c36445d764d895db361324b2b6ef3464bee33806d0
a5486d8d38153468d861582c68b9b53bba4f7d63dda10c585c4c9f703f67b6ae
bf0042919298c141c6dec3324f807d5543834867122a35685437437e1133f98c
c219a877eb2c47380ba959748793187f3aaed9533061abace5461024cd7d0704
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
e04e0a8f4e9bf7b532198d421a6ad12fa34a8a0ccc1c51dbfa78434def8cc2d0
e34f6f196cd880299a37002e1adc10dd834cdc2a00046dee6ac656b4c1e4a0ff
e36fcc5d5a90369815eb420d206f28f6238e15e6b9a631bef4a0ea87c29ed86b
e44aa57f4ac673d7576b034280788d2692b21637dfcaf353b1fb6d1bc804bcc4