urlscan.io logo urlscan.io
SecurityTrails logo

www.ducks.org Open in urlscan Pro
104.214.108.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://portal.criticalimpact.com/go/1/ce7bd55de6db241aa6473c7b9fa19141/25997/300770c60462b25f/3275aad60812945aa6473c7b9fa19141/25997
Effective URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Submission: On September 09 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 6 countries across 21 domains to perform 59 HTTP transactions. The main IP is 104.214.108.93, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.ducks.org.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on October 24th 2018. Valid for: 2 years.
This is the only time www.ducks.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 199.167.225.41 174 (COGENT-174)
14 104.214.108.93 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.210.249.12 16625 (AKAMAI-AS)
2 2600:9000:20e... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
5 23.37.57.124 16625 (AKAMAI-AS)
5 13.85.88.16 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 216.58.206.2 15169 (GOOGLE)
2 4 172.217.16.134 15169 (GOOGLE)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 5 23.210.248.216 16625 (AKAMAI-AS)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2 3.248.28.111 16509 (AMAZON-02)
1 3.233.30.61 14618 (AMAZON-AES)
59 25
1    199.167.225.41 (United States)

ASN174 (COGENT-174, US)
PTR: portal.cisend.com
portal.criticalimpact.com
14    104.214.108.93 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.ducks.org
1    2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    23.210.249.12 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-249-12.deploy.static.akamaitechnologies.com
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com
2    2600:9000:20e8:b800:0:93e4:a640:93a1 (United States)

ASN16509 (AMAZON-02, US)
my.hellobar.com
1    2606:4700::6811:4f6b (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2a00:1450:4001:824::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
5    23.37.57.124 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-57-124.deploy.static.akamaitechnologies.com
c3321060.ssl.cf0.rackcdn.com
5    13.85.88.16 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
duckscdn.blob.core.windows.net
1    2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:400c:c06::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2a00:1450:4001:81a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:81a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net
www.googleadservices.com
4    172.217.16.134 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f6.1e100.net
10231870.fls.doubleclick.net
5083104.fls.doubleclick.net
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a02:26f0:10c:483::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
snap.licdn.com
1    2a00:1450:4001:816::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:821::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a05:f500:11:101::b93f:9005 (Ireland)

ASN14413 (LINKEDIN, US)
px.ads.linkedin.com
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
3    2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)
www.facebook.com
5    23.210.248.216 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com
s.adroll.com
1    2606:4700:3033::681b:84f9 (United States)

ASN13335 (CLOUDFLARENET, US)
ssl.mousestats.com
2    3.248.28.111 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
d.adroll.mgr.consensu.org
d.adroll.com
1    3.233.30.61 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-233-30-61.compute-1.amazonaws.com
nextroll.com
Domain Requested by
14 www.ducks.org www.ducks.org
5 s.adroll.com 1 redirects www.ducks.org
s.adroll.com
5 duckscdn.blob.core.windows.net www.ducks.org
5 c3321060.ssl.cf0.rackcdn.com www.ducks.org
3 fonts.gstatic.com fonts.googleapis.com
3 www.google.de www.ducks.org
3 www.google.com 1 redirects www.ducks.org
2 5083104.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 www.facebook.com www.ducks.org
2 px.ads.linkedin.com 1 redirects www.ducks.org
2 googleads.g.doubleclick.net www.googleadservices.com
2 snap.licdn.com www.ducks.org
snap.licdn.com
2 connect.facebook.net www.ducks.org
connect.facebook.net
2 10231870.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 stats.g.doubleclick.net 1 redirects www.ducks.org
2 my.hellobar.com www.ducks.org
my.hellobar.com
1 nextroll.com
1 d.adroll.com
1 d.adroll.mgr.consensu.org 1 redirects
1 ssl.mousestats.com www.ducks.org
1 www.linkedin.com 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 fonts.googleapis.com www.ducks.org
1 www.googletagmanager.com www.ducks.org
1 cdnjs.cloudflare.com www.ducks.org
1 eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com www.ducks.org
1 ajax.googleapis.com www.ducks.org
1 portal.criticalimpact.com 1 redirects
59 28

This site contains links to these domains. Also see Links.

Domain
duckscdn.blob.core.windows.net
Subject Issuer Validity Valid
*.ducks.org
DigiCert SHA2 Secure Server CA		 2018-10-24 -
2020-12-09		 2 years crt.sh
upload.video.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.ssl.cf1.rackcdn.com
DigiCert SHA2 Secure Server CA		 2020-04-19 -
2021-07-19		 a year crt.sh
*.hellobar.com
DigiCert SHA2 Secure Server CA		 2017-10-26 -
2020-12-07		 3 years crt.sh
cdnjs.cloudflare.com
DigiCert ECC Secure Server CA		 2020-08-12 -
2022-08-17		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.ssl.cf0.rackcdn.com
DigiCert SHA2 Secure Server CA		 2020-02-06 -
2021-05-07		 a year crt.sh
*.blob.core.windows.net
Microsoft IT TLS CA 5		 2020-07-18 -
2022-07-18		 2 years crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
www.google.de
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.doubleclick.net
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2020-07-21 -
2020-10-12		 3 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2020-08-05 -
2021-02-05		 6 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.google.de
GTS CA 1O1		 2020-08-19 -
2020-11-11		 3 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2020-01-29 -
2021-04-29		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-07-24 -
2021-07-24		 a year crt.sh
adroll.mgr.consensu.org
Amazon		 2019-11-06 -
2020-12-06		 a year crt.sh
nextroll.com
Let's Encrypt Authority X3		 2020-09-02 -
2020-12-01		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Frame ID: 1717F16434C825E8DC8E28631F3B7CAE
Requests: 57 HTTP requests in this frame

Frame: https://10231870.fls.doubleclick.net/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews
Frame ID: 673D8ADE54CF5FFE1901E0E3A6956700
Requests: 1 HTTP requests in this frame

Frame: https://5083104.fls.doubleclick.net/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews
Frame ID: B83A88B4A0FBBA9904C73F53B7006979
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://portal.criticalimpact.com/go/1/ce7bd55de6db241aa6473c7b9fa19141/25997/300770c60462b25f/3275aad60812945... HTTP 302
    https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

