da-dd-forms.free-onlineclock.com Open in urlscan Pro
209.126.13.251 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://da-dd-forms.free-onlineclock.com/
Submission: On September 21 via api (September 21st 2023, 11:38:33 pm UTC) from US — Scanned from US

Summary HTTP 71 Redirects Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 14 domains to perform 71 HTTP transactions. The main IP is 209.126.13.251, located in St Louis, United States and belongs to NL-811-40021, US. The main domain is da-dd-forms.free-onlineclock.com.
TLS certificate: Issued by R3 on September 21st 2023. Valid for: 3 months.

This is the only time da-dd-forms.free-onlineclock.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
17	209.126.13.251 209.126.13.251	40021 (NL-811-40021) (NL-811-40021)
7	2607:f8b0:402... 2607:f8b0:4020:804::2002	15169 (GOOGLE) (GOOGLE)
5 10	2a02:6b8::1:119 2a02:6b8::1:119	208722 (GLOBAL_DC) (GLOBAL_DC)
4	2607:f8b0:402... 2607:f8b0:4020:807::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:805::2002	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:402... 2607:f8b0:4020:807::2001	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:402... 2607:f8b0:4020:806::2002	15169 (GOOGLE) (GOOGLE)
1	2620:100:a001... 2620:100:a001::24	19750 (AS-CRITEO) (AS-CRITEO)
1	2620:100:a001::3 2620:100:a001::3	19750 (AS-CRITEO) (AS-CRITEO)
11	2620:100:a001::4 2620:100:a001::4	19750 (AS-CRITEO) (AS-CRITEO)
4	2600:1400:900... 2600:1400:9000::6875:b641	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	74.119.119.147 74.119.119.147	19750 (AS-CRITEO) (AS-CRITEO)
1	2600:9000:24f... 2600:9000:24fd:a800:19:fc2c:a140:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	172.217.13.102 172.217.13.102	15169 (GOOGLE) (GOOGLE)
1	3.208.227.70 3.208.227.70	14618 (AMAZON-AES) (AMAZON-AES)
3	34.117.228.201 34.117.228.201	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.17.24.14 104.17.24.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2620:100:a001::9 2620:100:a001::9	19750 (AS-CRITEO) (AS-CRITEO)
2	2620:100:a001... 2620:100:a001::16	19750 (AS-CRITEO) (AS-CRITEO)
1	2607:f8b0:402... 2607:f8b0:4020:807::2004	15169 (GOOGLE) (GOOGLE)
71	21

17 209.126.13.251 (St Louis, United States)

ASN40021 (NL-811-40021, US)
PTR: vmi1088084.contaboserver.net

da-dd-forms.free-onlineclock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:4020:804::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a02:6b8::1:119 (Moscow, Russian Federation) 5 redirects

ASN208722 (GLOBAL_DC, FI)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mc.yandex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4020:807::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:805::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4020:807::2001 (Montreal, Canada)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:806::2002 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::24 (United States)

ASN19750 (AS-CRITEO, US)

ads.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:100:a001::3 (United States)

ASN19750 (AS-CRITEO, US)

rtb.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2620:100:a001::4 (United States)

ASN19750 (AS-CRITEO, US)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2600:1400:9000::6875:b641 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.119.119.147 (United States)

ASN19750 (AS-CRITEO, US)

cat.va.us.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:24fd:a800:19:fc2c:a140:93a1 (United States)

ASN16509 (AMAZON-02, US)

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.13.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: yul02s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.208.227.70 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-208-227-70.compute-1.amazonaws.com

tracker.samplicio.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.117.228.201 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 201.228.117.34.bc.googleusercontent.com

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtbc-ue1.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:100:a001::9 (United States)

ASN19750 (AS-CRITEO, US)

imageproxy.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:100:a001::16 (United States)

ASN19750 (AS-CRITEO, US)

csm.us.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4020:807::2004 (Montreal, Canada)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	free-onlineclock.com da-dd-forms.free-onlineclock.com	832 KB
16	criteo.net static.criteo.net — Cisco Umbrella Rank: 897 imageproxy.us.criteo.net — Cisco Umbrella Rank: 5260 csm.us.criteo.net — Cisco Umbrella Rank: 5069	84 KB
12	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 122 tpc.googlesyndication.com — Cisco Umbrella Rank: 169	226 KB
7	doubleverify.com cdn.doubleverify.com — Cisco Umbrella Rank: 676 rtb0.doubleverify.com — Cisco Umbrella Rank: 1113 rtbc-ue1.doubleverify.com — Cisco Umbrella Rank: 4110 tps.doubleverify.com — Cisco Umbrella Rank: 722	126 KB
7	yandex.com 3 redirects mc.yandex.com — Cisco Umbrella Rank: 6180	3 KB
6	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 66 ad.doubleclick.net — Cisco Umbrella Rank: 180	25 KB
3	criteo.com ads.us.criteo.com — Cisco Umbrella Rank: 4918 rtb.va.us.criteo.com — Cisco Umbrella Rank: 10891 cat.va.us.criteo.com — Cisco Umbrella Rank: 5006	47 KB
3	yandex.ru 2 redirects mc.yandex.ru — Cisco Umbrella Rank: 2472	70 KB
1	google.com www.google.com — Cisco Umbrella Rank: 11	1 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 410	5 KB
1	samplicio.us tracker.samplicio.us — Cisco Umbrella Rank: 2646	303 B
1	agkn.com d.agkn.com — Cisco Umbrella Rank: 1055	564 B
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 254	57 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1368	609 B
71	14

	Domain	Requested by
17	da-dd-forms.free-onlineclock.com	da-dd-forms.free-onlineclock.com
11	static.criteo.net	ads.us.criteo.com cdnjs.cloudflare.com static.criteo.net
7	mc.yandex.com	3 redirects da-dd-forms.free-onlineclock.com
7	pagead2.googlesyndication.com	da-dd-forms.free-onlineclock.com pagead2.googlesyndication.com www.googletagservices.com tpc.googlesyndication.com
5	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
4	cdn.doubleverify.com	ads.us.criteo.com cdn.doubleverify.com da-dd-forms.free-onlineclock.com
4	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
3	imageproxy.us.criteo.net	ads.us.criteo.com
3	mc.yandex.ru	2 redirects da-dd-forms.free-onlineclock.com
2	csm.us.criteo.net	ads.us.criteo.com
2	ad.doubleclick.net	1 redirects ads.us.criteo.com
1	www.google.com	tpc.googlesyndication.com
1	tps.doubleverify.com	cdn.doubleverify.com
1	cdnjs.cloudflare.com	ads.us.criteo.com
1	rtbc-ue1.doubleverify.com	cdn.doubleverify.com
1	rtb0.doubleverify.com	cdn.doubleverify.com
1	tracker.samplicio.us	ads.us.criteo.com
1	d.agkn.com	ads.us.criteo.com
1	cat.va.us.criteo.com	ads.us.criteo.com
1	rtb.va.us.criteo.com	googleads.g.doubleclick.net
1	ads.us.criteo.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	partner.googleadservices.com	pagead2.googlesyndication.com
71	23

This site contains no links.

Subject Issuer	Validity	Valid
1areacodescountrycodes.com R3	`2023-09-21` - `2023-12-20`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
mc.yandex.ru GlobalSign ECC OV SSL CA 2018	`2023-08-14` - `2024-01-24`	5 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-01` - `2023-12-02`	3 months	crt.sh
*.va.us.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-21` - `2023-12-17`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-05` - `2023-10-31`	3 months	crt.sh
*.doubleverify.com DigiCert TLS RSA SHA256 2020 CA1	`2023-05-07` - `2024-05-07`	a year	crt.sh
*.agkn.com RapidSSL Global TLS RSA4096 SHA256 2022 CA1	`2023-09-07` - `2024-09-29`	a year	crt.sh
*.samplicio.us Amazon RSA 2048 M01	`2022-11-16` - `2023-12-15`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.us.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-08-09` - `2023-11-07`	3 months	crt.sh
*.tps.doubleverify.com Go Daddy Secure Certificate Authority - G2	`2022-09-28` - `2023-10-30`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh

This page contains 8 frames:

Primary Page: https://da-dd-forms.free-onlineclock.com/
Frame ID: 9DD9AC0556A627A6D98CF445A1968742
Requests: 28 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230920/r20190131/zrt_lookup.html
Frame ID: 1E63A44263AA687229B8B66BA160B90F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&h=280&slotname=6865507706&adk=2140346226&adf=2705879744&pi=t.ma~as.6865507706&w=1015&fwrn=4&fwrnh=100&lmt=1695375508&rafmt=1&format=1015x280&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508406&bpp=4&bdt=241&idt=200&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&correlator=1452825392483&frm=20&pv=2&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=293&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jN1S63i12h&p=https%3A//da-dd-forms.free-onlineclock.com&dtd=220
Frame ID: 267BC7B95E96CDB2774B5F0C2CAA8BC2
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&adk=1812271804&adf=3025194257&lmt=1695375508&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508434&bpp=2&bdt=270&idt=199&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&prev_fmts=1015x280&nras=1&correlator=1452825392483&frm=20&pv=1&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=211
Frame ID: 343EFDCFC353602604C858A643140A8E
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D
Frame ID: 48BC466520C60B997CFB128EA19F59AA
Requests: 27 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-measurements4722.js
Frame ID: F9EBDDA7B5C2E1CEA0ED24043F08267C
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EBEB31D3D85A441B5376BCD1F2103CF4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D1087390B43ABAAF588914F09E8CFF4B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Home | da-dd-forms.free-onlineclock.com

