floraquestions.com Open in urlscan Pro
217.182.76.225 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Submission: On November 29 via api (November 29th 2021, 2:27:06 pm UTC) from BE — Scanned from FR

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 9 HTTP transactions. The main IP is 217.182.76.225, located in France and belongs to OVH, FR. The main domain is floraquestions.com.
TLS certificate: Issued by R3 on November 14th 2021. Valid for: 3 months.

This is the only time floraquestions.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	217.182.76.225 217.182.76.225	16276 (OVH) (OVH)
3	51.75.205.222 51.75.205.222	16276 (OVH) (OVH)
2 4	142.250.186.102 142.250.186.102	15169 (GOOGLE) (GOOGLE)
1 2	95.131.136.1 95.131.136.1	47841 (OXALIDE) (OXALIDE)
9	4

3 217.182.76.225 (France)

ASN16276 (OVH, FR)
PTR: ll1.floraquestions.com

floraquestions.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.75.205.222 (France)

ASN16276 (OVH, FR)
PTR: 222.ip-51-75-205.eu

cdn.jobsoffer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.102 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.131.136.1 (France) 1 redirects

ASN47841 (OXALIDE, FR)
PTR: front.netaffiliation.net

action.metaffiliation.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	doubleclick.net 2 redirects ad.doubleclick.net	1 KB
3	jobsoffer.net cdn.jobsoffer.net	167 KB
3	floraquestions.com floraquestions.com	21 KB
2	metaffiliation.com 1 redirects action.metaffiliation.com	3 KB
9	4

	Domain	Requested by
4	ad.doubleclick.net	2 redirects floraquestions.com
3	cdn.jobsoffer.net	floraquestions.com
3	floraquestions.com	floraquestions.com
2	action.metaffiliation.com	1 redirects floraquestions.com
9	4

This site contains no links.

Subject Issuer	Validity	Valid
floraquestions.com R3	`2021-11-14` - `2022-02-12`	3 months	crt.sh
cdn.country-events.com R3	`2021-11-23` - `2022-02-21`	3 months	crt.sh
*.metaffiliation.com Gandi Standard SSL CA 2	`2021-03-08` - `2022-03-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Frame ID: F1DECCE31EC96F79D7C278D57D331A59
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Carrefour Voyages par jobsOFer - Carrefour Voyages d�barque : grand jeu concours

Page Statistics

9
Requests

78 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

191 kB
Transfer

200 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CKDKpN_jvfQCFVd64AodUvwOxQ;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Request Chain 5

https://action.metaffiliation.com/trk.php?mann=P511E79566CCF155 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd= HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CIiAqd_jvfQCFcmWdwodAagGjg;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request webversion.php Show response
floraquestions.com/trk/ 17 KB
4 KB 8787ms
8675ms Document
text/html 217.182.76.225
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.182.76.225 , France, ASN16276 (OVH, FR),
Reverse DNS: ll1.floraquestions.com
Software: nginx / PHP/5.4.16
Resource Hash: ee94e60cba5c51ad1cd38b4921c06aaadac7b8a7d30e978e5837b5a1739617a9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language: fr-FR,fr;q=0.9

Response headers

Server: nginx
Date: Mon, 29 Nov 2021 14:27:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
X-Powered-By: PHP/5.4.16
Content-Encoding: gzip

GET
H/1.1 200
OK 0_70a71299157a39d4be6c13a2b3c83b10a12552051df0bb6c07fa912168d6f5dc.png
cdn.jobsoffer.net/img/21516/ 9 KB
9 KB 138ms
37ms Image
image/png 51.75.205.222
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.jobsoffer.net/img/21516/0_70a71299157a39d4be6c13a2b3c83b10a12552051df0bb6c07fa912168d6f5dc.png
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.75.205.222 , France, ASN16276 (OVH, FR),
Reverse DNS: 222.ip-51-75-205.eu
Software: nginx /
Resource Hash: f7286a50ef32bd64b58f843216e5d821f962fa6fef1460bba23cac4b0ce04741

