URL: https://citizesng.gq/
Submission: On February 02 via automatic, source certstream-suspicious

Summary

This website contacted 20 IPs in 2 countries across 20 domains to perform 43 HTTP transactions. The main IP is 2606:4700:30::681f:5d67, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is citizesng.gq.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 2nd 2019. Valid for: a year.
This is the only time citizesng.gq was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:30:... 13335 (CLOUDFLAR...)
1 52.222.168.151 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 52.222.172.22 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
10 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 151.101.0.175 54113 (FASTLY)
1 52.222.163.253 16509 (AMAZON-02)
2 63.32.166.115 16509 (AMAZON-02)
1 52.22.91.53 14618 (AMAZON-AES)
1 2 172.217.18.6 15169 (GOOGLE)
1 52.222.168.154 16509 (AMAZON-02)
1 54.77.130.155 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
1 52.17.182.129 16509 (AMAZON-02)
1 46.137.176.25 16509 (AMAZON-02)
4 130.211.27.95 15169 (GOOGLE)
1 2600:9000:204... 16509 (AMAZON-02)
43 20
Domain Requested by
10 fonts.gstatic.com ajax.googleapis.com
4 uid1.vindicosuite.com citizesng.gq
uid1.vindicosuite.com
3 dpm.demdex.net citizesng.gq
2 undefined.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 cdn.krxd.net cdn.segment.com
cdn.krxd.net
2 www.google-analytics.com cdn.segment.com
www.google-analytics.com
1 chirp.bizrate.com citizesng.gq
1 beacon.krxd.net cdn.krxd.net
1 cm.everesttech.net 1 redirects
1 timeinc.demdex.net citizesng.gq
1 session.timecommerce.net citizesng.gq
1 consumer.krxd.net cdn.krxd.net
1 srv-2019-02-02-11.config.parsely.com d1z2jf7jlzjs58.cloudfront.net
1 d1z2jf7jlzjs58.cloudfront.net cdn.segment.com
1 www.googletagmanager.com cdn.segment.com
1 fonts.googleapis.com ajax.googleapis.com
1 cdn.segment.com citizesng.gq
1 ajax.googleapis.com citizesng.gq
1 native.sharethrough.com citizesng.gq
1 citizesng.gq citizesng.gq
0 sb.scorecardresearch.com Failed citizesng.gq
0 api.segment.io Failed citizesng.gq
0 c.betrad.com Failed citizesng.gq
0 gwiqcdn.globalwebindex.net Failed www.googletagmanager.com
43 24
Subject Issuer Validity Valid
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2
2019-02-02 -
2020-02-02
a year crt.sh
*.sharethrough.com
Go Daddy Secure Certificate Authority - G2
2018-09-18 -
2019-11-17
a year crt.sh
*.googleapis.com
Google Internet Authority G3
2019-01-15 -
2019-04-09
3 months crt.sh
*.segment.com
DigiCert SHA2 Secure Server CA
2018-05-08 -
2019-07-18
a year crt.sh
*.google.com
Google Internet Authority G3
2019-01-15 -
2019-04-09
3 months crt.sh
*.google-analytics.com
Google Internet Authority G3
2019-01-15 -
2019-04-09
3 months crt.sh
*.c.ssl.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2018-10-09 -
2019-09-27
a year crt.sh
*.cloudfront.net
DigiCert Global CA G2
2018-10-08 -
2019-10-09
a year crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
*.config.parsely.com
Amazon
2018-03-27 -
2019-04-27
a year crt.sh
*.doubleclick.net
Google Internet Authority G3
2019-01-15 -
2019-04-09
3 months crt.sh
*.timecommerce.net
Amazon
2018-03-19 -
2019-04-19
a year crt.sh
*.krxd.net
Go Daddy Secure Certificate Authority - G2
2017-06-12 -
2019-07-11
2 years crt.sh
*.vindicosuite.com
DigiCert SHA2 Secure Server CA
2017-08-09 -
2020-08-13
3 years crt.sh
*.bizrate.com
COMODO RSA Organization Validation Secure Server CA
2017-04-06 -
2019-04-06
2 years crt.sh

This page contains 3 frames:

Primary Page: https://citizesng.gq/
Frame ID: 224D9617E564A08668610FC7ABD403DD
Requests: 41 HTTP requests in this frame

Frame: https://undefined.fls.doubleclick.net/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F
Frame ID: 8285EC80970C87564D630B65761A8E75
Requests: 1 HTTP requests in this frame

Frame: https://timeinc.demdex.net/dest5.html?d_nsid=undefined
Frame ID: D6C5F872FFC1A99DCBD60FA85436103F
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /cloudflare/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i

Overall confidence: 100%
Detected patterns
  • script /googleapis\.com\/.+webfont/i

Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Overall confidence: 100%
Detected patterns
  • env /^NREUM/i

Overall confidence: 100%
Detected patterns
  • env /^PARSELY$/i

Overall confidence: 100%
Detected patterns
  • html /<script[\s\S]*cdn\.segment\.com\/analytics.js[\s\S]*script>/i
  • script /cdn\.segment\.com\/analytics\.js/i
  • env /^analytics$/i