Detected technologies

Laravel (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

mc\.yandex\.ru/metrika/(?:tag|watch)\.js

Page Statistics

71
Requests

94 %
HTTPS

70 %
IPv6

14
Domains

23
Subdomains

21
IPs

4
Countries

1474 kB
Transfer

2682 kB
Size

20
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://mc.yandex.com/sync_cookie_image_check HTTP 302
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10133.ZnOV3xepTBWZ60mjmN0OcjCRMQjpIKz5-J2LlEfgT61Jt-plmAze21ZGiem3p_sB.H2VlYIPCMoLzchZlSoUD_cmm-6k%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide?token=10133.2NAt3qjfKjquWcGnfQpXHtKOe29JWzHxnPAyV0fJ3_F6GFSruCyLGR-x-RV6lMZFWPE0Nzfo2ZVHw_DLRIccJGeQkYl324MEJBCgo_cI9fQ%2C.R2hslyJ8paFl7CO9FYfxEssicM8%2C

Request Chain 40

https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_pre=CIXr9unvvIEDFd8XiAkdYjMKOw;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;;ltd=

Request Chain 54

https://mc.yandex.com/watch/55923610?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A1307357219487%3Ahid%3A33826500%3Az%3A-600%3Ai%3A20230921133829%3Aet%3A1695339509%3Ac%3A1%3Arn%3A215613736%3Arqn%3A1%3Au%3A169533950934271147%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A31%2C173%2C1886%2C3%2C%2C0%2C%2C185%2C0%2C%2C%2C%2C2279%3Aco%3A0%3Acpf%3A1%3Ans%3A1695339506068%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695339510%3At%3AHome%20%7C%20da-dd-forms.free-onlineclock.com&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(2) HTTP 302
https://mc.yandex.com/watch/55923610/1?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A1307357219487%3Ahid%3A33826500%3Az%3A-600%3Ai%3A20230921133829%3Aet%3A1695339509%3Ac%3A1%3Arn%3A215613736%3Arqn%3A1%3Au%3A169533950934271147%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A31%2C173%2C1886%2C3%2C%2C0%2C%2C185%2C0%2C%2C%2C%2C2279%3Aco%3A0%3Acpf%3A1%3Ans%3A1695339506068%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695339510%3At%3AHome%20%7C%20da-dd-forms.free-onlineclock.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1

Request Chain 61

https://mc.yandex.com/sync_cookie_image_check_secondary HTTP 302
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10133.7kx2r2XKVWXfrUMH0vGUPHCMd6PryJgtxFptVI-ARA3PKo_uoBYNaEXcHzlhZAUl.s7sNXgnJBCsfXIVgDYK9tkV83a8%2C HTTP 302
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10133.cL66IkNW3-vkV01gb6XUkxfDYFO3zz_DqRQr3NS0y2JdtqP5-7mcdIRNBXuM_1APWOFF1a53Nca82JufuCJx_bEH2lEBRSM3Ba5r83l936s%2C.P73MUGwDWeOW0CvAaB7khaRPAAQ%2C

71 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
da-dd-forms.free-onlineclock.com/ 41 KB
5 KB 2090ms
1886ms Document
text/html 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 3e750487b1a2defcac40fbb3c50aa093a8c489fb1caae5ddfd8ded42460893bc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, private
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Sep 2023 23:38:28 GMT
Server: nginx/1.20.2
Transfer-Encoding: chunked
X-Powered-By: PHP/7.4.32

GET
H/1.1 200
OK app.css
da-dd-forms.free-onlineclock.com/sites/css/ 41 KB
9 KB 127ms
127ms Stylesheet
text/css 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to

Full URL: https://da-dd-forms.free-onlineclock.com/sites/css/app.css
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: b105ce7a6240bf3812dcbc692a3bb683c7332be37d348176fe8b8b1b96c93a40

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Content-Encoding: gzip
Server: nginx/1.20.2
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: text/css; charset=UTF-8
Cache-Control: no-cache, private
Connection: keep-alive

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 145 KB
50 KB 167ms
77ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08a750128ebdd9a40f430cd9c6842863cf32f1d119e4137e56edffe24bbafdfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 50622
x-xss-protection: 0
server: cafe
etag: 6365625700246299577
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 21 Sep 2023 23:38:28 GMT

GET
H/1.1 200
OK 01-12-2019__21-07-45__A10_161.unlocked3.pdf.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 79 KB
80 KB 246ms
118ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/01-12-2019__21-07-45__A10_161.unlocked3.pdf.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 2c69f1bcb9b2e45d69e5d0ea203929975a4bd5464971d3329b2af005d49abd4e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 06-12-2019__01-11-34__A1058_R.unlocked.pdf.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 248 KB
249 KB 456ms
288ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/06-12-2019__01-11-34__A1058_R.unlocked.pdf.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: bb7618a8666144784f2b0fae6843cb3ac92277d8b6fcdf5b289ff43a51d819fc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 01-12-2019__21-20-54__page_1_thumb_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 49 KB
50 KB 620ms
452ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/01-12-2019__21-20-54__page_1_thumb_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 9d799032164a2d3ae45724cfe7742e7a943999a442b1604747c4ff8322bc2602

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-38-19__large.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 21 KB
22 KB 620ms
452ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-38-19__large.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: d8500d535c52313759ead5e7b641f3038b903fe2907551a5d48125d2393001c2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-43-38__Screenshot_3.jpg
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 87 KB
88 KB 611ms
444ms Image
image/jpeg 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-43-38__Screenshot_3.jpg
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 058b0c94568f1b569dc03125f79caafae82e74de722b3eca88ce012d06c9fdb3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/jpeg

GET
H/1.1 200
OK 02-12-2019__19-45-03__da-form-1085-r-management-information-requirements-and-adp-product-review-schedule_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 7 KB
7 KB 234ms
193ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-45-03__da-form-1085-r-management-information-requirements-and-adp-product-review-schedule_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 5d4d1eec91c7aca474bcd840fea7fd4cf1dceb3d42c07f48399a3bb866d92a58

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-46-32__da-form-1086-r-periodic-review-management-information-requirements-preparing-agency-response-and-recommendations_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 32 KB
33 KB 251ms
250ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-46-32__da-form-1086-r-periodic-review-management-information-requirements-preparing-agency-response-and-recommendations_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: aea037a0ef1d439912eeb659b89acd0a50237f08688a8099d19c09ba7375401d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-50-16__da-form-11-2-internal-control-evaluation-certification_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 23 KB
24 KB 139ms
138ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-50-16__da-form-11-2-internal-control-evaluation-certification_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 951ef0ac39c41b1a20ad4ce2310665d3f5aadb36d2cc59a0e2dfc2616ab1f97e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-52-25__da-form-1112-building-preventive-maintenance-record_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 5 KB
6 KB 99ms
99ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-52-25__da-form-1112-building-preventive-maintenance-record_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: e302739efbdb10034a817cb0d18479ac84253ef87dca5e7803c130f587eba616

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-53-57__large.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 15 KB
16 KB 106ms
105ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-53-57__large.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: c5a6f93b0f237a2958fdeb2f6a22ae1d1fd3c54e112d39558d76098cc6d81a0a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 25-12-2019__20-04-55__1.jpg
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 101 KB
102 KB 201ms
201ms Image
image/jpeg 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/25-12-2019__20-04-55__1.jpg
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 0ae70cf4252bad7197a3d64a53f8e992f38c26f6121a7c17d1621790f862ee89

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/jpeg

GET
H/1.1 200
OK 25-12-2019__20-05-29__1.jpg
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 104 KB
105 KB 144ms
144ms Image
image/jpeg 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/25-12-2019__20-05-29__1.jpg
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 21a6435a2fd0dbcf3b310033ed15249eca097eef091df56d9196a4b3670b4a23

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/jpeg

GET
H/1.1 200
OK 02-12-2019__19-56-03__da-form-1129-r-record-prisoners-personal-deposit-fund-lra_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 6 KB
7 KB 148ms
148ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-56-03__da-form-1129-r-record-prisoners-personal-deposit-fund-lra_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 895790c6d261cbe4350d705fd398db444066ade0cbdec367ea9b7b17b7848406

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-56-42__da-form-1134-r-request-withdrawal-personal-property-lra_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 18 KB
19 KB 226ms
226ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-56-42__da-form-1134-r-request-withdrawal-personal-property-lra_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 9db41c4ce479261bcb0397c2e61da679b9054190e06f77240e3a6c05f5af1921

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:29 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H/1.1 200
OK 02-12-2019__19-57-19__da-form-1135-r-personal-property-permit-lra_big.png
da-dd-forms.free-onlineclock.com/files/forms/images/da/ 9 KB
10 KB 151ms
150ms Image
image/png 209.126.13.251
NL-811-40021