59
Requests

100 %
HTTPS

63 %
IPv6

21
Domains

28
Subdomains

25
IPs

6
Countries

956 kB
Transfer

2692 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://portal.criticalimpact.com/go/1/ce7bd55de6db241aa6473c7b9fa19141/25997/300770c60462b25f/3275aad60812945aa6473c7b9fa19141/25997 HTTP 302
    https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=634853098&utmhn=www.ducks.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=DU%20Blackout%20Duck%20Call&utmhid=395616468&utmr=-&utmp=%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&utmht=1599630123673&utmac=UA-171220-3&utmcc=__utma%3D263391129.804141507.1599630124.1599630124.1599630124.1%3B%2B__utmz%3D263391129.1599630124.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1185851616&utmredir=3&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098&slf_rd=1&random=4236444806
Request Chain 30
  • https://10231870.fls.doubleclick.net/activityi;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews HTTP 302
  • https://10231870.fls.doubleclick.net/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews
Request Chain 37
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=1599630123729 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432634%26url%3Dhttps%253A%252F%252Fwww.ducks.org%252Fsupport%252FdonateOnlineSecureN2-BDC.aspx%253Fpromokey%253DBlackoutDuckCall%2526ID%253D9574%2526poe%253D9-20ENews%26time%3D1599630123729%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=1599630123729&liSync=true
Request Chain 51
  • https://5083104.fls.doubleclick.net/activityi;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews HTTP 302
  • https://5083104.fls.doubleclick.net/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews
Request Chain 52
  • https://s.adroll.com/j/exp/Q436PDLHZJCSPKEHSGJZ52/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 54
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/Q436PDLHZJCSPKEHSGJZ52?_s=3bb4265913686db38f56c3b71001f396&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/Q436PDLHZJCSPKEHSGJZ52/?_s=3bb4265913686db38f56c3b71001f396&_b=2

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set donateOnlineSecureN2-BDC.aspx
www.ducks.org/support/
Redirect Chain
  • http://portal.criticalimpact.com/go/1/ce7bd55de6db241aa6473c7b9fa19141/25997/300770c60462b25f/3275aad60812945aa6473c7b9fa19141/25997
  • https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
70 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
366e8f4a9ecc3d2568db8582d767159ea0bbba1ae6c614081e4692c05ec875c0

Request headers

Host
www.ducks.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
no-cache
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Expires
-1
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
Set-Cookie
ASP.NET_SessionId=ypm5zszjlbxgogtm2w0tckxh; path=/; HttpOnly ReferringUrl=UNKNOWN; path=/
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Date
Wed, 09 Sep 2020 05:42:00 GMT
Content-Length
33009

Redirect headers

Date
Wed, 09 Sep 2020 05:42:00 GMT
Server
Apache/2.4.6 (CentOS)
Set-Cookie
JSESSIONIDTC2=939BD3F81D966665E9A3F48871857852; Path=/; HttpOnly; httpOnly cfid=066743ef-4bee-49d1-ba25-dccac601b6b6;Path=/;Expires=Tue, 29-Sep-2020 07:20:04 UTC;HTTPOnly; httpOnly cftoken=0;Path=/;Expires=Tue, 29-Sep-2020 07:20:04 UTC;HTTPOnly; httpOnly CF_CLIENT_TPORTALCRITICALIMPACTCOM_LV=1599630120344;Path=/;Expires=Tue, 08-Dec-2020 05:42:00 UTC;HTTPOnly; httpOnly CF_CLIENT_TPORTALCRITICALIMPACTCOM_TC=1599630120344;Path=/;Expires=Tue, 08-Dec-2020 05:42:00 UTC;HTTPOnly; httpOnly CF_CLIENT_TPORTALCRITICALIMPACTCOM_HC=2;Path=/;Expires=Tue, 08-Dec-2020 05:42:00 UTC;HTTPOnly; httpOnly
location
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Content-Type
text/html;charset=UTF-8
Content-Length
0
Connection
close
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 07 Sep 2020 11:04:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
153472
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 07 Sep 2021 11:04:10 GMT
swiper.min.js
www.ducks.org/support/resources/js/ 		107 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/swiper.min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ddb0a90ca932749f0c824edeee4db365e3d6b96f7bfa47b5b30e2f22ee2e6236

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"864050c5ca7ed51:0"
Last-Modified
Wed, 09 Oct 2019 17:55:43 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
33502
jquery-color.js
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com/fundraising-legacy/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com/fundraising-legacy/jquery-color.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.249.12 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-249-12.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8cea32ba72200abe3237f21e07dd29ebf51e7fb9e5a57f7953a45689de4b484d

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:03 GMT
Content-Encoding
gzip
X-Object-Meta-Cb-Modifiedtime
Tue, 30 Jun 2015 14:23:36 GMT
Last-Modified
Fri, 05 Aug 2016 20:14:33 GMT
X-Trans-Id
tx72f827c72be4415ca067e-005f586b2bdfw1
ETag
a3578c7a7081d1d17077929159630faa
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Timestamp
1470428072.54668
Cache-Control
public, max-age=895
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5187
Expires
Wed, 09 Sep 2020 05:56:58 GMT
6b3a1a5d169fdb4d107f86a6269a5d3cebceb605.js
my.hellobar.com/ 		52 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.hellobar.com/6b3a1a5d169fdb4d107f86a6269a5d3cebceb605.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:b800:0:93e4:a640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
72d7795249e304f1ba1e96505806d7408567414719d4cfb3f1a72a97dffff87f

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:05 GMT
content-encoding
gzip
last-modified
Tue, 08 Sep 2020 12:42:20 GMT
server
AmazonS3
x-amz-cf-pop
TXL52-C1
etag
"01d2a7e36493fe3707c46ffd251f61e7"
x-cache
RefreshHit from cloudfront
content-type
text/javascript
status
200
cache-control
must-revalidate, proxy-revalidate, max-age=86400, s-maxage=10
accept-ranges
bytes
content-length
8201
via
1.1 fe14b43a6dfec5fc809a25185c7fce43.cloudfront.net (CloudFront)
x-amz-cf-id
SuzMLEeFYh08fuewxUuD_mP0gt__essmAQN24U7DYnrjl5jE6qOxuA==
jquery.range.css
www.ducks.org/support/resources/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/css/jquery.range.css?r=8
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7208726b45ea71ca7fe9918b832539eda83d416c73416fe61a44447d3d667709