Page Statistics

43
Requests

81 %
HTTPS

35 %
IPv6

20
Domains

24
Subdomains

20
IPs

2
Countries

578 kB
Transfer

1779 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 29
  • https://undefined.fls.doubleclick.net/activityi;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F HTTP 302
  • https://undefined.fls.doubleclick.net/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F
Request Chain 35
  • https://cm.everesttech.net/cm/dd?d_uuid=30799138173415122251508112942175457817 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XFV4_QAAAH_QKFKl&d_uuid=30799138173415122251508112942175457817

43 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
citizesng.gq/
28 KB
11 KB
Document
General
Full URL
https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700:30::681f:5d67 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / Element
Resource Hash
ef7be059eae8b9d4c8c7239d98cb6508ebaebc2685e88dfef7751a4efb470194

Request headers

:method
GET
:authority
citizesng.gq
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sat, 02 Feb 2019 11:03:15 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d500ba095841e75df470c07a9d6026b7b1549105395; expires=Sun, 02-Feb-20 11:03:15 GMT; path=/; domain=.citizesng.gq; HttpOnly
via
1.1 e621b964f8c348548e0b42950cc55248.cloudfront.net (CloudFront)
x-powered-by
Element
vary
Accept-Encoding,Accept-Encoding
x-amz-cf-id
UviQ7to2XgsfYN88yTlwCaxTP_iWwfVMH59P_XbymNQilXz1Dyk70g==
cache-control
max-age=5
x-cache
Miss from cloudfront
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
4a2c2b8ff81363f7-FRA
content-encoding
br
main.js
citizesng.gq/dist/
0
0

sfp.js
native.sharethrough.com/assets/
369 KB
108 KB
Script
General
Full URL
https://native.sharethrough.com/assets/sfp.js
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.151 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-151.fra54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1f844c93852c1962d84b5fa4cedff4c17823e0a73e9e1f0f744e5c98eddd362d

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Feb 2019 10:39:57 GMT
content-encoding
gzip
last-modified
Fri, 01 Feb 2019 17:39:42 GMT
server
AmazonS3
age
1410
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
cache-control
public, max-age=3600
x-amz-cf-id
YBMvySKxa0heMk2yAn_Jp8ydFr8vjq5Q0rPRbvd9BPeQQsHL4yGc_g==
via
1.1 3df8c233328fbbb4fd91eb496d73f2d8.cloudfront.net (CloudFront)
expires
Fri, 01 Feb 2019 18:39:40 GMT
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.6.26/
13 KB
5 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Fri, 01 Feb 2019 12:42:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
80472
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
5437
x-xss-protection
1; mode=block
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 01 Feb 2020 12:42:03 GMT
analytics.min.js
cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/
307 KB
65 KB
Script
General
Full URL
https://cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/analytics.min.js
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.172.22 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-172-22.fra54.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
740eac376e7128efcd39e73abd137e229acc847e40b1adac3eaf779f091f94bd

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
oU5DoDH68NIRU8UyizNx93SXhY3bqwoP
content-encoding
gzip
age
232
x-cache
Hit from cloudfront
status
200
date
Sat, 02 Feb 2019 09:03:43 GMT
x-amz-replication-status
COMPLETED
content-length
65797
via
1.1 fdb19a60fef99ccf6faacc3588fcd922.cloudfront.net (CloudFront)
last-modified
Fri, 01 Feb 2019 17:13:07 GMT
server
AmazonS3
etag
"d12485863f83fad941125f7e1fb8252d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=300
accept-ranges
bytes
x-amz-cf-id
S0zRCsaQ8YCxLGMEBtBvf9xPYhNG0xvR0_bxE6W3aYNp-li1ItAxWA==
style.css
citizesng.gq/dist/
0
0