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://da-dd-forms.free-onlineclock.com/files/forms/images/da/02-12-2019__19-57-19__da-form-1135-r-personal-property-permit-lra_big.png
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.126.13.251 St Louis, United States, ASN40021 (NL-811-40021, US),
Reverse DNS: vmi1088084.contaboserver.net
Software: nginx/1.20.2 / PHP/7.4.32
Resource Hash: 087bfccb26519a6e92538da47cd63b7250d465c9fd91562f6becd8a15f5d4acc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:28 GMT
Cache-Control: no-cache, private
Server: nginx/1.20.2
Connection: keep-alive
X-Powered-By: PHP/7.4.32
Transfer-Encoding: chunked
Content-Type: image/png

GET
H2 200 tag.js Show response
mc.yandex.ru/metrika/ 202 KB
70 KB 782ms
387ms Script
application/javascript 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/tag.js

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

92d967aa9f47d13c45fa328edf25255a86f1b4cabf5673a516166a274da4c235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Sep 2023 14:40:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "650ada40-11420"
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
timing-allow-origin: *
content-length: 70688
expires: Fri, 22 Sep 2023 00:38:28 GMT

GET
H2 200 show_ads_impl_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/ 379 KB
129 KB 115ms
114ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffd2543c32d694442591e7cb81c57d7730425d26da0aa52e727f2ddf4804cc4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:28 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 131526
x-xss-protection: 0
server: cafe
etag: 4965807273756281420
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Thu, 21 Sep 2023 23:38:28 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230920/r20190131/ Frame 1E63 10 KB
5 KB 181ms
88ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230920/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://da-dd-forms.free-onlineclock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 2552
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 22:55:56 GMT
etag: 2603938475786422795
expires: Thu, 05 Oct 2023 22:55:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 407 B
609 B 159ms
63ms Script
text/javascript 2607:f8b0:4020:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=da-dd-forms.free-onlineclock.com&callback=_gfp_s_&client=ca-pub-6024983979000104

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:805::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d4f28a0c177237e471dff6fff547e8b26d2b378072bdb018f31063645179d27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 257
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 267B 34 KB
14 KB 271ms
262ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&h=280&slotname=6865507706&adk=2140346226&adf=2705879744&pi=t.ma~as.6865507706&w=1015&fwrn=4&fwrnh=100&lmt=1695375508&rafmt=1&format=1015x280&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508406&bpp=4&bdt=241&idt=200&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&correlator=1452825392483&frm=20&pv=2&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=293&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jN1S63i12h&p=https%3A//da-dd-forms.free-onlineclock.com&dtd=220

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21ebc3723b7bf50a7ed8d7735ae7075d73df27ee29211b8dedcac55f70f11a19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://da-dd-forms.free-onlineclock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 14066
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 23:38:28 GMT
expires: Thu, 21 Sep 2023 23:38:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 343E 10 KB
5 KB 311ms
310ms Document
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&adk=1812271804&adf=3025194257&lmt=1695375508&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&plas=260x1080_l%7C260x1080_r&format=0x0&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508434&bpp=2&bdt=270&idt=199&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&prev_fmts=1015x280&nras=1&correlator=1452825392483&frm=20&pv=1&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=2&uci=a!2&fsb=1&dtd=211

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0da3921120178b9915ac05d66c487a34ce09444c5976ab5d5a36574b3278cb18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://da-dd-forms.free-onlineclock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 4492
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 23:38:28 GMT
expires: Thu, 21 Sep 2023 23:38:28 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 267B 3 KB
1 KB 124ms
39ms Script
text/javascript 2607:f8b0:4020:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&h=280&slotname=6865507706&adk=2140346226&adf=2705879744&pi=t.ma~as.6865507706&w=1015&fwrn=4&fwrnh=100&lmt=1695375508&rafmt=1&format=1015x280&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508406&bpp=4&bdt=241&idt=200&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&correlator=1452825392483&frm=20&pv=2&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=293&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jN1S63i12h&p=https%3A//da-dd-forms.free-onlineclock.com&dtd=220

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 21:54:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 21:54:18 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/ Frame 267B 20 KB
8 KB 116ms
35ms Script
text/javascript 2607:f8b0:4020:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230920/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 21:54:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 6251
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8275
x-xss-protection: 0
server: cafe
etag: 7349537481621356269
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 05 Oct 2023 21:54:18 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 267B 182 KB
57 KB 197ms
112ms Script
text/javascript 2607:f8b0:4020:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:806::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 58105
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1695209545430561"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Sep 2023 23:38:29 GMT

GET
H2 200 afr.php Show response
ads.us.criteo.com/delivery/r/ Frame 48BC 131 KB
46 KB 229ms
136ms Document
text/html 2620:100:a001::24
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::24 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

c960290a4b95ed5f447a30979222dba40a72b6c2ced800c801147d6f17cf9369

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
cache-control: private, max-age=0, no-cache
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 23:38:29 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
link: <pix.us.criteo.net>; rel=preconnect; crossorigin, <static.criteo.net>; rel=preconnect; crossorigin
p3p: CP='CUR ADM OUR NOR STA NID'
pragma: no-cache
report-to: {"endpoints":[{"url":"https://csm.us.criteo.net/heavyad?cppv=3&cpp=EzFh5Yms5tyo0yIn6IbYTHvQRGxbH7ZeuiJO6j5uNqoY1WtyGnBVJN2naz6usr8QgRLh7g5c-QYJ_SMcBQV3EdTk6G0k8d-ENuOxMa81JdSrNjTa3nCyoP4fqATFRqX1SXo7D_yMv9XcTJ8Xge-miT8oUu3F_U3fTSQgG94C9Xdn4TxXOqJo_sH25rvr-M53-eCFf1KdGp1LxayKFbBOBpSHEwoKdmLi5rreWrJmU2fkbXKwp1KAcx_afLvRITHsoK4TFg"}], "max_age": 86400}
server: Kestrel
server-processing-duration-in-ticks: 91537800
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
DATA 200
OK truncated
/ Frame 267B 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: da29d16bd027a76eecf71516234a208405db80070e0c4aa3729de2f9ba4360fd

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

sync_cookie_image_decide
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check
https://mc.yandex.ru/sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10133.ZnOV3xepTBWZ60mjmN0OcjCRMQjpIKz5-J2LlEfgT61Jt-plmAze21ZGiem3p_sB.H2VlYIPCMoLzchZlSoUD_cmm-6k%2C
https://mc.yandex.com/sync_cookie_image_decide?token=10133.2NAt3qjfKjquWcGnfQpXHtKOe29JWzHxnPAyV0fJ3_F6GFSruCyLGR-x-RV6lMZFWPE0Nzfo2ZVHw_DLRIccJGeQkYl324MEJBCgo_cI9fQ%2C.R2hslyJ8paFl7CO9FYfxEssicM8%2C

43 B
67 B

198ms
198ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide?token=10133.2NAt3qjfKjquWcGnfQpXHtKOe29JWzHxnPAyV0fJ3_F6GFSruCyLGR-x-RV6lMZFWPE0Nzfo2ZVHw_DLRIccJGeQkYl324MEJBCgo_cI9fQ%2C.R2hslyJ8paFl7CO9FYfxEssicM8%2C

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide?token=10133.2NAt3qjfKjquWcGnfQpXHtKOe29JWzHxnPAyV0fJ3_F6GFSruCyLGR-x-RV6lMZFWPE0Nzfo2ZVHw_DLRIccJGeQkYl324MEJBCgo_cI9fQ%2C.R2hslyJ8paFl7CO9FYfxEssicM8%2C
date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

GET
H2 200 advert.gif
mc.yandex.com/metrika/ 43 B
162 B 199ms
194ms Image
image/gif 2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/metrika/advert.gif

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 20 Sep 2023 14:40:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
etag: "650ada40-2b"
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 43
expires: Fri, 22 Sep 2023 00:38:29 GMT

GET
H2 200 adview
googleads.g.doubleclick.net/pagead/ Frame 267B 0
377 B 74ms
73ms Image
text/html 2607:f8b0:4020:807::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cpcca9NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_AFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hnuE-SFnMsSfMoGrCYjOKamhxlAzTKaeNxRgrBJeYlMhqat2RTqABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTqACgH6CwIIAYAMAdAVAYAXAbIXGgoYEhRwdWItNjAyNDk4Mzk3OTAwMDEwNBgA&sigh=mQstKhFrD6c&uach_m=[UACH]&cid=CAQSGwBpAlJWT4hawlR9p9yrIRrLmx214NWGe9McYRgB&cbvp=2&vis=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&h=280&slotname=6865507706&adk=2140346226&adf=2705879744&pi=t.ma~as.6865507706&w=1015&fwrn=4&fwrnh=100&lmt=1695375508&rafmt=1&format=1015x280&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508406&bpp=4&bdt=241&idt=200&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&correlator=1452825392483&frm=20&pv=2&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=293&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jN1S63i12h&p=https%3A//da-dd-forms.free-onlineclock.com&dtd=220
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 21 Sep 2023 23:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 21 Sep 2023 23:38:29 GMT