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"383041a8d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
1379
bootstrap.min.css
www.ducks.org/Portals/_default/Skins/Ducks.org/css/ 		118 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/Portals/_default/Skins/Ducks.org/css/bootstrap.min.css
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
880de7665b1aaa840303313deca3352af257d55aed4584d5e17f0fbffe0fde01

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"e1a5e1a1377fd61:0"
Last-Modified
Mon, 31 Aug 2020 01:39:56 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
27697
skin.css
www.ducks.org/Portals/_default/Skins/Ducks.org/ 		72 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/Portals/_default/Skins/Ducks.org/skin.css
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
73074930d19640a2f88965311c28cd164a94e210115f8ec0072c61faa9351b43

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"8c91eda1377fd61:0"
Last-Modified
Mon, 31 Aug 2020 01:39:57 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
18659
swiper.min.css
www.ducks.org/support/resources/css/ 		17 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/css/swiper.min.css
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3ef6ff8a92054b101d68757604edc25bf231cc564709a51d720b983ef17d09cb

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"293881d2ca7ed51:0"
Last-Modified
Wed, 09 Oct 2019 17:56:05 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
3811
fundraising.css
www.ducks.org/support/resources/css/ 		23 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/css/fundraising.css?r=11
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0c49a890489b75167901340adf3db2204dd3d9af88cc6527f0b7e593a8ddd65e

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"9ae197c234bd61:0"
Last-Modified
Thu, 25 Jun 2020 15:17:37 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
6847
poc-n2-2019.css
www.ducks.org/support/resources/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
c3ebf376fe7cb7bbb0091e63e85ae1953031e11adb4639f6c4547a0967a80a4c

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"e67b723a6c72d61:0"
Last-Modified
Fri, 14 Aug 2020 18:53:41 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
1643
bootstrap.min.js
www.ducks.org/support/resources/js/ 		36 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/bootstrap.min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
5a4a5359110a773bd154da94c48ffd6a6233a29dfd5a9314555f5ae6c3e47459

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"80c8f8a7d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
9785
classie.js
www.ducks.org/support/resources/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/classie.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
14199bb4d5b09f1bc4cb4bcad0e9b6a329041b01d0117b969f575ef82a38a2fd

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"ab3c46a8d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
911
skin.js
www.ducks.org/support/resources/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/skin.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
727060473e40d9ef493781629c2b84e142d46e913a0dc74c00d23a15a01aaef2

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"80c8f8a7d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
984
Chart.bundle.min.js
cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/ 		197 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.bundle.min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4f6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
faaf9d1824ab55b7a3777303bb32472ac936797778b05e5760431f3d9b0e9d81
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
1155657
x-via
cfworker/kv
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
50538
cf-request-id
0512fbb7d3000018e55929b200000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:03:58 GMT
server
cloudflare
etag
"5eb03cee-313d9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
5cfe956c89e718e5-FRA
expires
Mon, 30 Aug 2021 05:42:02 GMT
fundraising.js
www.ducks.org/support/resources/js/ 		69 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/fundraising.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
360b7c7104f3633ebc82558ee87194889fc4c1d1d18d7c1b337d3819b54114d8

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"e9a1032737dd61:0"
Last-Modified
Fri, 28 Aug 2020 19:41:16 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
18844
jquery.range-min.js
www.ducks.org/support/resources/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/jquery.range-min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ec06b9f253be4289dabb1de931009e356885fdcad0902fce011f49b9f7f680c2

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"fa104aa8d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
3203
date.js
www.ducks.org/support/resources/js/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ducks.org/support/resources/js/date.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
104.214.108.93 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7128340f4f9a3de9a1c9763d288ae489e3a35f04544afa839ee557c50a96f582

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:02 GMT
Content-Encoding
gzip
ETag
"1e2f4da8d29d41:0"
Last-Modified
Tue, 31 Jul 2018 20:32:53 GMT
Server
Microsoft-IIS/8.5
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=259200
Accept-Ranges
bytes
Content-Length
12463
gtm.js
www.googletagmanager.com/ 		88 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-M2LTJJQ
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
ba54a8059a9da828adc4dbbeb3fe3f9ef92f10e89049ad6297936c9de133961e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:03 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32150
x-xss-protection
0
last-modified
Wed, 09 Sep 2020 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Sep 2020 05:42:03 GMT
large_2020813122423242.jpg
c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/large_2020813122423242.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.57.124 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-124.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0f9c77eef5e149e99f64985b7c67d53db1d4f97f62aa3985aa1232ac9344266a

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
Last-Modified
Thu, 13 Aug 2020 17:24:25 GMT
X-Trans-Id
tx8d7634e6ddda4f9c985bc-005f50e1f8dfw1
ETag
c5398574618bccb2e259857a6226d8c5
Content-Type
image/jpeg
X-Timestamp
1597339464.56761
Cache-Control
public, max-age=7177
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17025
Expires
Wed, 09 Sep 2020 07:41:41 GMT
large_2020813122627905.jpg
c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/large_2020813122627905.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.57.124 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-124.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2ea635f3c4ffb4506299ca4adeb465c9a59a27ff6b571e71620bb2c226857f93

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
Last-Modified
Thu, 13 Aug 2020 17:26:30 GMT
X-Trans-Id
tx1aea594ef04d43379f35e-005f50955cdfw1
ETag
3533f902bc236f100b3d31dad0df06fa
Content-Type
image/jpeg
X-Timestamp
1597339589.05858
Cache-Control
public, max-age=7165
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
13807
Expires
Wed, 09 Sep 2020 07:41:29 GMT
large_2020813122654174.jpg
c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/large_2020813122654174.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.57.124 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-124.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
51402974e40b7091594b01afbc8cc5c39caf93874c1d5649be69eb7b245ff1da