css
fonts.googleapis.com/
20 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81d::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
bf156ce69016b537f19360b8ae8214a03d7ad6c9795e24d0127fa50cea66bfad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Sat, 02 Feb 2019 11:03:15 GMT
server
ESF
access-control-allow-origin
*
date
Sat, 02 Feb 2019 11:03:15 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
1; mode=block
expires
Sat, 02 Feb 2019 11:03:15 GMT
EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2
fonts.gstatic.com/s/ptserif/v9/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ptserif/v9/EJRVQgYoZZY2vCFuvAFWzr-_dSb_.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
aa7d1f8f3510f21883858b13acf103708c679c7f2bdde7b2238fd3b486699c9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Thu, 31 Jan 2019 14:15:59 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:26:35 GMT
server
sffe
age
161236
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13112
x-xss-protection
1; mode=block
expires
Fri, 31 Jan 2020 14:15:59 GMT
EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2
fonts.gstatic.com/s/ptserif/v9/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ptserif/v9/EJRSQgYoZZY2vCFuvAnt66qSVyvVp8NA.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a326401c4dd76e32d5ddfb8a1986eb867d78c80df7ad68c1d6fdcb37edb13676
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Thu, 31 Jan 2019 14:16:03 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:30:27 GMT
server
sffe
age
161232
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
13204
x-xss-protection
1; mode=block
expires
Fri, 31 Jan 2020 14:16:03 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2
fonts.gstatic.com/s/robotocondensed/v16/
11 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v16/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYb9lecyU.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
e697f1539179dcfa110719e4da609893f2163d4b4de6a455e051e3c500b8d860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Thu, 20 Dec 2018 22:04:53 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:24:22 GMT
server
sffe
age
3761902
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10776
x-xss-protection
1; mode=block
expires
Fri, 20 Dec 2019 22:04:53 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
fonts.gstatic.com/s/robotocondensed/v16/
10 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v16/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQk6YvM.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9f55b181378c94e197cc7465d07ce2fcfc75b8430a3c2d97c9604c43b31518af
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Mon, 21 Jan 2019 15:44:26 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:25:04 GMT
server
sffe
age
1019929
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10740
x-xss-protection
1; mode=block
expires
Tue, 21 Jan 2020 15:44:26 GMT
ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9QPFUew.woff2
fonts.gstatic.com/s/robotocondensed/v16/
12 KB
12 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v16/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9QPFUew.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9b815e60ca9bcab0dfa8ec86db6221a9df5f614a8f848d36bcfea46099bd946a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Wed, 23 Jan 2019 12:55:49 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:24:50 GMT
server
sffe
age
857246
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
12332
x-xss-protection
1; mode=block
expires
Thu, 23 Jan 2020 12:55:49 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYb9lecyU.woff2
fonts.gstatic.com/s/robotocondensed/v16/
10 KB
11 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v16/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYb9lecyU.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a319525d284a6601f494a8c32f74f8fdc2ec75cb1d5fda04b774dac68d15dc5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Thu, 20 Dec 2018 22:03:02 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 Oct 2017 18:25:19 GMT
server
sffe
age
3762013
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
10688
x-xss-protection
1; mode=block
expires
Fri, 20 Dec 2019 22:03:02 GMT
0QIvMX1D_JOuMwr7I_FMl_E.woff2
fonts.gstatic.com/s/lora/v12/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lora/v12/0QIvMX1D_JOuMwr7I_FMl_E.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
3f275b5815ecd7259e3edc7f777fd0f51bd64f644ac361cc0cc74adc7f5807e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Mon, 21 Jan 2019 15:44:17 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Nov 2017 15:24:37 GMT
server
sffe
age
1019938
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
15292
x-xss-protection
1; mode=block
expires
Tue, 21 Jan 2020 15:44:17 GMT
0QIhMX1D_JOuMw_LIftLtfOm8w.woff2
fonts.gstatic.com/s/lora/v12/
16 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lora/v12/0QIhMX1D_JOuMw_LIftLtfOm8w.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
8bcd15ab47c9832164c68c07561038792f4acdff7b89a2545d3f3ab91a985a83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Thu, 31 Jan 2019 14:16:05 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Nov 2017 15:24:54 GMT
server
sffe
age
161230
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
16832
x-xss-protection
1; mode=block
expires
Fri, 31 Jan 2020 14:16:05 GMT
0QIgMX1D_JOuO7HeNtxumtus-7w.woff2
fonts.gstatic.com/s/lora/v12/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lora/v12/0QIgMX1D_JOuO7HeNtxumtus-7w.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5c44be7bf1b0b598851d837b7c40b3f0675fe7ec8db084c11a9789ecab57bd30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Mon, 21 Jan 2019 15:44:14 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Nov 2017 15:25:13 GMT
server
sffe
age
1019941
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
15316
x-xss-protection
1; mode=block
expires
Tue, 21 Jan 2020 15:44:14 GMT
0QIiMX1D_JOuMw_Dmt5emNGr2b7e-A.woff2
fonts.gstatic.com/s/lora/v12/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/lora/v12/0QIiMX1D_JOuMw_Dmt5emNGr2b7e-A.woff2
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a00:1450:4001:81a::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
335122dbad5f99cac2c0dca59b353e020fade0cd9f36f53e4aae1f1dd5741a70
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=PT+Serif:400,700%7CRoboto+Condensed:300,400,400i,700%7CLora:400,400i,700,700i
Origin
https://citizesng.gq

Response headers

date
Fri, 25 Jan 2019 14:52:48 GMT
x-content-type-options
nosniff
last-modified
Tue, 07 Nov 2017 15:24:24 GMT
server
sffe
age
677427
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
15992
x-xss-protection
1; mode=block
expires
Sat, 25 Jan 2020 14:52:48 GMT
gtm.js
www.googletagmanager.com/
416 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-K8GZZJG&l=dataLayer
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81e::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
e88aea70bd29cae168a70c189870d5b08680a232eebfe6f29106ac3c36462817
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Feb 2019 11:03:15 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
96253
x-xss-protection
1; mode=block
expires
Sat, 02 Feb 2019 11:03:15 GMT
analytics.js
www.google-analytics.com/
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 16 Jan 2019 20:01:45 GMT
server
Golfe2
age
6532
date
Sat, 02 Feb 2019 09:14:23 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
content-length
17543
expires
Sat, 02 Feb 2019 11:14:23 GMT
stiu9z9dn.js
cdn.krxd.net/controltag/
145 KB
33 KB
Script
General
Full URL
https://cdn.krxd.net/controltag/stiu9z9dn.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/analytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
24390f358934bae2c66a46a6495ef6b9d2af5c90881757c8500f7ac90880f6bc