GET
H2 200 notify
rtb.va.us.criteo.com/google/auction/ Frame 267B 0
126 B 106ms
43ms Image
text/plain 2620:100:a001::3
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://rtb.va.us.criteo.com/google/auction/notify?profile=14&payload=kK_oEs36RPcHmALiIp0XAgAAAMb7kx9WOZGmEPPTDGXIQKJ3MmeXJjyrAAASAAAKCkFRVURDZ0VCQ2c&wp=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&cbvp=2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::3 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:28 GMT
strict-transport-security: max-age=31536000; preload;
server-processing-duration-in-ticks: 316385
server: Kestrel
content-length: 0

GET
H2 200 privacy_small.svg
static.criteo.net/flash/icon/ Frame 48BC 2 KB
1 KB 94ms
31ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy_small.svg

Requested by

Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:30:28 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42ba84-6aa"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2 200 adchoices_en.svg
static.criteo.net/flash/icon/ Frame 48BC 2 KB
1 KB 92ms
30ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/adchoices_en.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 11 Feb 2020 14:27:58 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e42b9ee-759"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2 200 close_button.svg
static.criteo.net/flash/icon/ Frame 48BC 308 B
636 B 93ms
32ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/close_button.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 14 Feb 2020 13:51:32 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "5e46a5e4-134"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 308
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2 200 back_button2.svg
static.criteo.net/flash/icon/ Frame 48BC 293 B
621 B 92ms
31ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/back_button2.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 28 Apr 2022 09:09:48 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: "626a59dc-125"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
content-length: 293
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H/1.1 200
OK dvbs_src.js Show response
cdn.doubleverify.com/ Frame 48BC 2 KB
1 KB 150ms
34ms Script
application/javascript 2600:1400:9000::6875:b641
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=13846930&cmp=30251533&sid=1340728&plc=372411465&dvregion=0&unit=1015x280
Requested by: Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::6875:b641 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 01a35e949b55eb92431872d6a0ac846d69ccf0093596c894eb22f62f30ea6eeb

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 19 Sep 2023 10:11:15 GMT
Server: UploadServer
ETag: "27cc5fec34fb6d3042f5aab4d2f9ce87"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 932
Expires: Fri, 22 Sep 2023 23:38:29 GMT

GET
H/1.1 200
OK dvtp_src.js Show response
cdn.doubleverify.com/ Frame 48BC 9 KB
4 KB 150ms
35ms Script
application/javascript 2600:1400:9000::6875:b641
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvtp_src.js?ctx=13846930&cmp=30251533&sid=1340728&plc=372411465&adsrv=1&btreg=&btadsrv=&crt=&tagtype=&dvtagver=6.1.src
Requested by: Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::6875:b641 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 2ee6906ec3fddec024f2c0b34ebd4f86dbfb70bf558e28904c879e60c934171a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21 Sep 2023 12:39:33 GMT
Server: UploadServer
ETag: "e3de7958dd198a053d42a61c258af718"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=900
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3638
Expires: Thu, 21 Sep 2023 23:53:29 GMT

GET
H2 200 lg.php
cat.va.us.criteo.com/delivery/ Frame 48BC 43 B
348 B 134ms
38ms Image
image/gif 74.119.119.147
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cat.va.us.criteo.com/delivery/lg.php?cppv=3&cpp=N5uQEMal2szQIPBKfCmByVFNlJrCqdiayFfZm0LXxhTxH-ZUSoa583sN_dR5j9JpS-sGZfymrrqSXIUJ5REtXIsmXD9uYgg0FIeSpmvyJxnAuM_RMgaDI019PkqbxDP9675AVqcjna_QTOdfzw_2jGYw_eAe5W4Sc04JUyA0m5G82b2nKoY0Q_3TRwl2Afq8xD_bgrMfJ6x9vOnJbPBcYBjCVDVbOBTxorJdbKcXcVghfmFuDg7vPz1fcDOeFNu1Lnv3NIpDzkRux_QMzeyC0zhO_hAVD_CrBP-ywqK7Q_Q-YmxibdUpPqLXbHGAJcuv0fhWQRdpdT6IWo43ZONH6b-b19wvYDB8dd1LEwwIoWmhtitQlF_rn_Mp5ri868oUn4Dj7GymnfQRqVKhpeIuoUEYVGya3NLVSNck0hSJi06p_ogG6q3n2Dga7KlFdTHtODIAvw

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.119.119.147 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 2822113
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 /
d.agkn.com/pixel/8538/ Frame 48BC 43 B
564 B 222ms
46ms Image
image/gif 2600:9000:24fd:a800:19:fc2c:a140:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.agkn.com/pixel/8538/?che=650cd3f4de83e1689bdb657273b07819&col=308271,0,0,0,11120203,650cd3f4de83e1689bdb657273b07819
Requested by: Host: ads.us.criteo.com
URL: https://ads.us.criteo.com/delivery/r/afr.php?z=ZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg&u=%7C6TSlpZIQgfD1hMWs09Ayt%2BZ%2B0IXdk%2BGe%2FqJkDfG9ZvE%3D%7C&c1=TUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI&ct0=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%26client%3Dca-pub-6024983979000104%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:24fd:a800:19:fc2c:a140:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:29 GMT
via: 1.1 d20643381b69d20c57164843f598201e.cloudfront.net (CloudFront)
x-amz-cf-pop: CMH68-P2
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: image/gif
cache-control: no-cache, must-revalidate
content-length: 43
x-amz-cf-id: N8Kfl6Rv38iGyJ7WjtRaVs6THMpnn2J6Xper_3ZqE2bxgpVjNgfN7w==
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

B30251533.372411465;dc_pre=CIXr9unvvIEDFd8XiAkdYjMKOw;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tf...
ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/ Frame 48BC
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_ch...
https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_pre=CIXr9unvvIEDFd8XiAkdYjMKOw;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273...

42 B
245 B

77ms
76ms

Image
image/gif

172.217.13.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_pre=CIXr9unvvIEDFd8XiAkdYjMKOw;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;;ltd=?

Requested by

Protocol

Server

172.217.13.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

yul02s04-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:29 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:29 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ad.doubleclick.net/ddm/trackimp/N8278.154378.CRITEO/B30251533.372411465;dc_pre=CIXr9unvvIEDFd8XiAkdYjMKOw;dc_trk_aid=563043988;dc_trk_cid=195958998;dcopt=anid;ord=650cd3f4de83e1689bdb657273b07819;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=0;;ltd=?
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.gif
tracker.samplicio.us/tracker/135ae744-093c-4f69-8b53-a36ce6361ac1/ Frame 48BC 35 B
303 B 137ms
41ms Image
image/gif 3.208.227.70
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracker.samplicio.us/tracker/135ae744-093c-4f69-8b53-a36ce6361ac1/pixel.gif?c1=11120203&pid=141491&sid=12142151539117342591&crid=308271&device_id=&cachebuster=650cd3f4de83e1689bdb657273b07819&gdpr=0&gdpr_consent=&gdpr_pd=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.208.227.70 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-208-227-70.compute-1.amazonaws.com

Software

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=604800
x-ratelimit-reset: 0
x-ratelimit-limit: 0
content-length: 35
x-ratelimit-remaining: 0
content-type: image/gif

GET
H/1.1 200
OK dvbs_src_internal121.js Show response
cdn.doubleverify.com/ Frame 48BC 60 KB
20 KB 34ms
33ms Script
application/javascript 2600:1400:9000::6875:b641
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dvbs_src_internal121.js
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src.js?ctx=13846930&cmp=30251533&sid=1340728&plc=372411465&dvregion=0&unit=1015x280
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::6875:b641 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: a6a235eb3be8edd6595e0d3a955057057947ecb9240263e146077afcc2e595a4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:29 GMT
Content-Encoding: gzip
Last-Modified: Tue, 19 Sep 2023 10:11:17 GMT
Server: UploadServer
ETag: "5f080c001aa5f41de83429c4ff230ccf"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19652
Expires: Fri, 20 Sep 2024 23:38:29 GMT

GET
H/1.1 200
OK verify.js Show response
rtb0.doubleverify.com/ Frame 48BC 444 B
577 B 255ms
77ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verify.js?flvr=0&jsCallback=__verify_callback_243724076286&jsTagObjCallback=__tagObject_callback_243724076286&num=6&ctx=13846930&cmp=30251533&plc=372411465&sid=1340728&advid=&adsrv=&unit=1015x280&isdvvid=&uid=243724076286&tagtype=&adID=&app=&sup=&isovv=0&gmnpo=&crt=&nav_pltfrm=Win32&dvp_strhd=0.20&dvpx_strhd=0.20&brid=3&brver=117&bridua=3&dup=null&srcurlD=1&ssl=1&refD=2&tagpb=1&htmlmsging=1&tstype=128&m1=13&noc=4&fcifrms=3&brh=2&vavbkt=&lvvn=28&dvp_idcerr=undefined&ver=168&eparams=DC4FC%3Dl9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau52%5C55%5C7%40C%3ED%5D7C66%5C%40%3F%3D%3A%3F64%3D%404%3C%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau25D%5DFD%5D4C%3AE6%40%5D4%40%3E&dvp_exetime=6.00&callbackName=__verify_callback_243724076286
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal121.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: ad6f5f14ba08281bf08677b25d2ef088e7894f0ad8d274b65030aa5dc1841178