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
Last-Modified
Thu, 13 Aug 2020 17:27:02 GMT
X-Trans-Id
txd2295b2923d1439796922-005f50955cdfw1
ETag
93a1a04b0de26b163490fc406aa368d2
Content-Type
image/jpeg
X-Timestamp
1597339621.26302
Cache-Control
public, max-age=7189
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17808
Expires
Wed, 09 Sep 2020 07:41:53 GMT
large_20208171228839.jpg
c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/ 		40 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3321060.ssl.cf0.rackcdn.com/fundraising/media/images/large_20208171228839.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.57.124 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-124.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
54cd8a9f09dd010ca56dda0b12c36aac67aa03d40d8920a01098a002e84f7b58

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
Last-Modified
Mon, 17 Aug 2020 17:02:11 GMT
X-Trans-Id
tx4f1d9f6973c3401c8df19-005f50955cdfw1
ETag
2604a148ec568147ba22479a8252e038
Content-Type
image/jpeg
X-Timestamp
1597683730.05385
Cache-Control
public, max-age=7200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
41253
Expires
Wed, 09 Sep 2020 07:42:04 GMT
ccTypes.png
c3321060.ssl.cf0.rackcdn.com/fundraising/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c3321060.ssl.cf0.rackcdn.com/fundraising/ccTypes.png
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.37.57.124 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-57-124.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
51e16db90f9008657977b095468c11bb0b6c5635303bfa1b622b8c7d6730b5ca

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
X-Object-Meta-Cb-Modifiedtime
Wed, 03 May 2017 21:30:51 GMT
Last-Modified
Wed, 03 May 2017 21:31:10 GMT
X-Trans-Id
tx5a3ae691dae0476cbb4e0-005f469598dfw1
ETag
c632ae33f2e3d2390578f94d88e7dbf4
Content-Type
image/png
X-Timestamp
1493847069.43658
Cache-Control
public, max-age=7108
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5256
Expires
Wed, 09 Sep 2020 07:40:32 GMT
bdc-rhs.png
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/ 		66 KB
66 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/bdc-rhs.png?cb=1
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.85.88.16 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8142dca6f4072965c36ee9a356b02ef96954ca083995b26a8f440b2bc556f432

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 09 Sep 2020 05:42:03 GMT
Last-Modified
Fri, 14 Aug 2020 17:51:36 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
7ugCnsMT2KaWx0gXxL8xtg==
ETag
"0x8D8407AB08A86CE"
Vary
Origin
Content-Type
image/png
x-ms-request-id
e6ce430d-001e-00a4-0c6b-86428c000000
x-ms-version
2014-02-14
Content-Disposition
Accept-Ranges
bytes
Content-Length
67130
x-ms-lease-state
available
bdc-rhs-more.png
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/bdc-rhs-more.png
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.85.88.16 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7c7569024ef38577ce00ba8c23e759d5c26aa07df6b5cb8b65ebfa810ef69485

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 09 Sep 2020 05:42:03 GMT
Last-Modified
Mon, 17 Aug 2020 23:16:15 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
JLTmVLWTfdbV6441zF9n0w==
ETag
"0x8D843038A641120"
Vary
Origin
Content-Type
image/png
x-ms-request-id
557e05f1-201e-0091-4e6b-86ecd9000000
x-ms-version
2014-02-14
Content-Disposition
Accept-Ranges
bytes
Content-Length
36259
x-ms-lease-state
available
css
fonts.googleapis.com/ 		6 KB
882 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/Portals/_default/Skins/Ducks.org/skin.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ca82421bd97a43b629a377b4c01e185a67814df47c5b4697c597e95742bca4d1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/Portals/_default/Skins/Ducks.org/skin.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Wed, 09 Sep 2020 05:42:03 GMT
server
ESF
date
Wed, 09 Sep 2020 05:42:03 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Sep 2020 05:42:03 GMT
dc.js
stats.g.doubleclick.net/ 		45 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/dc.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 19 Aug 2020 20:46:40 GMT
server
Golfe2
age
4595
date
Wed, 09 Sep 2020 04:25:28 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17093
expires
Wed, 09 Sep 2020 06:25:28 GMT
bdc-bg.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/ 		63 KB
63 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2020/bdc-bg.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.85.88.16 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
82682917607b08fa8f3c9e7d41860061f5574402649f47913e3bde84b40eed1c