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_Config_Service_V3
Date
Sat, 02 Feb 2019 11:03:16 GMT
Content-Encoding
gzip
Age
505
X-Cache
MISS, HIT, HIT
X-Request-Backend
krux_scala_config_webservice
X-App-Cache
HIT
Connection
keep-alive
Content-Length
32745
X-Served-By
config-service-a003.krxd.net, cache-iad2128-IAD, cache-hhn1544-HHN
X-Response-Time
1
Accept-Ranges
bytes
X-Do-Esi
esi
X-Timer
S1549105397.562392,VS0,VE0
ETag
"c2d77bc5c799d962485bb59ef7326a4596400cc9"
Vary
Accept-Encoding
Content-Type
text/javascript; charset=utf-8
Via
1.1 varnish, 1.1 varnish
Cache-Control
public, max-age=1200
X-Age
0
X-Cache-Hits
0, 1, 10
p.js
d1z2jf7jlzjs58.cloudfront.net/
6 KB
3 KB
Script
General
Full URL
https://d1z2jf7jlzjs58.cloudfront.net/p.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/Tjrt25JUOrbvQQX1cGykGGzC3GncV6F9/analytics.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.163.253 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-163-253.fra54.r.cloudfront.net
Software
nginx /
Resource Hash
725913eab3460e2955a8ac4ec176f902c7d8d2db60757248b735cbf8698b0749

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Pragma
public
Date
Fri, 01 Feb 2019 18:23:57 GMT
Content-Encoding
gzip
Last-Modified
Fri, 07 Mar 2014 00:45:07 GMT
Server
nginx
Age
59957
ETag
"53191693-19c1"
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Content-Type
application/x-javascript
Via
1.1 0176a7920fd558900dd5f893f79acb9e.cloudfront.net (CloudFront)
Cache-Control
max-age=86400, public
Connection
keep-alive
X-Amz-Cf-Id
92bz3f7nhvtgMF66MBbpHl6Lfug0v5ZjH-32IW1izbX54YfGty6xpA==
Expires
Sat, 02 Feb 2019 18:23:57 GMT
js
www.google-analytics.com/gtm/
35 KB
13 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-KGXJCFW&cid=2126314979.1549105396
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:814::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
2dbe91e61c7b545ca98ec092190ba3cd65e14d4e85f41997ae12683485c4f177
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Feb 2019 11:03:15 GMT
content-encoding
br
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
server
Google Tag Manager (scaffolding)
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
13212
x-xss-protection
1; mode=block
expires
Sat, 02 Feb 2019 11:03:15 GMT
main.js
citizesng.gq/dist/
0
0

style.css
citizesng.gq/dist/
0
0

id
dpm.demdex.net/
4 KB
2 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=A7FC606253FC752B0A4C98A2%40AdobeOrg&d_nsid=0&d_cid_ic=timeuser%01&ts=1549105395614
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.166.115 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-63-32-166-115.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e072a766e141dc2e33bb476db5da58e2891d3615eac08201ade6ad494823e434

Request headers

Referer
https://citizesng.gq/
Origin
https://citizesng.gq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v018-03aaa8b3a.edge-irl1.demdex.com 5.47.3.20190129122145 7ms
Pragma
no-cache
Content-Encoding
gzip
X-Error
300
X-TID
yRQAMYsZS6Y=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://citizesng.gq
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
1168
Expires
Thu, 01 Jan 1970 00:00:00 GMT
gwiq.js
gwiqcdn.globalwebindex.net/gwiq/
0
0

c.js
c.betrad.com/geo/
0
0

i
api.segment.io/v1/
0
0

b
sb.scorecardresearch.com/
0
0

time.com
srv-2019-02-02-11.config.parsely.com/config/
386 B
804 B
Script
General
Full URL
https://srv-2019-02-02-11.config.parsely.com/config/time.com
Requested by
Host: d1z2jf7jlzjs58.cloudfront.net
URL: https://d1z2jf7jlzjs58.cloudfront.net/p.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.22.91.53 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-22-91-53.compute-1.amazonaws.com
Software
/ Express
Resource Hash
974618d07417a9a4c00bd1a3524b523a8997f558f54488d77feff3183e188ec1

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Feb 2019 11:03:16 GMT
Cache-Control
private, no-cache
Connection
keep-alive
X-Powered-By
Express
ETag
W/"182-30C6cIPgsg3kDcyobRUUbQ"
Content-Length
386
Content-Type
text/javascript; charset=utf-8
activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2...
undefined.fls.doubleclick.net/ Frame 8285
Redirect Chain
  • https://undefined.fls.doubleclick.net/activityi;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%...
  • https://undefined.fls.doubleclick.net/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A...
0
0
Document
General
Full URL
https://undefined.fls.doubleclick.net/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-K8GZZJG&l=dataLayer
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.217.18.6 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra02s19-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
undefined.fls.doubleclick.net
:scheme
https
:path
/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F?
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://citizesng.gq/
accept-encoding
gzip, deflate, br
cookie
test_cookie=CheckForPermission
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://citizesng.gq/