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 23:38:29 GMT
Content-Encoding: br
X-DV-Response: 1
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 09/20/2023 23:38:29

POST
H/1.1 204
No Content bsevent.gif
rtbc-ue1.doubleverify.com/ Frame 48BC 0
298 B 154ms
58ms Ping
text/plain 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbc-ue1.doubleverify.com/bsevent.gif?flvr=0&impid=d648a2abee434aff87bd1ab507eb015a&vfdur=256&cbust=1695339509894616
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dvbs_src_internal121.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://ads.us.criteo.com
Pragma: no-cache
Date: Thu, 21 Sep 2023 23:38:30 GMT
Cache-Control: max-age=0
Access-Control-Allow-Credentials: true, true
Connection: keep-alive
Expires: 2023-09-20T23:38:30

GET
H/1.1 200
OK dv-measurements4722.js Show response
cdn.doubleverify.com/ Frame F9EB 421 KB
99 KB 266ms
266ms Script
application/javascript 2600:1400:9000::6875:b641
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-measurements4722.js
Requested by: Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1400:9000::6875:b641 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6c491f68620ca768061002e5608a163601923b5d04230af080eede67e5ed5c74

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Date: Thu, 21 Sep 2023 23:38:29 GMT
Content-Encoding: gzip
Last-Modified: Thu, 21 Sep 2023 10:24:50 GMT
Server: UploadServer
ETag: "6b3602e51d4038d914c33a5d7d50fbb3"
Vary: Accept-Encoding
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Cache-Control: no-transform, max-age=31536000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 101100
Expires: Fri, 20 Sep 2024 23:38:29 GMT

GET
H2 200 webfontloader.js Show response
cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/ Frame 48BC 12 KB
5 KB 432ms
51ms Script
application/javascript 104.17.24.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 7899029
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 4420
last-modified: Mon, 04 May 2020 16:17:52 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb04030-30d9"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N0%2FAYmzKo65k2dxB3XzJBLDUWxYtSUYfWSxPuqvtj%2FjFqAREHKIhFIuK%2B%2F6vBryfDkjR8ecdaEdpETeXDN9%2BWtBqOFJAYo5MdLXCh2UW8bwOcr906i4KPQ9IEkTY4VlT6OzbfJwo"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 80a62463785539f4-YYZ
expires: Tue, 10 Sep 2024 23:38:30 GMT

GET
H2 200 animejs.js Show response
static.criteo.net/animejs/ Frame 48BC 12 KB
6 KB 36ms
35ms Script
text/javascript 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/animejs/animejs.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Tue, 26 Mar 2019 17:44:11 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5c9a64eb-3181"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 48BC 5 KB
6 KB 302ms
198ms Image
image/png 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?h=556&m=0&partner=5535&q=80&r=0&u=http%3A%2F%2Fstatic.va.us.criteo.net%2Fdesign%2Fdt%2F5535%2F190813%2Fd5bb21879100431680b4588fceb6cd1e_logo_lightbg_horizontal.png&v=3&w=196&s=bfATsxTzblTqU08XAHK-yc-u

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

25cffbd728609b260eaaa5a54ec80c1ab4a713c5c214ac19296571569f60e279

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/png
cache-control: public, max-age=31104000
content-length: 5549
expires: Thu, 29 Aug 2024 00:53:04 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 48BC 17 KB
17 KB 215ms
112ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=5535&q=80&r=0&u=https%3A%2F%2Fslimages.macysassets.com%2Fis%2Fimage%2FMCY%2Fproducts%2F9%2Foptimized%2F13397625_fpx.tif%3Fwid%3D1200%26fmt%3Djpeg%26qlt%3D100&v=3&w=800&s=RG_h7kMRQfqTnJZwkrnb97pp&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

00e37fb036a271b9e0ac417da507280a75ac46ea0175881f17c2cae77f8a542c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=2592000
content-length: 16934
expires: Sat, 21 Oct 2023 22:15:51 GMT

GET
H2 200 img
imageproxy.us.criteo.net/img/ Frame 48BC 16 KB
16 KB 232ms
128ms Image
image/webp 2620:100:a001::9
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://imageproxy.us.criteo.net/img/img?c=3&cq=256&h=800&m=0&partner=5535&q=80&r=0&u=https%3A%2F%2Fslimages.macysassets.com%2Fis%2Fimage%2FMCY%2Fproducts%2F7%2Foptimized%2F24548397_fpx.tif%3Fwid%3D1200%26fmt%3Djpeg%26qlt%3D100&v=3&w=800&s=beu2NtZLVyBvJq5Q8QB7n0OL&b=400

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::9 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Kestrel /

Resource Hash

79af362bd987912c642d65aa8b6847ae756051e83b5068ef0cff028ce56187e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 4 Jun 2008 06:06:06 GMT
server: Kestrel
time-allow-origin: *
content-type: image/webp
cache-control: public, max-age=2592000
content-length: 15876
expires: Fri, 29 Sep 2023 11:30:07 GMT

POST
H2 200 all
csm.us.criteo.net/ Frame 48BC 0
128 B 150ms
51ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://csm.us.criteo.net/all?cppv=3&cpp=EzFh5Yms5tyo0yIn6IbYTHvQRGxbH7ZeuiJO6j5uNqoY1WtyGnBVJN2naz6usr8QgRLh7g5c-QYJ_SMcBQV3EdTk6G0k8d-ENuOxMa81JdSrNjTa3nCyoP4fqATFRqX1SXo7D_yMv9XcTJ8Xge-miT8oUu3F_U3fTSQgG94C9Xdn4TxXOqJo_sH25rvr-M53-eCFf1KdGp1LxayKFbBOBpSHEwoKdmLi5rreWrJmU2fkbXKwp1KAcx_afLvRITHsoK4TFg&sds=2&rev=88356&sendBeacon=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 23:38:29 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H2 200 criteo_logo_2021.svg
static.criteo.net/flash/icon/ Frame 48BC 2 KB
1 KB 48ms
47ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/criteo_logo_2021.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 27 May 2021 13:21:59 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"60af9cf7-891"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2 200 privacy.svg
static.criteo.net/flash/icon/ Frame 48BC 2 KB
1 KB 49ms
48ms Image
image/svg+xml 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://static.criteo.net/flash/icon/privacy.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:29 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 19 Feb 2020 10:57:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"5e4d1491-646"
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:29 GMT

GET
H2

200

1 Show response
mc.yandex.com/watch/55923610/
Redirect Chain

https://mc.yandex.com/watch/55923610?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269%3...
https://mc.yandex.com/watch/55923610/1?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269...

454 B
757 B

224ms
223ms

XHR
application/json

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.com/watch/55923610/1?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A1307357219487%3Ahid%3A33826500%3Az%3A-600%3Ai%3A20230921133829%3Aet%3A1695339509%3Ac%3A1%3Arn%3A215613736%3Arqn%3A1%3Au%3A169533950934271147%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A31%2C173%2C1886%2C3%2C%2C0%2C%2C185%2C0%2C%2C%2C%2C2279%3Aco%3A0%3Acpf%3A1%3Ans%3A1695339506068%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695339510%3At%3AHome%20%7C%20da-dd-forms.free-onlineclock.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

c3e5fe258402826f63b566fedf93e29688276b6842a4533346dbc492c6ca460c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:30 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
last-modified: Thu, 21-Sep-2023 23:38:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
content-type: application/json; charset=utf-8
access-control-allow-origin: https://da-dd-forms.free-onlineclock.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 454
x-xss-protection: 1; mode=block
expires: Thu, 21-Sep-2023 23:38:30 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:30 GMT
strict-transport-security: max-age=31536000
last-modified: Thu, 21-Sep-2023 23:38:30 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
location: /watch/55923610/1?wmode=7&page-url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&charset=utf-8&uah=chm%0A%3F0&browser-info=pv%3A1%3Avf%3A3qm6qq812ez2u52y4wzrnbv%3Afp%3A2269%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1111%3Acn%3A1%3Adp%3A0%3Als%3A1307357219487%3Ahid%3A33826500%3Az%3A-600%3Ai%3A20230921133829%3Aet%3A1695339509%3Ac%3A1%3Arn%3A215613736%3Arqn%3A1%3Au%3A169533950934271147%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Awv%3A2%3Ads%3A31%2C173%2C1886%2C3%2C%2C0%2C%2C185%2C0%2C%2C%2C%2C2279%3Aco%3A0%3Acpf%3A1%3Ans%3A1695339506068%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1695339510%3At%3AHome%20%7C%20da-dd-forms.free-onlineclock.com&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%282%29&redirnss=1
access-control-allow-origin: https://da-dd-forms.free-onlineclock.com
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
expires: Thu, 21-Sep-2023 23:38:30 GMT

GET
H2 200 roboto-400.css
static.criteo.net/design/googlefont/roboto/ Frame 48BC 2 KB
842 B 52ms
51ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:30 GMT