Request headers

Referer
https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 09 Sep 2020 05:42:03 GMT
Last-Modified
Fri, 14 Aug 2020 17:51:36 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
TQhY2h8x6UNYMfG7L95hgQ==
ETag
"0x8D8407AB08A389A"
Vary
Origin
Content-Type
image/jpeg
x-ms-request-id
ac0fc32e-a01e-012e-4a6b-86befa000000
x-ms-version
2014-02-14
Content-Disposition
Accept-Ranges
bytes
Content-Length
64046
x-ms-lease-state
available
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://stats.g.doubleclick.net/r/__utm.gif?utmwv=5.7.2dc&utms=1&utmn=634853098&utmhn=www.ducks.org&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=DU%20B...
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098&slf_rd=1&random=4236444806
42 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098&slf_rd=1&random=4236444806
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-171220-3&cid=804141507.1599630124&jid=1185851616&_v=5.7.2dc&z=634853098&slf_rd=1&random=4236444806
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		29 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2LTJJQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f2.1e100.net
Software
cafe /
Resource Hash
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11311
x-xss-protection
0
server
cafe
etag
12833363978352728442
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 09 Sep 2020 05:42:03 GMT
activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOn...
10231870.fls.doubleclick.net/ Frame 673D
Redirect Chain
  • https://10231870.fls.doubleclick.net/activityi;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2Fdonat...
  • https://10231870.fls.doubleclick.net/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://10231870.fls.doubleclick.net/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2LTJJQ
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
10231870.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 09 Sep 2020 05:42:03 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
454
x-xss-protection
0
set-cookie
test_cookie=CheckForPermission; expires=Wed, 09-Sep-2020 05:57:03 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 09 Sep 2020 05:42:03 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://10231870.fls.doubleclick.net/activityi;dc_pre=CJ_Vrsqu2-sCFcTiuwgdlbwCag;src=10231870;type=pagev0;cat=allpa0;ord=1;num=3258227595347;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
fbevents.js
connect.facebook.net/en_US/ 		135 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34302
x-xss-protection
0
pragma
public
x-fb-debug
1A1VtyDKgIHuxIp+qjb9/Y7dWNT/uxMn6/r5Sdiorzuz0Z6RM1WBR2bvfSXtAPSYcj1V+MpW24FubSSSpiG3yg==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 09 Sep 2020 05:42:03 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		964 B
759 B 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:483::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:03 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:41:55 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=13051
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
446
1431799027060769
connect.facebook.net/signals/config/ 		524 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1431799027060769?v=2.9.24&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eb86f2640168b112589e84e40aa5425eaeb33d0afeedad6eee4bdce7dd992bda
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
134850
x-xss-protection
0
pragma
public
x-fb-debug
tCGLAnkELS45SO+C2kgYn1FumA3NMrATSiFDNdVu9WoqwpbCxzGIKCZNtqltsh3yYh3gdIB76CqUnT5P6R4Ycw==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Wed, 09 Sep 2020 05:42:03 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:483::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:03 GMT
Content-Encoding
gzip
Last-Modified
Thu, 03 Sep 2020 20:29:41 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=12532
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/976631994/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/976631994/?random=1599630123719&cv=9&fst=1599630123719&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ce9c653f2e9d790d0f5befe0dcdab464b58e0b1e0593703dc43d868e5721d616
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1071
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1040837785/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1040837785/?random=1599630123722&cv=9&fst=1599630123722&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:821::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
25ecf03ec3b77049b11f235e4e60432c838e1ef5ed72bf25b70ac816cfcece53
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1073
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432634%26url%3Dhttps%253A%252F%252Fwww.ducks.org%252Fsupport%252FdonateOnlineSecu...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=...
0
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=1599630123729&liSync=true
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:04 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
koNraR8HMxZgHkk92SoAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
864KYh8HMxZQjdq8JysAAA==
pragma
no-cache
x-li-pop
afd-prod-lor1
x-msedge-ref
Ref A: FA93E595A06C47DE9980DE56364DDD80 Ref B: FRAEDGE1521 Ref C: 2020-09-09T05:42:03Z
x-frame-options
sameorigin
date
Wed, 09 Sep 2020 05:42:03 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432634&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&time=1599630123729&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
logo-green-on-white.jpg
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/logo-green-on-white.jpg
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.85.88.16 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
e5a9f6da3b3c07d28e3a87f88ea1a30f0bb6b0cf4d6bc8f0056630a5dbf266c6

Request headers

Referer
https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 09 Sep 2020 05:42:03 GMT
Last-Modified
Wed, 16 Oct 2019 15:38:06 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
982Yu4BRMAJho7epc8EkvQ==
ETag
"0x8D7524ED73A3975"
Vary
Origin
Content-Type
image/jpeg
x-ms-request-id
9a35d3f6-001e-0063-596b-863e4d000000
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
48458
x-ms-lease-state
available
lock.png
duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://duckscdn.blob.core.windows.net/imagescontainer/landing-pages/fundraising/poc-n2-2019/lock.png
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.85.88.16 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7cec0fbdf8527b5bd28c2c491871e05bdf74942a983a2a1de0aff5a6fc11c140

Request headers

Referer
https://www.ducks.org/support/resources/css/poc-n2-2019.css?r=11
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Wed, 09 Sep 2020 05:42:04 GMT
Last-Modified
Mon, 14 Oct 2019 19:12:25 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
ky/q546IeJqpOK/+JuNN1g==
ETag
"0x8D750DA72A58AA6"
Vary
Origin
Content-Type
image/png
x-ms-request-id
d6a47b14-401e-012f-1a6b-86bf07000000
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
1577
x-ms-lease-state
available
u-4-0qaujRI2Pbsn2NhnsS5mew.woff2
fonts.gstatic.com/s/halant/v8/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/halant/v8/u-4-0qaujRI2Pbsn2NhnsS5mew.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2b33bc559e5636b42f716e519d3998a33da2d87f578158de5cd83c93041d2cd0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ducks.org
Referer
https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 03:25:31 GMT
x-content-type-options
nosniff
last-modified
Tue, 01 Sep 2020 05:11:59 GMT
server
sffe
age
8192
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
10776
x-xss-protection
0
expires
Thu, 09 Sep 2021 03:25:31 GMT
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ducks.org
Referer
https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 07 Sep 2020 09:06:11 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
160552
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11180
x-xss-protection
0
expires
Tue, 07 Sep 2021 09:06:11 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.ducks.org
Referer
https://fonts.googleapis.com/css?family=Halant|Roboto:300,400
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 07 Sep 2020 09:03:54 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
160689
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11016
x-xss-protection
0
expires
Tue, 07 Sep 2021 09:03:54 GMT
/
www.google.com/pagead/1p-user-list/976631994/ 		42 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/976631994/?random=1599630123719&cv=9&fst=1599627600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&async=1&fmt=3&is_vtc=1&random=2948655878&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/976631994/ 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/976631994/?random=1599630123719&cv=9&fst=1599627600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&async=1&fmt=3&is_vtc=1&random=2948655878&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1040837785/ 		42 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1040837785/?random=1599630123722&cv=9&fst=1599627600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&async=1&fmt=3&is_vtc=1&random=2285859654&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1040837785/ 		42 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1040837785/?random=1599630123722&cv=9&fst=1599627600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg8q1&sendb=1&frm=0&url=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&tiba=DU%20Blackout%20Duck%20Call&async=1&fmt=3&is_vtc=1&random=2285859654&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Sep 2020 05:42:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
258 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1431799027060769&ev=PageView&dl=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&rl=&if=false&ts=1599630123881&sw=1600&sh=1200&v=2.9.24&r=stable&ec=0&o=30&fbp=fb.1.1599630123881.1383502410&it=1599630123710&coo=false&rqm=GET
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:03 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 09 Sep 2020 05:42:03 GMT
modules-v60.js
my.hellobar.com/ 		141 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.hellobar.com/modules-v60.js
Requested by
Host: my.hellobar.com
URL: https://my.hellobar.com/6b3a1a5d169fdb4d107f86a6269a5d3cebceb605.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20e8:b800:0:93e4:a640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3661bde0404473b362b4ce5ac6ba980422e82714d808be044ebb59f9473c5a09