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Last-Modified: Fri, 26 Nov 2021 12:23:02 GMT
Server: nginx
ETag: "61a0d1a6-247f"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 9343
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 1_c6d4bac9ad9dba68a575834f44a2d2c4f4960f286f5d1358316db9dd02c4d471.jpg
cdn.jobsoffer.net/img/21516/ 104 KB
104 KB 163ms
54ms Image
image/jpeg 51.75.205.222
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.jobsoffer.net/img/21516/1_c6d4bac9ad9dba68a575834f44a2d2c4f4960f286f5d1358316db9dd02c4d471.jpg
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.75.205.222 , France, ASN16276 (OVH, FR),
Reverse DNS: 222.ip-51-75-205.eu
Software: nginx /
Resource Hash: e4c374db44c0e81e7fd133624aacb1adf5e7984af53d25c7668a63ed7fd95ef9

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Last-Modified: Fri, 26 Nov 2021 12:23:03 GMT
Server: nginx
ETag: "61a0d1a7-19fbc"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 106428
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 2_716fc936bc15c8c1f7ee039e344ab2a07dcae1b901c195571a3c68a4a6448d16.jpg
cdn.jobsoffer.net/img/21516/ 53 KB
54 KB 166ms
50ms Image
image/jpeg 51.75.205.222
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.jobsoffer.net/img/21516/2_716fc936bc15c8c1f7ee039e344ab2a07dcae1b901c195571a3c68a4a6448d16.jpg
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 51.75.205.222 , France, ASN16276 (OVH, FR),
Reverse DNS: 222.ip-51-75-205.eu
Software: nginx /
Resource Hash: 7a733486312980e3082fffe527a0a19a2e3567ac3b538b63505eb096704b34bd

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Last-Modified: Fri, 26 Nov 2021 12:23:03 GMT
Server: nginx
ETag: "61a0d1a7-d54b"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 54603
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2

200

B26775422.319873039;dc_pre=CKDKpN_jvfQCFVd64AodUvwOxQ;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consen...
ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/
Redirect Chain

https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CKDKpN_jvfQCFVd64AodUvwOxQ;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdi...

42 B
220 B

47ms
46ms

Image
image/gif

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CKDKpN_jvfQCFVd64AodUvwOxQ;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=

Requested by

Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==

Protocol

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 14:27:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 14:27:01 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CKDKpN_jvfQCFVd64AodUvwOxQ;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK trk.php
action.metaffiliation.com/ 43 B
2 KB 142ms
41ms Image
image/gif 95.131.136.1
OXALIDE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://action.metaffiliation.com/trk.php?taff=P511E79566CCF155&r=8419580&r={CACHEBUSTER}&altid={EMAIL}
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.131.136.1 , France, ASN47841 (OXALIDE, FR),
Reverse DNS: front.netaffiliation.net
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR CUR ADMa PSAa OUR IND NAV COM",policyref="http://www.netaffiliation.com/w3c/p3p.xml"
X-TRK-D: 0.0066931247711182
Connection: close
Pragma: no-cache
X-TRK-PROC: 73337
Last-Modified: Mon, 29 Nov 2021 14:27:01 GMT
Server: nginx
X-TRK-DECISION: 7
Content-Type: image/gif
Access-Control-Allow-Origin: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Kwanko-Content-Type,X-Kwanko-Sdk-Version,X-KWKunijs-Debug,X-KWKunijs-Version
X-TRK-SRV: 9

GET
H3

200

B26775422.319873039;dc_pre=CIiAqd_jvfQCFcmWdwodAagGjg;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consen...
ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/
Redirect Chain

https://action.metaffiliation.com/trk.php?mann=P511E79566CCF155
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatmen...
https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CIiAqd_jvfQCFcmWdwodAagGjg;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdi...

42 B
65 B

52ms
52ms

Image
image/gif

142.250.186.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CIiAqd_jvfQCFcmWdwodAagGjg;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?