GET
H2 200 roboto-700.css
static.criteo.net/design/googlefont/roboto/ Frame 48BC 2 KB
841 B 53ms
52ms Stylesheet
text/css 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-700.css

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/webfont/1.6.28/webfontloader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13d-807"
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:30 GMT

GET
H/1.1 200
OK visit.js Show response
tps.doubleverify.com/ Frame F9EB 724 B
750 B 309ms
92ms Script
text/javascript 34.117.228.201
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tps.doubleverify.com/visit.js?gdpr=&gdpr_consent=&flvr=0&ttmms=491&ttfrms=23&brid=3&brver=117.0.5938.88&bridua=3&bds=1&tstype=128&sim=3&eparams=DC4FC%3Dl9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETauU2%3F4r92%3A%3Fl9EEADTbpTauTau52%5C55%5C7%40C%3ED%5D7C66%5C%40%3F%3D%3A%3F64%3D%404%3C%5D4%40%3ETar9EEADTbpTauTau8%40%408%3D625D%5D8%5D5%40F3%3D64%3D%3A4%3C%5D%3F6ETar9EEADTbpTauTau25D%5DFD%5D4C%3AE6%40%5D4%40%3E&srcurlD=1&aUrlD=0&ssl=https:&dfs=332&ddur=153&uid=1695339510407851&jsCallback=dvCallback_1695339510407107&dvtagver=6.1.src&navUa=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F117.0.5938.88%20Safari%2F537.36&htmlmsging=1&chro=1&hist=2&winh=280&winw=1015&wouh=1200&wouw=1600&scah=1200&scaw=1600&jsver=4722&tgjsver=4722&lvvn=28&m1=13&refD=2&referrer=https%3A%2F%2Fads.us.criteo.com%2Fdelivery%2Fr%2Fafr.php%3Fz%3DZQzT9AAK3i8Asz5jAAxeYX7W_DgozVwszbncDg%26u%3D%257C6TSlpZIQgfD1hMWs09Ayt%252BZ%252B0IXdk%252BGe%252FqJkDfG9ZvE%253D%257C%26c1%3DTUPLs6ok1IhDgnvJmJgq2b8G6XvEBIvqAb79lxbNLn-Y29LVqxBSOQhZKVxZui5pXNlU4WPrBd-WsQaHOL91cWjEyJfbRKIeJqrpJcUSlPW1IX2OVg71cZ8xloW6ByghW_ok5s3mVPHKBV95yDo2wDVFGchz_L81QYhiSO65KHk0kWaxzS4okIMbukqAPXnUFeKS32udHjlQG_2a3t-9CR9n8U0y715ifMEMd0GxBLtM352sprEdUEqrQk-FB-mKo868e3dwIAZlr2qfEOj3CuShSCbK-ZXKNezP6kF2iclJyLCG8x4reGOggO7RMxHdYHx68PHIhXoa8BjJ7U2E-7QssJk14UJhYovkPCwA0jsaBLK9Ri86fM6XtSvCnM2UQh9dmDJETXMcrjSVyWlpng0FVRoqBjUKRfhhzCI1j9ntEQZPpExdUoyJiGLvzmD8ySeRi_6RmG3euge3wJ9KBWTky1ln0razM43r1Q-oFH9uNJbNZBIUYjQ-JiAnOguBJlMeea4U0gBwlQwZyvsDsPwNgn9Uhm6dvnVqp-LPEOGejPel9bJX8af-IyUQoB0LU9XRUgV0-RXbSBX6fLktJn1VfZ5XNimm3uktySHnTexsfWTO2EFYNTDE7A4GNwmLE5VdDGMP5YI%26ct0%3Dhttps%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%253Fsa%253DL%2526ai%253DC1bC59NMMZa-8K-P8zLUP4byx-Aucge-wXMqmqap0wI23ARABIABgye6Oi8CkjBCCARdjYS1wdWItNjAyNDk4Mzk3OTAwMDEwNMgBCagDAcgDAqoE_wFP0D-7w6JZm4G2HPfAKjlKYsigUMJxPVuupgjviEst0GoQNR-JRql8qFkoKab4L_FbpDS38cycPj4boNLHsixNUKW8ruCTcbA33U6sRTmIQ3qyrmzpQsNF5QOZf2_tk-KB_gnyIQrduG-aBaNjKoQXT67J5Tb6L4vglbOhQ32qx3roKNCpgW-AUwptTQYe9hMfcJeXI8kXmdPsZ9xvMQFmv6mkInuICWS4VlVp9ucxtJWXEW7ZM6tuOYkj_A9TGNx9A04g5TVMpRxdCtIs7CCGvOfTngX0hjmG2bOhjy_lu2qU3QT3zg0QyXg6Yr5arOcaJdvgfH85KG_ifN2Sb2-ABoih5fuWkZHYeqAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBIIgGEQATICigI6AoBASL39wTr6CwIIAYAMAdAVAYAXAQ%2526num%253D1%2526sig%253DAOD64_3uk4ReZplvHJyRrDNdyiqLtqZdCw%2526client%253Dca-pub-6024983979000104%2526adurl%253D&fcifrms=3&brh=2&dvp_epl=289&noc=4&nav_pltfrm=Win32&ctx=13846930&cmp=30251533&sid=1340728&plc=372411465&adsrv=1&errorURL=https://tps.doubleverify.com/visit.jpg&mib=0&dvp_rcp=2&dvp_htec=2&dvp_seem=2&dvp_tuk=1&dvp_sukv=794078192.7127413&dvp_tukv=141969512104.33014&dvp_strhd=0.6000022888183594&dvpx_strhd=0.6000022888183594&dvp_tuid=1438554025884&jurtd=2297518349
Requested by: Host: cdn.doubleverify.com
URL: https://cdn.doubleverify.com/dv-measurements4722.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.228.201 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 201.228.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 9b7ebf4419836292a55e3334d024c735a11cbb650bc9f21941aa859e189a0993

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.us.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 21 Sep 2023 23:38:30 GMT
Content-Encoding: br
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=0
Connection: keep-alive
Timing-Allow-Origin: *
Expires: 09/20/2023 23:38:30

GET
H2 200 roboto-400-latin.woff2
static.criteo.net/design/googlefont/roboto/ Frame 48BC 15 KB
16 KB 260ms
136ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-400-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/roboto/roboto-400.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/roboto/roboto-400.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:19 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13b-3d80"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:30 GMT

GET
H2 200 roboto-700-latin.woff2
static.criteo.net/design/googlefont/roboto/ Frame 48BC 15 KB
16 KB 277ms
156ms Font
application/octet-stream 2620:100:a001::4
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/design/googlefont/roboto/roboto-700-latin.woff2

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/design/googlefont/roboto/roboto-700.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::4 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

nginx /

Resource Hash

ba9f43fbd9c0782c72ff6eddd221abdcfd9642cd4625227ad693347e4d6989db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://static.criteo.net/design/googlefont/roboto/roboto-700.css
Origin: https://ads.us.criteo.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:30 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Thu, 08 Dec 2022 14:14:21 GMT
server: nginx
cross-origin-embedder-policy: require-corp
etag: W/"6391f13d-3df4"
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31104000, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Sun, 15 Sep 2024 23:38:30 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 267B 42 B
64 B 218ms
90ms Fetch
image/gif 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9F4Bj_Hm_-cfriSvAv4LAECumCXUXd66JpL_hZFHbYhKLw6_txxTu1OUUmywTI7GjV1jNDddjSEVTxrDzU8W3ZJF56ulAGPT8OSg&sig=Cg0ArKJSzKn4yrnuM2AoEAE&id=lidar2&mcvt=1031&p=0,0,280,1015&mtos=1031,1031,1031,1031,1031&tos=1031,0,0,0,0&v=20230920&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2140346226&rs=2&la=1&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1695339508628&rpt=771&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Sep 2023 23:38:30 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sync_cookie_image_decide_secondary
mc.yandex.com/
Redirect Chain

https://mc.yandex.com/sync_cookie_image_check_secondary
https://mc.yandex.ru/sync_cookie_image_start_secondary?redirect_domain=mc.yandex.com&token=10133.7kx2r2XKVWXfrUMH0vGUPHCMd6PryJgtxFptVI-ARA3PKo_uoBYNaEXcHzlhZAUl.s7sNXgnJBCsfXIVgDYK9tkV83a8%2C
https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10133.cL66IkNW3-vkV01gb6XUkxfDYFO3zz_DqRQr3NS0y2JdtqP5-7mcdIRNBXuM_1APWOFF1a53Nca82JufuCJx_bEH2lEBRSM3Ba5r83l936s%2C.P73MUGwDWeOW0CvAa...