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 07 Sep 2020 01:19:03 GMT
content-encoding
gzip
last-modified
Wed, 02 Sep 2020 12:23:32 GMT
server
AmazonS3
age
188582
etag
"2cf3d08858cdb0e5c4279c99ec59cafc"
x-cache
Hit from cloudfront
content-type
text/javascript
status
200
cache-control
must-revalidate, proxy-revalidate, max-age=31557600, s-maxage=31557600
x-amz-cf-pop
TXL52-C1
accept-ranges
bytes
content-length
39874
via
1.1 fe14b43a6dfec5fc809a25185c7fce43.cloudfront.net (CloudFront)
x-amz-cf-id
Dem25g_IOlfcbG9CKQ8QTfvEcWSvSkOuD23QvImWfMG1unGwAKFskw==
roundtrip.js
s.adroll.com/j/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
CeVUvvucPy3Id6wu3pm.U9kY8oddI4fW
Content-Encoding
gzip
ETag
"d78a05d3ec6a770650daa2185ccbc352"
x-amz-request-id
AR5H0H0WBN7M3Z5M
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
11962
x-amz-id-2
M93StxvvSqMxMsj+xy9yc6/AzzLsqM+G9sD8qeZqrxLh0uwhVbmeri750Q0Y8g/i85pm3VGzATE=
Last-Modified
Wed, 19 Aug 2020 17:39:39 GMT
Server
AmazonS3
Date
Wed, 09 Sep 2020 05:42:04 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
5160370059471224765.js
ssl.mousestats.com/js/5/1/ 		23 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.mousestats.com/js/5/1/5160370059471224765.js?2666050
Requested by
Host: www.ducks.org
URL: https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::681b:84f9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / ASP.NET
Resource Hash
3f5f1aa65e811a2dd034e30613e65f20a4804e14a8e98c7e27393e1e04bffec9

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:04 GMT
content-encoding
br
x-aspnetmvc-version
5.2
server
cloudflare
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
status
200
cache-control
public, max-age=1800
powered-by
MouseStats
cf-ray
5cfe9576ad4bc2ae-FRA
cf-cache-status
MISS
cf-request-id
0512fbbe2d0000c2aee335b200000001
activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSec...
5083104.fls.doubleclick.net/ Frame B83A
Redirect Chain
  • https://5083104.fls.doubleclick.net/activityi;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineS...
  • https://5083104.fls.doubleclick.net/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.d...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://5083104.fls.doubleclick.net/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M2LTJJQ
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
172.217.16.134 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra15s46-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
5083104.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
IDE=AHWqTUkx3f2wtLlaRR7VCxNSxw_PeIbQjDcIESLz3xR88wjf1cvttLFcmkKP5qbf
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
about:blank

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 09 Sep 2020 05:42:04 GMT
expires
Wed, 09 Sep 2020 05:42:04 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
394
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Wed, 09 Sep 2020 05:42:04 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://5083104.fls.doubleclick.net/activityi;dc_pre=COyS48qu2-sCFY7nuwgdm8IFLA;src=5083104;type=gener0;cat=gener0;ord=3662502718972;gtm=2wg8q1;auiddc=877840814.1599630124;~oref=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/Q436PDLHZJCSPKEHSGJZ52/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
0A9DFB41B15EF3A2
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified
Fri, 31 Jul 2020 16:11:15 GMT
Server
AmazonS3
Date
Wed, 09 Sep 2020 05:42:04 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Wed, 09 Sep 2020 05:42:04 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/Q436PDLHZJCSPKEHSGJZ52/GILUZAHEEFAFPJFNHN3ZBH/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/Q436PDLHZJCSPKEHSGJZ52/GILUZAHEEFAFPJFNHN3ZBH/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
K6roAjwQjpbPWzzJIoNx7SXISS5M_Mr6
Content-Encoding
gzip
ETag
"3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id
528D0845A11F1C91
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
635
x-amz-id-2
+KbfgcxSt7Ade+1BjZLUy2bzTgv1dd8tYMx23gEFbh1vy1bwuRS/cCsp1s0284ADZ/97g92DNPI=
Last-Modified
Tue, 08 Sep 2020 05:37:29 GMT
Server
AmazonS3
Date
Wed, 09 Sep 2020 05:42:04 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/Q436PDLHZJCSPKEHSGJZ52/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/Q436PDLHZJCSPKEHSGJZ52?_s=3bb4265913686db38f56c3b71001f396&_b=2
  • https://d.adroll.com/consent/check/Q436PDLHZJCSPKEHSGJZ52/?_s=3bb4265913686db38f56c3b71001f396&_b=2
385 B
477 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/Q436PDLHZJCSPKEHSGJZ52/?_s=3bb4265913686db38f56c3b71001f396&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.248.28.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-28-111.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
b1f659d75904fae6afd32155aef4791660e816f16cb4e718b4bc56ea03ae8752

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Wed, 09 Sep 2020 05:42:04 GMT
server
nginx/1.16.1
content-length
385
content-type
application/javascript

Redirect headers

status
302
date
Wed, 09 Sep 2020 05:42:04 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/Q436PDLHZJCSPKEHSGJZ52/?_s=3bb4265913686db38f56c3b71001f396&_b=2
consent_tcfv2.js
s.adroll.com/j/ 		388 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
d4a661cb0efd5f36bfe10e439dd26e3afccf8ff470b28dcec75f1713a7d51b27