Response headers

status
200
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Sat, 02 Feb 2019 11:03:16 GMT
expires
Sat, 02 Feb 2019 11:03:16 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
336
x-xss-protection
1; mode=block
set-cookie
IDE=AHWqTUnGm0ImSzv85jZJRmuOtGoATBzJiANs_5WUm9Cj_r2iPJIt9GO5yl_59uGO; expires=Thu, 27-Feb-2020 11:03:16 GMT; path=/; domain=.doubleclick.net; HttpOnly test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
alt-svc
quic=":443"; ma=2592000; v="44,43,39"

Redirect headers

status
302
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
date
Sat, 02 Feb 2019 11:03:16 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
location
https://undefined.fls.doubleclick.net/activityi;dc_pre=CNuLjqfznOACFU464AodVbAMwg;src=undefined;type=undefined;cat=unive0;ord=1;num=6907632719702;gtm=2wg1d1;auiddc=1611199595.1549105396;u1=https%3A%2F%2Fcitizesng.gq%2F;~oref=https%3A%2F%2Fcitizesng.gq%2F?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
1; mode=block
set-cookie
test_cookie=CheckForPermission; expires=Sat, 02-Feb-2019 11:18:16 GMT; path=/; domain=.doubleclick.net
alt-svc
quic=":443"; ma=2592000; v="44,43,39"
controltag.js.09ebc571a022d419934530eaf14c8a78
cdn.krxd.net/ctjs/
247 KB
79 KB
Script
General
Full URL
https://cdn.krxd.net/ctjs/controltag.js.09ebc571a022d419934530eaf14c8a78
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/controltag/stiu9z9dn.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
0b57722c5650587fd2bce696f64780e9bd054d8fe51aad3ac197f54c3fe03056

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

X-CDN-Backend
4FrRTvEr9h480D4BywjehZ--F_Controltag_S3
Date
Sat, 02 Feb 2019 11:03:16 GMT
Content-Encoding
gzip
Age
3858148
X-Cache
HIT
Connection
keep-alive
Content-Length
80533
X-Served-By
cache-hhn1544-HHN
Last-Modified
Wed, 19 Dec 2018 18:55:08 GMT
X-Timer
S1549105397.583352,VS0,VE0
ETag
"09ebc571a022d419934530eaf14c8a78"
Content-Type
application/javascript
Via
1.1 varnish
Expires
Sat, 16 Dec 2028 18:55:07 GMT
Cache-Control
public, max-age=315360000
Accept-Ranges
bytes
X-Cache-Hits
1749966
1b008fc9-b074-4b2e-8e4a-c1e1f07d344b
consumer.krxd.net/consent/get/
236 B
664 B
Script
General
Full URL
https://consumer.krxd.net/consent/get/1b008fc9-b074-4b2e-8e4a-c1e1f07d344b?idt=device&dt=kxcookie&callback=Krux.ns.meredith.kxjsonp_consent_get_0
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.09ebc571a022d419934530eaf14c8a78
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.175 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
2d66a3c752dea3feac6c3428e18b436d17592d34dc2a486819449cb62bfbcdb2

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Feb 2019 11:03:17 GMT
Content-Encoding
gzip
Age
1436
X-Cache
MISS, HIT
X-Request-Backend
krux_scala_consumer_webservice
Connection
keep-alive
Content-Length
192
X-Served-By
consumer-a015-dub.krxd.net, cache-hhn1547-HHN
Accept-Ranges
bytes
X-Timer
S1549105398.677838,VS0,VE1
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Via
1.1 varnish
Cache-Control
max-age=1800
X-Age
0
X-Cache-Hits
0, 1
s
session.timecommerce.net/v1/
1 KB
1 KB
Script
General
Full URL
https://session.timecommerce.net/v1/s?c=ajs_user_id%3Dnull%3B%20ajs_group_id%3Dnull%3B%20_ga%3DGA1.2.2126314979.1549105396%3B%20_gid%3DGA1.2.1058198938.1549105396%3B%20_gcl_au%3D1.1.1611199595.1549105396%3B%20AMCV_A7FC606253FC752B0A4C98A2%2540AdobeOrg%3DT%3B%20ajs_anonymous_id%3D%2522afc006f9-1bde-4d7c-bb0c-ef721f41e19d%2522%3B%20kxmeredith_cache_a2635f949ec4ea4ee6e2254af1336d242116406b%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_fp%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_visits%3D1
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.222.168.154 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-222-168-154.fra54.r.cloudfront.net
Software
/
Resource Hash
bee6edb151157e7acb919f59a97309e874c5b7b9bf02ab495544265fe99c4bcd