43 B
103 B

221ms
221ms

Image
image/gif

2a02:6b8::1:119
GLOBAL_DC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10133.cL66IkNW3-vkV01gb6XUkxfDYFO3zz_DqRQr3NS0y2JdtqP5-7mcdIRNBXuM_1APWOFF1a53Nca82JufuCJx_bEH2lEBRSM3Ba5r83l936s%2C.P73MUGwDWeOW0CvAaB7khaRPAAQ%2C

Requested by

Host: da-dd-forms.free-onlineclock.com
URL: https://da-dd-forms.free-onlineclock.com/

Protocol

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN208722 (GLOBAL_DC, FI),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:31 GMT
strict-transport-security: max-age=31536000
content-length: 43
x-xss-protection: 1; mode=block
content-type: image/gif

Redirect headers

location: https://mc.yandex.com/sync_cookie_image_decide_secondary?token=10133.cL66IkNW3-vkV01gb6XUkxfDYFO3zz_DqRQr3NS0y2JdtqP5-7mcdIRNBXuM_1APWOFF1a53Nca82JufuCJx_bEH2lEBRSM3Ba5r83l936s%2C.P73MUGwDWeOW0CvAaB7khaRPAAQ%2C
date: Thu, 21 Sep 2023 23:38:30 GMT
strict-transport-security: max-age=31536000
x-xss-protection: 1; mode=block

POST
H2 200 all
csm.us.criteo.net/ Frame 48BC 0
127 B 52ms
52ms Ping
text/plain 2620:100:a001::16
AS-CRITEO

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:100:a001::16 , United States, ASN19750 (AS-CRITEO, US),

Reverse DNS

Software

Finatra /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://ads.us.criteo.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 21 Sep 2023 23:38:30 GMT
strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
server: Finatra
content-length: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 93ms
92ms XHR
application/json 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230920&st=env

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

de665abf1c7eee0df1f0c6577d6aa3e1c891fc348b0271d43cf4715ca1f8cc0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:31 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12092
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 83ms
82ms Script
text/javascript 2607:f8b0:4020:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202309140101/show_ads_impl_fy2021.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 21 Sep 2023 23:38:31 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EBEB 13 KB
5 KB 67ms
66ms Document
text/html 2607:f8b0:4020:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://da-dd-forms.free-onlineclock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 415483
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 17 Sep 2023 04:13:48 GMT
expires: Mon, 16 Sep 2024 04:13:48 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D108 829 B
1 KB 617ms
72ms Document
text/html 2607:f8b0:4020:807::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4020:807::2004 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c4b7e7c6eaba718d48b22f91dfbd693111617a1d406504218f00db498b814239

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-yk8MdxrPojmnEBfiXga70Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://da-dd-forms.free-onlineclock.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-yk8MdxrPojmnEBfiXga70Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 21 Sep 2023 23:38:31 GMT
expires: Thu, 21 Sep 2023 23:38:31 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js Show response
pagead2.googlesyndication.com/bg/ Frame EBEB 37 KB
14 KB 95ms
94ms Script
text/javascript 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tGcDLxZnxcZjneq6ZTfMhLSKmVRaNAcBIKHxIKG0fIc.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Wed, 20 Sep 2023 18:49:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 103713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14772
x-xss-protection: 0
last-modified: Mon, 18 Sep 2023 15:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 19 Sep 2024 18:49:58 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EBEB 0
10 B 44ms
43ms Image
text/plain 2607:f8b0:4020:807::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?KA7gqg
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:807::2001 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 23:38:31 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D108 0
0 66ms
65ms Image
text/html 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230920&jk=3705966980879995&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 69ms
68ms Image
text/html 2607:f8b0:4020:804::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230920&jk=3705966980879995&bg=!-Pul-7TNAAYrDsWMCw47ADQBe5WfOFnbE--H1nKTHmq4wtGVl-ZPgK7neZ5E0NCjI82kByMoNs3AJSJpokwLgSGGPCaUAgAAAFJSAAAACmgBB5kCwy4JQQeNBwaIqEOuGerr1Sq94bC__IdgLK03hIPgucrBTQLq8vTu_BaExhW4XqOUbu2bZVJ9YZA6K6I8nWBWrl-G-Ax5O2r3P6tgKIFctq7JMDQlloyjnfh6kuZSh_UVWcQDgv23QnfZ21GcrX-FuD41h2gid-GepV1ojvfwxEHQ9oplL1RJxNb2wIbhH6qCC3JcBxAnWM15c31_8jwu5liH-em_wmAEg7PDhqMlp1y3Fp7a1VxZM4gA34UmQ_2vDBuFobC551kbC5ZPEHqAdzCw79ZU7QBjQAspXZ0zH7WF7xPwLkxOJxsRHz7IIQJO48cFsJIVOm27E3wPhJFrTijf98cH-BkpvyfMtFh0h6DVYs3KnZQVpY7vVRSXNd7As_Kzb1i_AmramSP1_OyIY7rQEeNz7aswF5QApDhcE5LbdqEFOjdYIkc_WwFpK7xWC1d12251MYpEY-0wV_Pxqp4kdAltEWV6wEy8rZ_74lmsoxPUXtimGhsk0ZtivO-TLixLPHCAyYHCN6HUlmBzg6hfATTpAOihT7G1KqGpxWjgCHnMwQSXXFxp4VWKwANE0Xlk4ynfBamSgFau6-6DKmtn6pkNVLydJV0PFRw2IcSCO2pRrHPIJmsOo-yqQOPBNlV0teT46TnCM95qUddV2-x0G8YvxiDGA7EPasUm7IY1LUUdjZUCRTBH4iTOIfzyH8StBrQL-CMZ2spl2DyY2ZPYqqRLqnBKnCP9jZOhqI1loiCOAEadjCa0fZHuOSRziOD4OQ2KOKepjnMq3p4AZfviCE7Q2tinM2AD9a-kYJczWWNgIlbWsJ9auSzEUVjvI8cl-mjAVjXcHQcQzT5xIxm3DH5hgjgkw-D4p2FhNO-hBSmlpyPPkpUV6hhD50UvGiN2h6k3MbEOPpJvSUZLigDJnAHtFNa40i4DESd6hUYh_ZpQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4020:804::2002 Montreal, Canada, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://da-dd-forms.free-onlineclock.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.free-onlineclock.com/	1970-01-21 00:17:15	Name: __gads Value: ID=2111940250f920d0-2208d8ebfae300fd:T=1695339508:RT=1695339508:S=ALNI_MZ96mcbY5ccY_WK0Ff7Gxlf5YTsZg
.free-onlineclock.com/	1970-01-21 00:17:15	Name: __gpi Value: UID=00000d94686d7663:T=1695339508:RT=1695339508:S=ALNI_MbVzbgB_GujISgZjo6Xv6qf7XxvKg
da-dd-forms.free-onlineclock.com/	1970-01-20 14:55:46	Name: XSRF-TOKEN Value: eyJpdiI6IlMwZnVLd29DbUJ3bWFlQ3lFV1c1XC9nPT0iLCJ2YWx1ZSI6IlRybmZpaDBSa0x3WWJDNlg5WW9KRkJwQ0JpSm9vdmh1M3l1c29cL1NjNFhCK25ZK3hJRERIU1pVMkdEWHU0UWVIIiwibWFjIjoiZDQ4ZDA0ZDYxNDNhNTQyZWEyYmM5NmRlNzc1MTg2MmRlZDc2OTgxNzgzOGZhMTc5ZjEzNTkxYzFhZjYxMDJiOCJ9
da-dd-forms.free-onlineclock.com/	1970-01-20 14:55:46	Name: laravel_session Value: eyJpdiI6IkZmRGVYWitHQTRNck5meCt1MlpvZGc9PSIsInZhbHVlIjoiZUFBaWZTWDE4MkhsU2ZOK1I3M2s4TlpFYjNpdUNNYWI4V3NXRCtRTmNkOTNPelo4WDJ2XC9wcEM0VmhWeGtKd08iLCJtYWMiOiI3NzQwYmE4ZTBhMWE0OGE3MjVjMWE0ZjQyZWYwZjcxNmFiZjlkYTIxMTRhMDY0NWI3MjU1NmQ3OWQ1YzExOTU2In0%3D
.free-onlineclock.com/	1970-01-20 23:41:15	Name: _ym_uid Value: 169533950934271147
.free-onlineclock.com/	1970-01-20 23:41:15	Name: _ym_d Value: 1695339509
.doubleclick.net/	1970-01-21 00:31:39	Name: IDE Value: AHWqTUkIg03od5oBXipgsIuI18I1JZRS7wr3b8_MWqPLlv1YHBdNCeoU0O94PlFWqiY
.mc.yandex.com/	1970-01-20 14:55:40	Name: sync_cookie_csrf Value: 279923860fake
.free-onlineclock.com/	1970-01-20 14:56:51	Name: _ym_isad Value: 2
.samplicio.us/	1970-01-21 00:31:39	Name: _ftv Value: dbb4da60-5172-411a-a00b-d36b989cfc39
.agkn.com/	1970-01-20 23:41:15	Name: ab Value: 0001%3A%2FQ9q6uhDRw96wVaZoeFFhaa%2FYE4T56zH
.agkn.com/	1970-01-20 23:41:15	Name: u Value: C\|0AAAsn5B1LJ-QdQAAAAAA
.doubleclick.net/	1970-01-20 19:14:51	Name: APC Value: AfxxVi5D19-4THOnGDHCokVn2xdKq1tSCrgw5laeQAs-euWudTMH_A
.mc.yandex.ru/	1970-01-20 14:55:40	Name: sync_cookie_csrf Value: 1363428742fake
mc.yandex.com/	1969-12-31 23:59:59	Name: yabs-sid Value: 2283160341695339510
.yandex.com/	1970-01-21 00:31:39	Name: i Value: bEBpO3ceTp5PNBK4znB1JyeVAZjKxbdY6EmhS/2J9Q35L03wAFc+2bfrbavoVWubvcHNY4/C8zfod3tTvCK5AEyibOM=
.yandex.com/	1970-01-21 00:31:39	Name: yandexuid Value: 235502081695339510
.yandex.com/	1970-01-20 23:41:15	Name: yuidss Value: 235502081695339510
.yandex.com/	1970-01-20 23:41:15	Name: ymex Value: 1726875510.yrts.1695339510#1726875510.yrtsi.1695339510
.yandex.com/	1970-01-20 23:41:15	Name: bh Value: KgI/MA==