Requested by

Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==

Protocol

Server

142.250.186.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 29 Nov 2021 14:27:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 29 Nov 2021 14:27:01 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
location: https://ad.doubleclick.net/ddm/trackimp/N4022.3110313ECSELIS_BEL_40220/B26775422.319873039;dc_pre=CIiAqd_jvfQCFcmWdwodAagGjg;dc_trk_aid=512381812;dc_trk_cid=161080187;ord=[timestamp];dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ltd=?
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK print.php
floraquestions.com/trk/ 43 B
233 B 165ms
165ms Image
image/gif 217.182.76.225
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://floraquestions.com/trk/print.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.182.76.225 , France, ASN16276 (OVH, FR),
Reverse DNS: ll1.floraquestions.com
Software: nginx / PHP/5.4.16
Resource Hash: dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Server: nginx
Connection: keep-alive
X-Powered-By: PHP/5.4.16
Content-Length: 43
Keep-Alive: timeout=60
Content-Type: image/gif

GET
H/1.1 200
OK webversion.php
floraquestions.com/trk/ 17 KB
17 KB 303ms
207ms Image
text/html 217.182.76.225
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Requested by: Host: floraquestions.com
URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 217.182.76.225 , France, ASN16276 (OVH, FR),
Reverse DNS: ll1.floraquestions.com
Software: nginx / PHP/5.4.16
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: fr-FR,fr;q=0.9
Referer: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date: Mon, 29 Nov 2021 14:27:01 GMT
Content-Encoding: gzip
Server: nginx
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.metaffiliation.com/	1970-01-20 00:29:40	Name: neta_ssc Value: 9f2ef3l6jy2vvhfkr36er6x20rof
.metaffiliation.com/	1969-12-31 23:59:59	Name: netases_ssc Value: 9f2ef3l6jy2vvhfkr36er6x20rof
.metaffiliation.com/	1970-01-20 00:29:40	Name: kwknc_ssc Value: dp511e79566ccf155
.metaffiliation.com/	1969-12-31 23:59:59	Name: kwkncses_ssc Value: dp511e79566ccf155
.doubleclick.net/	1970-01-20 08:24:52	Name: IDE Value: AHWqTUkXH2mdRLaLeI8zd_TCpgsF-8JGtLIlawyFCCzc37g956wYBhHwoF8IrfhPUb8

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG== Message: Mixed Content: The page at 'https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==' was loaded over HTTPS, but requested an insecure element 'http://action.metaffiliation.com/trk.php?taff=P511E79566CCF155&r=8419580&r={CACHEBUSTER}&altid={EMAIL}'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html
security	warning	URL: https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG== Message: Mixed Content: The page at 'https://floraquestions.com/trk/webversion.php?lg=mtG5nJqTqKu7oZu3os05mduTota1oZSTmtS7mJe1mty7o2G7o3i7o2PVyNnpzMzLCG==' was loaded over HTTPS, but requested an insecure element 'http://action.metaffiliation.com/trk.php?taff=P511E79566CCF155&r=8419580&r={CACHEBUSTER}&altid={EMAIL}'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

action.metaffiliation.com
ad.doubleclick.net
cdn.jobsoffer.net
floraquestions.com
142.250.186.102
217.182.76.225
51.75.205.222
95.131.136.1
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7a733486312980e3082fffe527a0a19a2e3567ac3b538b63505eb096704b34bd
dd5bdccb831d1b19c505bd3e67553f6049cea2e20dba7eb231a02ed0103e521f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c374db44c0e81e7fd133624aacb1adf5e7984af53d25c7668a63ed7fd95ef9
ee94e60cba5c51ad1cd38b4921c06aaadac7b8a7d30e978e5837b5a1739617a9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7286a50ef32bd64b58f843216e5d821f962fa6fef1460bba23cac4b0ce04741

floraquestions.com Open in urlscan Pro 217.182.76.225 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

9 Requests

78 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

191 kBTransfer

200 kBSize

5 Cookies

0 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

5 Cookies

2 Console Messages

Indicators

floraquestions.com Open in urlscan Pro
217.182.76.225 Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

78 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

191 kB
Transfer

200 kB
Size

5
Cookies

9 HTTP transactions
0 data transactions