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Feb 2019 11:03:23 GMT
Via
1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront), 1.1 fdb19a60fef99ccf6faacc3588fcd922.cloudfront.net (CloudFront)
x-amzn-RequestId
289fd508-26da-11e9-9e00-593c7cbd34e0
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/json
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
x-amz-apigw-id
Ud_XVHpPoAMFuhw=
X-Amz-Cf-Id
4F-UWYmwt7120tc8IfUlXi7osP7w893fwU9AtuZHwm-P4qqpOupWvw==
X-Amzn-Trace-Id
Root=1-5c5578fb-2896741ca322640bf7872568;Sampled=0
Cookie set dest5.html
timeinc.demdex.net/ Frame D6C5
0
0
Document
General
Full URL
https://timeinc.demdex.net/dest5.html?d_nsid=undefined
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.77.130.155 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-77-130-155.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
timeinc.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://citizesng.gq/
Accept-Encoding
gzip, deflate, br
Cookie
demdex=30799138173415122251508112942175457817
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://citizesng.gq/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Fri, 01 Feb 2019 14:35:24 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=30799138173415122251508112942175457817;Path=/;Domain=.demdex.net;Expires=Thu, 01-Aug-2019 11:03:24 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
j15sTEBqR2Q=
Content-Length
2764
Connection
keep-alive
id
dpm.demdex.net/
4 KB
2 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=2.1.0&d_fieldgroup=AAM&d_rtbd=json&d_ver=2&d_orgid=A7FC606253FC752B0A4C98A2%40AdobeOrg&d_nsid=0&d_mid=30772593748524316211506303371750737725&d_blob=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&d_cid_ic=timeuser%01&ts=1549105401611
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.166.115 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-63-32-166-115.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7ce82efd199b4522684fc5c538cc8b8fac1c96b7a9eb4bec95c135f82c3b0ee6

Request headers

Referer
https://citizesng.gq/
Origin
https://citizesng.gq
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v018-09124c960.edge-irl1.demdex.com 5.47.3.20190129122145 6ms
Pragma
no-cache
Content-Encoding
gzip
X-Error
300
X-TID
XZLJRyFLQtw=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://citizesng.gq
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
1169
Expires
Thu, 01 Jan 1970 00:00:00 GMT
ibs:dpid=411&dpuuid=XFV4_QAAAH_QKFKl&d_uuid=30799138173415122251508112942175457817
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=30799138173415122251508112942175457817
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XFV4_QAAAH_QKFKl&d_uuid=30799138173415122251508112942175457817
0
736 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XFV4_QAAAH_QKFKl&d_uuid=30799138173415122251508112942175457817
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.182.129 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v018-080413c32.edge-irl1.demdex.com 5.47.3.20190129122145 3ms
Pragma
no-cache
X-TID
s5NljJKCTaM=
Vary
Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Sat, 02 Feb 2019 11:03:21 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XFV4_QAAAH_QKFKl&d_uuid=30799138173415122251508112942175457817
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
optout_check
beacon.krxd.net/
62 B
315 B
Script
General
Full URL
https://beacon.krxd.net/optout_check?callback=Krux.ns.meredith.kxjsonp_optOutCheck
Requested by
Host: cdn.krxd.net
URL: https://cdn.krxd.net/ctjs/controltag.js.09ebc571a022d419934530eaf14c8a78
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
46.137.176.25 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-46-137-176-25.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e00e55ad0f456863da2c1eb4e2dc577430c1645c92a4bc01dc6a98557e7807fb

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sat, 02 Feb 2019 11:03:23 GMT
Cache-Control
private, max-age=0, s-max-age=0
X-Request-Time
D=52 t=1549105403
Connection
keep-alive
X-Served-By
beacon-n022-dub.krxd.net
Content-Length
62
Content-Type
text/javascript
tm.js
uid1.vindicosuite.com/js/
8 KB
8 KB
Script
General
Full URL
https://uid1.vindicosuite.com/js/tm.js?r=&u=https%3A%2F%2Fcitizesng.gq%2F&tid=28ae1095-544d-4ca3-8b6a-84a843d46117
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.27.95 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
95.27.211.130.bc.googleusercontent.com
Software
/
Resource Hash
68f8bd0d7f31ce98b6eb525c12cf6d7653467dbaa6b9080cb67bfe73d26b796b

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 02 Feb 2019 11:03:24 GMT
via
1.1 google
last-modified
Wed, 10 Oct 2018 15:28:55 GMT
content-type
application/x-javascript
status
200
cache-control
no-cache, private, max-age=0
accept-ranges
bytes
alt-svc
clear
content-length
8433
s.js
uid1.vindicosuite.com/
230 B
443 B
Script
General
Full URL
https://uid1.vindicosuite.com/s.js
Requested by
Host: uid1.vindicosuite.com
URL: https://uid1.vindicosuite.com/js/tm.js?r=&u=https%3A%2F%2Fcitizesng.gq%2F&tid=28ae1095-544d-4ca3-8b6a-84a843d46117
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.27.95 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
95.27.211.130.bc.googleusercontent.com
Software
WebStar /
Resource Hash
7b017888b85020015a7adedde82c5d490517014b6d8c71ecb910a5693c832c6b