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
h4m2jjQlA2CP9ZYqMoovkRh6inLSRALE
Content-Encoding
gzip
ETag
"045dfa15a2715b0b070cb4d61675c093"
x-amz-request-id
8DA41BFB5D7D4B16
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
53242
x-amz-id-2
gKzNE6L4exEuB2iDHxoDnFIJ7qHfW81YpRSu6xInzu/RZRIyZVQFgmQP9IdYpdOyOWG9TWkFEXg=
Last-Modified
Tue, 25 Aug 2020 22:56:43 GMT
Server
AmazonS3
Date
Wed, 09 Sep 2020 05:42:04 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
favicon-32x32.png
nextroll.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nextroll.com/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.233.30.61 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-30-61.compute-1.amazonaws.com
Software
Apache /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 09 Sep 2020 05:42:05 GMT
Via
1.1 vegur
Last-Modified
Wed, 02 Sep 2020 21:32:51 GMT
Server
Apache
Etag
"64f-5ae5b60b0a6c0"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1615
/
www.facebook.com/tr/ 		44 B
146 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1431799027060769&ev=Microdata&dl=https%3A%2F%2Fwww.ducks.org%2Fsupport%2FdonateOnlineSecureN2-BDC.aspx%3Fpromokey%3DBlackoutDuckCall%26ID%3D9574%26poe%3D9-20ENews&rl=&if=false&ts=1599630125386&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5CtDU%20Blackout%20Duck%20Call%5Cn%22%2C%22meta%3Adescription%22%3A%22By%20joining%20Ducks%20Unlimited%2C%20you%20will%20be%20doing%20your%20part%20to%20ensure%20that%20duck%20populations%20will%20continue%20to%20rise%20and%20the%20future%20of%20waterfowl%20hunting%20is%20brighter%20for%20generations%20to%20come.%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.24&r=stable&ec=1&o=30&fbp=fb.1.1599630123881.1383502410&it=1599630123710&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.ducks.org/support/donateOnlineSecureN2-BDC.aspx?promokey=BlackoutDuckCall&ID=9574&poe=9-20ENews
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 09 Sep 2020 05:42:05 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Wed, 09 Sep 2020 05:42:05 GMT

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| dataLayer function| $ function| jQuery function| Swiper object| mediaItemsClientArray number| totalPossibleSizeSelections string| totalQuantitySelected string| selectedSizes boolean| isAparrel string| allowMultipleSizesClass number| recurringSliderMin number| recurringSliderMax number| recurringSliderStep number| recurringBillDateDayRange string| recurringCurrentDate number| recurringNextBillDayDefaultDay boolean| isPoc string| defaultWebApi string| currentDonateID string| minDon object| _gaq object| theForm function| __doPostBack object| classie number| vpw number| vph string| bp boolean| isInEdit function| Init function| IsInEditMode function| AnimateHeader function| SetMobileMenuHeight function| CreateRibbons function| GetBreakpoint function| Color function| Chart boolean| isDuEfficienctChartActivated undefined| friendlyBillDate object| longMonths boolean| isCanada number| socialProofScrollThreshTop boolean| isSocialProofAboveThresh object| dfHomeStr number| quantitySelectedIndex function| UpdateUrlToComplete function| SetPaymentDetailMode boolean| isStarted boolean| isStopped function| DoSocialProof function| DoSocialProofNext function| DoSocialProofDisplay function| getRandomInt function| PopulateSwiper function| initPocMap function| ConfirmationMap function| geocodeAddress function| DisableButton function| UpdateSubmitButtonText function| NumbersOnly function| SwitchGiftAmount function| SetCountryView function| ShowRequired function| SetPremiumOptOutView function| OptOutFreeGift function| OnHonorMemoryClick function| CheckCreditCard function| GetCreditCardType function| AdditionalAmountListener function| AddAdditionalAmount function| RemoveAdditionalAmount function| AddUpsell function| RemoveItem function| HtmlEncode function| HtmlDecode function| GetSizes function| GetUpsellAmount function| SideMediaSwitch number| numberOfImages function| ModalMediaSwitch function| AttachModalPrev function| AttachModalNext function| StopVideo function| AdjustSizeOptions number| currentMediaItemIndex function| InitMediaItemsViewer function| ShowMediaItem function| HideMediaItem function| GetNextMediaItemIndex function| DrawMediaItemsNavGlance function| toggleReadMore function| showModal function| parseSizeSelectionsForDisplay function| ShowEditSizesModal function| ToggleRecurringDaySelection function| SetBillDay function| CalculateNextBillingDate function| UpdateRecurringInfoBlurb function| ToggleRecurringInfoBlurb function| ShowRecurringModal function| CheckRecurringOtherAmount function| RemoveRecurringOtherAmount function| ShowRecurringModalStep function| ToggleAlternateShipping function| ShowShippingAddressInformation function| PopulateConfirmMediaItem function| InitGiftView function| ShowOtherAmount function| PdToggle function| animateDuEfficiencyChart function| ToggleHonorMemory function| showHmsaFormSection function| CountCharacterLength function| openFeedbackModal function| SubmitFeedback function| GetMapStyle function| DonorWall function| RemoveDonor function| GetNewJson object| _gat object| gaGlobal object| google_tag_manager object| google_tag_data function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| lintrk boolean| _already_called_lintrk string| adroll_adv_id string| adroll_pix_id object| MouseStats_Commands number| width function| bootstrap object| hellobarSiteSettings object| script function| hellobar boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback string| mousestats_project string| mousestats_playbackProject object| mousestats_formAnalyticsProject string| mousestats_microSurveysProject string| mousestats_Site string| mousestats_xadd object| MouseStatsSharedControl object| MouseStatsVisitorPlaybacks object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| adroll_exp_list function| __cmp object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner boolean| __adroll_consent_prev_lastchild

10 Cookies

Domain/Path Name / Value
.ducks.org/ Name: _gcl_au
Value: 1.1.877840814.1599630124
.ducks.org/ Name: __utmt
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUkx3f2wtLlaRR7VCxNSxw_PeIbQjDcIESLz3xR88wjf1cvttLFcmkKP5qbf
.ducks.org/ Name: __utmz
Value: 263391129.1599630124.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.ducks.org/ Name: __utmc
Value: 263391129
.ducks.org/ Name: __utma
Value: 263391129.804141507.1599630124.1599630124.1599630124.1
www.ducks.org/ Name: ReferringUrl
Value: UNKNOWN
.ducks.org/ Name: _fbp
Value: fb.1.1599630123881.1383502410
.ducks.org/ Name: __utmb
Value: 263391129.1.10.1599630124
www.ducks.org/ Name: ASP.NET_SessionId
Value: ypm5zszjlbxgogtm2w0tckxh