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6024983979000104&output=html&h=280&slotname=6865507706&adk=2140346226&adf=2705879744&pi=t.ma~as.6865507706&w=1015&fwrn=4&fwrnh=100&lmt=1695375508&rafmt=1&format=1015x280&url=https%3A%2F%2Fda-dd-forms.free-onlineclock.com%2F&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1695339508406&bpp=4&bdt=241&idt=200&shv=r20230920&mjsv=m202309140101&ptt=9&saldr=aa&abxe=1&correlator=1452825392483&frm=20&pv=2&ga_vid=1358978677.1695339509&ga_sid=1695339509&ga_hid=989041912&ga_fc=0&u_tz=-600&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=293&ady=163&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31077328%2C42532402&oid=2&pvsid=3705966980879995&tmod=2143499584&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeoE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=jN1S63i12h&p=https%3A//da-dd-forms.free-onlineclock.com&dtd=220 Message: Origin trial controlled feature not enabled: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
ads.us.criteo.com
cat.va.us.criteo.com
cdn.doubleverify.com
cdnjs.cloudflare.com
csm.us.criteo.net
d.agkn.com
da-dd-forms.free-onlineclock.com
googleads.g.doubleclick.net
imageproxy.us.criteo.net
mc.yandex.com
mc.yandex.ru
pagead2.googlesyndication.com
partner.googleadservices.com
rtb.va.us.criteo.com
rtb0.doubleverify.com
rtbc-ue1.doubleverify.com
static.criteo.net
tpc.googlesyndication.com
tps.doubleverify.com
tracker.samplicio.us
www.google.com
www.googletagservices.com
104.17.24.14
172.217.13.102
209.126.13.251
2600:1400:9000::6875:b641
2600:9000:24fd:a800:19:fc2c:a140:93a1
2607:f8b0:4020:804::2002
2607:f8b0:4020:805::2002
2607:f8b0:4020:806::2002
2607:f8b0:4020:807::2001
2607:f8b0:4020:807::2002
2607:f8b0:4020:807::2004
2620:100:a001::16
2620:100:a001::24
2620:100:a001::3
2620:100:a001::4
2620:100:a001::9
2a02:6b8::1:119
3.208.227.70
34.117.228.201
74.119.119.147
00e37fb036a271b9e0ac417da507280a75ac46ea0175881f17c2cae77f8a542c
01a35e949b55eb92431872d6a0ac846d69ccf0093596c894eb22f62f30ea6eeb
041fe6e516177e777c651a95708ee4961723db34a974e8be9e6ba597a1313e51
058b0c94568f1b569dc03125f79caafae82e74de722b3eca88ce012d06c9fdb3
087bfccb26519a6e92538da47cd63b7250d465c9fd91562f6becd8a15f5d4acc
08a750128ebdd9a40f430cd9c6842863cf32f1d119e4137e56edffe24bbafdfa
095c997695f6a290fdba58b778eb0a0fdcdd9c108669e41265527a262223f1e6
096862e95687fa095052acf06c643d97aebf5a75bdb39f85061a931076b5c12e
0ae70cf4252bad7197a3d64a53f8e992f38c26f6121a7c17d1621790f862ee89
0da3921120178b9915ac05d66c487a34ce09444c5976ab5d5a36574b3278cb18
21a6435a2fd0dbcf3b310033ed15249eca097eef091df56d9196a4b3670b4a23
21ebc3723b7bf50a7ed8d7735ae7075d73df27ee29211b8dedcac55f70f11a19
25cffbd728609b260eaaa5a54ec80c1ab4a713c5c214ac19296571569f60e279
2a018a841b6975de20578c7c63607d4529281ae923f4c3ba172cb4d1d5e7c5bc
2c69f1bcb9b2e45d69e5d0ea203929975a4bd5464971d3329b2af005d49abd4e
2ee6906ec3fddec024f2c0b34ebd4f86dbfb70bf558e28904c879e60c934171a
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3e750487b1a2defcac40fbb3c50aa093a8c489fb1caae5ddfd8ded42460893bc
49330dbdf50dc3440d871a2408c7ec4fec185d62e419fd9960000cd8eed78950
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5d4d1eec91c7aca474bcd840fea7fd4cf1dceb3d42c07f48399a3bb866d92a58
60bcafbd631f6fa0805e158ca3b235e76225350db6fbb423596d4c4954b27573
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6c491f68620ca768061002e5608a163601923b5d04230af080eede67e5ed5c74
725e869434fef8013208ed4c233d29744f9b363f867dcfb8f23e862880fa699a
79af362bd987912c642d65aa8b6847ae756051e83b5068ef0cff028ce56187e0
895790c6d261cbe4350d705fd398db444066ade0cbdec367ea9b7b17b7848406
8d4f28a0c177237e471dff6fff547e8b26d2b378072bdb018f31063645179d27
8ec89605fe3d580e9539c7b858e8f69ba4e26fe06377ebe04585397de23a7395
92d967aa9f47d13c45fa328edf25255a86f1b4cabf5673a516166a274da4c235
951ef0ac39c41b1a20ad4ce2310665d3f5aadb36d2cc59a0e2dfc2616ab1f97e
9b7ebf4419836292a55e3334d024c735a11cbb650bc9f21941aa859e189a0993
9d799032164a2d3ae45724cfe7742e7a943999a442b1604747c4ff8322bc2602
9db41c4ce479261bcb0397c2e61da679b9054190e06f77240e3a6c05f5af1921
a0e62ca4a82bef79bbe9dc2aba6c0782a7d8eca046bb1baa30ee91ec37931553
a2e14a498cfcc1b6920f069a9d657ad3c6fbbe217dd26dbfe54815db5107fed6
a6a235eb3be8edd6595e0d3a955057057947ecb9240263e146077afcc2e595a4
a71fdb2af0679f36edbf63eb7944dc2403c85572d9de916cfcb12bf6277c5c37
ad6f5f14ba08281bf08677b25d2ef088e7894f0ad8d274b65030aa5dc1841178
aea037a0ef1d439912eeb659b89acd0a50237f08688a8099d19c09ba7375401d
b105ce7a6240bf3812dcbc692a3bb683c7332be37d348176fe8b8b1b96c93a40
b467032f1667c5c6639deaba6537cc84b48a99545a34070120a1f120a1b47c87
ba9f43fbd9c0782c72ff6eddd221abdcfd9642cd4625227ad693347e4d6989db
bb7618a8666144784f2b0fae6843cb3ac92277d8b6fcdf5b289ff43a51d819fc
c3e5fe258402826f63b566fedf93e29688276b6842a4533346dbc492c6ca460c
c4b7e7c6eaba718d48b22f91dfbd693111617a1d406504218f00db498b814239
c5a6f93b0f237a2958fdeb2f6a22ae1d1fd3c54e112d39558d76098cc6d81a0a
c6bdd002d23dcb0adbd87e3518bdd994de73818a0f0f502707986301b9fbc404
c960290a4b95ed5f447a30979222dba40a72b6c2ced800c801147d6f17cf9369
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d8500d535c52313759ead5e7b641f3038b903fe2907551a5d48125d2393001c2
da29d16bd027a76eecf71516234a208405db80070e0c4aa3729de2f9ba4360fd
de665abf1c7eee0df1f0c6577d6aa3e1c891fc348b0271d43cf4715ca1f8cc0b
e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047
e302739efbdb10034a817cb0d18479ac84253ef87dca5e7803c130f587eba616
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3bd93baf2d7ea7fe404497a78897e9300a56e1ef8e452cdd29c0156b2ff3aa5
ffd2543c32d694442591e7cb81c57d7730425d26da0aa52e727f2ddf4804cc4a

da-dd-forms.free-onlineclock.com Open in urlscan Pro 209.126.13.251 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

71 Requests

94 %HTTPS

70 %IPv6

14 Domains

23 Subdomains

21 IPs

4 Countries

1474 kBTransfer

2682 kBSize

20 Cookies

0 Outgoing links

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

da-dd-forms.free-onlineclock.com Open in urlscan Pro
209.126.13.251 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

94 %
HTTPS

70 %
IPv6

14
Domains

23
Subdomains

21
IPs

4
Countries

1474 kB
Transfer

2682 kB
Size

20
Cookies

71 HTTP transactions
1 data transactions