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Feb 2019 11:03:24 GMT
via
1.1 google
server
WebStar
etag
Rx0HsO35Yq2sbA
vary
Server
content-type
text/javascript; charset=utf-8
status
200
cache-control
max-age, private, max-age=0
alt-svc
clear
content-length
230
sync.js
chirp.bizrate.com/
0
256 B
Script
General
Full URL
https://chirp.bizrate.com/sync.js?tc=28ae1095-544d-4ca3-8b6a-84a843d46117&u=https%3A%2F%2Fcitizesng.gq%2F&r=
Requested by
Host: citizesng.gq
URL: https://citizesng.gq/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2043:d200:6:f5a3:efc0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sat, 02 Feb 2019 11:03:24 GMT
via
1.1 2db316290386960b489a2a16c0a63643.cloudfront.net (CloudFront)
server
Apache-Coyote/1.1
x-cache
Error from cloudfront
content-type
text/plain;charset=UTF-8
status
200
content-length
0
x-amz-cf-id
g8mlWXro6KziT-zqucV45bRIsdWek4prWednLaKVhEcuLBiE846qGg==
x-application-context
application:prod:8080
/
uid1.vindicosuite.com/e/
0
63 B
Script
General
Full URL
https://uid1.vindicosuite.com/e/?i=2&cc=ajs_user_id%3Dnull%3B%20ajs_group_id%3Dnull%3B%20_ga%3DGA1.2.2126314979.1549105396%3B%20_gid%3DGA1.2.1058198938.1549105396%3B%20_gcl_au%3D1.1.1611199595.1549105396%3B%20ajs_anonymous_id%3D%2522afc006f9-1bde-4d7c-bb0c-ef721f41e19d%2522%3B%20kxmeredith_cache_a2635f949ec4ea4ee6e2254af1336d242116406b%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_fp%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_visits%3D1%3B%20AMCVS_A7FC606253FC752B0A4C98A2%2540AdobeOrg%3D1%3B%20AMCV_A7FC606253FC752B0A4C98A2%2540AdobeOrg%3D1099438348%257CMCMID%257C30772593748524316211506303371750737725%257CMCAAMLH-1549710201%257C6%257CMCAAMB-1549710201%257C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%257CMCCIDH%257C56947556%257CMCOPTOUT-1549112601s%257CNONE%257CvVersion%257C2.1.0%3B%20globalTI_SID%3D28ae1095-544d-4ca3-8b6a-84a843d46117%3B%20uct%3DSat%252C%252002%2520Feb%25202019%252011%253A03%253A24%2520GMT%3B%20uci%3DcFkEh6n6VemvWA&p=117&r=&s=0&t=cFkEh6n6VemvWA&u=https%3A%2F%2Fcitizesng.gq%2F
Requested by
Host: uid1.vindicosuite.com
URL: https://uid1.vindicosuite.com/js/tm.js?r=&u=https%3A%2F%2Fcitizesng.gq%2F&tid=28ae1095-544d-4ca3-8b6a-84a843d46117
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.27.95 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
95.27.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sat, 02 Feb 2019 11:03:24 GMT
via
1.1 google
alt-svc
clear
content-length
0
content-type
text/plain; charset=utf-8
/
uid1.vindicosuite.com/e/
0
42 B
Script
General
Full URL
https://uid1.vindicosuite.com/e/?i=5&cc=ajs_user_id%3Dnull%3B%20ajs_group_id%3Dnull%3B%20_ga%3DGA1.2.2126314979.1549105396%3B%20_gid%3DGA1.2.1058198938.1549105396%3B%20_gcl_au%3D1.1.1611199595.1549105396%3B%20ajs_anonymous_id%3D%2522afc006f9-1bde-4d7c-bb0c-ef721f41e19d%2522%3B%20kxmeredith_cache_a2635f949ec4ea4ee6e2254af1336d242116406b%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_fp%3Dee4d7c1adc7e1b4e89b23ea7aeed2560c867511a%3B%20kxmeredith_visits%3D1%3B%20AMCVS_A7FC606253FC752B0A4C98A2%2540AdobeOrg%3D1%3B%20AMCV_A7FC606253FC752B0A4C98A2%2540AdobeOrg%3D1099438348%257CMCMID%257C30772593748524316211506303371750737725%257CMCAAMLH-1549710201%257C6%257CMCAAMB-1549710201%257C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%257CMCCIDH%257C56947556%257CMCOPTOUT-1549112601s%257CNONE%257CvVersion%257C2.1.0%3B%20globalTI_SID%3D28ae1095-544d-4ca3-8b6a-84a843d46117%3B%20uct%3DSat%252C%252002%2520Feb%25202019%252011%253A03%253A24%2520GMT%3B%20uci%3DcFkEh6n6VemvWA&p=118&r=&s=0&t=cFkEh6n6VemvWA&u=https%3A%2F%2Fcitizesng.gq%2F
Requested by
Host: uid1.vindicosuite.com
URL: https://uid1.vindicosuite.com/js/tm.js?r=&u=https%3A%2F%2Fcitizesng.gq%2F&tid=28ae1095-544d-4ca3-8b6a-84a843d46117
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
130.211.27.95 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
95.27.211.130.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citizesng.gq/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status
200
date
Sat, 02 Feb 2019 11:03:24 GMT
via
1.1 google
alt-svc
clear
content-length
0
content-type
text/plain; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
citizesng.gq
URL
https://citizesng.gq/dist/main.js
Domain
citizesng.gq
URL
https://citizesng.gq/dist/style.css
Domain
citizesng.gq
URL
http://citizesng.gq/dist/main.js
Domain
citizesng.gq
URL
http://citizesng.gq/dist/style.css
Domain
gwiqcdn.globalwebindex.net
URL
https://gwiqcdn.globalwebindex.net/gwiq/gwiq.js
Domain
c.betrad.com
URL
https://c.betrad.com/geo/c.js
Domain
api.segment.io
URL
https://api.segment.io/v1/i
Domain
sb.scorecardresearch.com
URL
https://sb.scorecardresearch.com/b?c1=2&c2=6035728&ns__t=1549105395631&ns_c=UTF-8&c8=%7C%20Time&c7=https%3A%2F%2Fcitizesng.gq%2F&c9=