3 Console Messages

Source Level URL
Text
console-api log URL: https://www.ducks.org/support/resources/js/skin.js(Line 86)
Message:
1600
console-api log URL: https://www.ducks.org/support/resources/js/fundraising.js(Line 310)
Message:
UpdateSubmitButtonText: 0
console-api log URL: https://www.ducks.org/support/resources/js/fundraising.js(Line 310)
Message:
UpdateSubmitButtonText: 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10231870.fls.doubleclick.net
5083104.fls.doubleclick.net
ajax.googleapis.com
c3321060.ssl.cf0.rackcdn.com
cdnjs.cloudflare.com
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
duckscdn.blob.core.windows.net
eae3e26d6cce6d2421f2-d0bf394c81120104918c3f1bbeb3098c.ssl.cf1.rackcdn.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
my.hellobar.com
nextroll.com
portal.criticalimpact.com
px.ads.linkedin.com
s.adroll.com
snap.licdn.com
ssl.mousestats.com
stats.g.doubleclick.net
www.ducks.org
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
104.214.108.93
13.85.88.16
172.217.16.134
199.167.225.41
216.58.206.2
23.210.248.216
23.210.249.12
23.37.57.124
2600:9000:20e8:b800:0:93e4:a640:93a1
2606:4700:3033::681b:84f9
2606:4700::6811:4f6b
2620:1ec:21::14
2a00:1450:4001:809::200a
2a00:1450:4001:816::2002
2a00:1450:4001:819::2003
2a00:1450:4001:81a::2003
2a00:1450:4001:81a::2004
2a00:1450:4001:81f::200a
2a00:1450:4001:821::2002
2a00:1450:4001:824::2008
2a00:1450:400c:c06::9b
2a02:26f0:10c:483::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.233.30.61
3.248.28.111
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
097afea517679d2e0b986d77cb3fe7808026882b52ca074a050e03e7a4a6996b
0c49a890489b75167901340adf3db2204dd3d9af88cc6527f0b7e593a8ddd65e
0f9c77eef5e149e99f64985b7c67d53db1d4f97f62aa3985aa1232ac9344266a
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
14199bb4d5b09f1bc4cb4bcad0e9b6a329041b01d0117b969f575ef82a38a2fd
25ecf03ec3b77049b11f235e4e60432c838e1ef5ed72bf25b70ac816cfcece53
2b33bc559e5636b42f716e519d3998a33da2d87f578158de5cd83c93041d2cd0
2ea635f3c4ffb4506299ca4adeb465c9a59a27ff6b571e71620bb2c226857f93
360b7c7104f3633ebc82558ee87194889fc4c1d1d18d7c1b337d3819b54114d8
3661bde0404473b362b4ce5ac6ba980422e82714d808be044ebb59f9473c5a09
366e8f4a9ecc3d2568db8582d767159ea0bbba1ae6c614081e4692c05ec875c0
3ef6ff8a92054b101d68757604edc25bf231cc564709a51d720b983ef17d09cb
3f5f1aa65e811a2dd034e30613e65f20a4804e14a8e98c7e27393e1e04bffec9
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
51402974e40b7091594b01afbc8cc5c39caf93874c1d5649be69eb7b245ff1da
51e16db90f9008657977b095468c11bb0b6c5635303bfa1b622b8c7d6730b5ca
54cd8a9f09dd010ca56dda0b12c36aac67aa03d40d8920a01098a002e84f7b58
5a4a5359110a773bd154da94c48ffd6a6233a29dfd5a9314555f5ae6c3e47459
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8
6c9459a6400a8cf7ef815379f9316dc26aeec43bcc48da1d1bd58d99a6109f7b
7128340f4f9a3de9a1c9763d288ae489e3a35f04544afa839ee557c50a96f582
7208726b45ea71ca7fe9918b832539eda83d416c73416fe61a44447d3d667709
727060473e40d9ef493781629c2b84e142d46e913a0dc74c00d23a15a01aaef2
72d7795249e304f1ba1e96505806d7408567414719d4cfb3f1a72a97dffff87f
73074930d19640a2f88965311c28cd164a94e210115f8ec0072c61faa9351b43
7c7569024ef38577ce00ba8c23e759d5c26aa07df6b5cb8b65ebfa810ef69485
7cec0fbdf8527b5bd28c2c491871e05bdf74942a983a2a1de0aff5a6fc11c140
8142dca6f4072965c36ee9a356b02ef96954ca083995b26a8f440b2bc556f432
82682917607b08fa8f3c9e7d41860061f5574402649f47913e3bde84b40eed1c
880de7665b1aaa840303313deca3352af257d55aed4584d5e17f0fbffe0fde01
8cea32ba72200abe3237f21e07dd29ebf51e7fb9e5a57f7953a45689de4b484d
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
b1f659d75904fae6afd32155aef4791660e816f16cb4e718b4bc56ea03ae8752
b5840616d8bf9540bbe45a42f6841f92b78c70dabd3b8ee60abb51e79c47d5d6
ba54a8059a9da828adc4dbbeb3fe3f9ef92f10e89049ad6297936c9de133961e
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c3ebf376fe7cb7bbb0091e63e85ae1953031e11adb4639f6c4547a0967a80a4c
ca82421bd97a43b629a377b4c01e185a67814df47c5b4697c597e95742bca4d1
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce9c653f2e9d790d0f5befe0dcdab464b58e0b1e0593703dc43d868e5721d616
d4a661cb0efd5f36bfe10e439dd26e3afccf8ff470b28dcec75f1713a7d51b27
ddb0a90ca932749f0c824edeee4db365e3d6b96f7bfa47b5b30e2f22ee2e6236
e3707edca98715fc3fe7ea36b15c506641b4c380e7e6c4d8ebb9e288f1438ff8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5a9f6da3b3c07d28e3a87f88ea1a30f0bb6b0cf4d6bc8f0056630a5dbf266c6
eb86f2640168b112589e84e40aa5425eaeb33d0afeedad6eee4bdce7dd992bda
ec06b9f253be4289dabb1de931009e356885fdcad0902fce011f49b9f7f680c2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
faaf9d1824ab55b7a3777303bb32472ac936797778b05e5760431f3d9b0e9d81