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| WebFontConfig object| analytics object| ELEMENT_CLIENT_CONFIG object| NREUM object| newrelic function| __nr_require object| WebFont object| __core-js_shared__ function| setImmediate function| clearImmediate function| UUIDv1 function| clamp object| STR undefined| UUID object| dataLayer string| GoogleAnalyticsObject function| ga function| normalize function| Krux object| PARSELY object| google_tag_data object| gaplugins object| gaGlobal object| google_tag_manager function| postscribe function| Visitor object| visitor function| get_aamCookie undefined| cookie_userid object| timeDil object| myDate object| d_names number| dindex string| day_of_week number| hour_of_day function| DIL object| s_c_il number| s_c_in object| c object| s object| globalTI object| __brc object| kruxDataLayer string| globalTI_SID_MD5 object| _viantTMInit object| _viantTML object| _viantTMQ object| _viantTMC function| unload

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
api.segment.io
beacon.krxd.net
c.betrad.com
cdn.krxd.net
cdn.segment.com
chirp.bizrate.com
citizesng.gq
cm.everesttech.net
consumer.krxd.net
d1z2jf7jlzjs58.cloudfront.net
dpm.demdex.net
fonts.googleapis.com
fonts.gstatic.com
gwiqcdn.globalwebindex.net
native.sharethrough.com
sb.scorecardresearch.com
session.timecommerce.net
srv-2019-02-02-11.config.parsely.com
timeinc.demdex.net
uid1.vindicosuite.com
undefined.fls.doubleclick.net
www.google-analytics.com
www.googletagmanager.com
api.segment.io
c.betrad.com
citizesng.gq
gwiqcdn.globalwebindex.net
sb.scorecardresearch.com
130.211.27.95
151.101.0.175
172.217.18.6
2600:9000:2043:d200:6:f5a3:efc0:93a1
2606:4700:30::681f:5d67
2a00:1450:4001:814::200e
2a00:1450:4001:81a::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:81d::200a
2a00:1450:4001:81e::2008
46.137.176.25
52.17.182.129
52.22.91.53
52.222.163.253
52.222.168.151
52.222.168.154
52.222.172.22
54.77.130.155
63.32.166.115
66.117.28.86
0b57722c5650587fd2bce696f64780e9bd054d8fe51aad3ac197f54c3fe03056
1f844c93852c1962d84b5fa4cedff4c17823e0a73e9e1f0f744e5c98eddd362d
24390f358934bae2c66a46a6495ef6b9d2af5c90881757c8500f7ac90880f6bc
2d66a3c752dea3feac6c3428e18b436d17592d34dc2a486819449cb62bfbcdb2
2dbe91e61c7b545ca98ec092190ba3cd65e14d4e85f41997ae12683485c4f177
335122dbad5f99cac2c0dca59b353e020fade0cd9f36f53e4aae1f1dd5741a70
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
3f275b5815ecd7259e3edc7f777fd0f51bd64f644ac361cc0cc74adc7f5807e1
5c44be7bf1b0b598851d837b7c40b3f0675fe7ec8db084c11a9789ecab57bd30
68f8bd0d7f31ce98b6eb525c12cf6d7653467dbaa6b9080cb67bfe73d26b796b
725913eab3460e2955a8ac4ec176f902c7d8d2db60757248b735cbf8698b0749
740eac376e7128efcd39e73abd137e229acc847e40b1adac3eaf779f091f94bd
7b017888b85020015a7adedde82c5d490517014b6d8c71ecb910a5693c832c6b
7ce82efd199b4522684fc5c538cc8b8fac1c96b7a9eb4bec95c135f82c3b0ee6
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8bcd15ab47c9832164c68c07561038792f4acdff7b89a2545d3f3ab91a985a83
974618d07417a9a4c00bd1a3524b523a8997f558f54488d77feff3183e188ec1
9b815e60ca9bcab0dfa8ec86db6221a9df5f614a8f848d36bcfea46099bd946a
9f55b181378c94e197cc7465d07ce2fcfc75b8430a3c2d97c9604c43b31518af
a319525d284a6601f494a8c32f74f8fdc2ec75cb1d5fda04b774dac68d15dc5a
a326401c4dd76e32d5ddfb8a1986eb867d78c80df7ad68c1d6fdcb37edb13676
aa7d1f8f3510f21883858b13acf103708c679c7f2bdde7b2238fd3b486699c9e
bee6edb151157e7acb919f59a97309e874c5b7b9bf02ab495544265fe99c4bcd
bf156ce69016b537f19360b8ae8214a03d7ad6c9795e24d0127fa50cea66bfad
e00e55ad0f456863da2c1eb4e2dc577430c1645c92a4bc01dc6a98557e7807fb
e072a766e141dc2e33bb476db5da58e2891d3615eac08201ade6ad494823e434
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e697f1539179dcfa110719e4da609893f2163d4b4de6a455e051e3c500b8d860
e88aea70bd29cae168a70c189870d5b08680a232eebfe6f29106ac3c36462817
ef7be059eae8b9d4c8c7239d98cb6508ebaebc2685e88dfef7751a4efb470194