urlscan.io logo urlscan.io
SecurityTrails logo

www.dclicks.site Open in urlscan Pro
2606:4700:3035::ac43:c9c5  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=6...
Effective URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=6...
Submission: On November 20 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 7 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3035::ac43:c9c5, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.dclicks.site.
TLS certificate: Issued by WE1 on November 4th 2024. Valid for: 3 months.
This is the only time www.dclicks.site was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 172.67.194.119 13335 (CLOUDFLAR...)
3 104.21.4.94 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 1 172.67.145.143 13335 (CLOUDFLAR...)
1 104.26.3.30 13335 (CLOUDFLAR...)
16 8
7    2606:4700:3035::ac43:c9c5 (United States)

ASN13335 (CLOUDFLARENET, US)
dclicks.site
www.dclicks.site
1    2607:f8b0:4006:81e::200a (United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    172.67.194.119 (United States)

ASN13335 (CLOUDFLARENET, US)
qfqbk.nxt-psh.com
3    104.21.4.94 (None, )

ASN13335 (CLOUDFLARENET, US)
qfqbk.ajscdn.com
2    2607:f8b0:4006:824::200a (United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2607:f8b0:4006:816::2003 (United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    172.67.145.143 (United States)

ASN13335 (CLOUDFLARENET, US)
inpp-ssp-trk.trkless.com
1    104.26.3.30 (None, )

ASN13335 (CLOUDFLARENET, US)
static.imghst-de.com
Apex Domain
Subdomains		 Transfer
7 dclicks.site
dclicks.site
www.dclicks.site
546 KB
3 ajscdn.com
qfqbk.ajscdn.com
14 KB
3 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 415
fonts.googleapis.com — Cisco Umbrella Rank: 29
33 KB
2 gstatic.com
fonts.gstatic.com
37 KB
1 imghst-de.com
static.imghst-de.com — Cisco Umbrella Rank: 13122
6 KB
1 trkless.com
inpp-ssp-trk.trkless.com — Cisco Umbrella Rank: 212581
772 B
1 nxt-psh.com
qfqbk.nxt-psh.com
15 KB
16 7
Domain Requested by
6 www.dclicks.site www.dclicks.site
3 qfqbk.ajscdn.com www.dclicks.site
qfqbk.ajscdn.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com www.dclicks.site
client
1 static.imghst-de.com
1 inpp-ssp-trk.trkless.com 1 redirects
1 qfqbk.nxt-psh.com www.dclicks.site
1 ajax.googleapis.com www.dclicks.site
1 dclicks.site 1 redirects
16 9

This site contains links to these domains. Also see Links.

Domain
www.traffibox.com
Subject Issuer Validity Valid
dclicks.site
WE1		 2024-11-04 -
2025-02-02		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
nxt-psh.com
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
ajscdn.com
WE1		 2024-09-25 -
2024-12-24		 3 months crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Frame ID: 8C4770B07BB6055A96F63137F81D6A74
Requests: 15 HTTP requests in this frame

Frame: https://static.imghst-de.com/5e4292eb-1fcd-416f-bd22-05377c27c163.png
Frame ID: 6DAA8F0F65F39E1B12B1B95CFD8EF0E0
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SexTreffen

Page URL History Show full URLs

  1. http://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7... HTTP 307
    https://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7... HTTP 301
    https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

50 %
IPv6

7
Domains

9
Subdomains

8
IPs

2
Countries

650 kB
Transfer

878 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk HTTP 307
    https://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk HTTP 301
    https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15
  • https://inpp-ssp-trk.trkless.com/trk?s1=QgmRxgdUtwnpndqnSBOUPQYMoCaZuRaKkp48lKDmGbuXG9eze6LbuFefDAdxdcXZAhI4247Ojfay%2BWS82AL5gASSDejMVJWRLarbcKDSNv88jyw3fNJmazVyjoeXUFLthnsek9T0gQHISKl7tR4wf0rM7u4sRxacXcGvh3nCEiIkoBHBW7o%2F2LNobb11M7F9XocfuokA4cpaDetrX9bAZbrejvW33gHKgspDmwZksnLOnap9hVMPT%2FNv3aypOrjz%2FMjMfRlObAPYaXWZWLiOtdc76gKOBnUQBBgL7fxHgzP3eQ3sVrCacVp8bSB2qzg1CP4PWPUTIxfAa03fhra17Ivupg%2BAXw1C4mKOGaWAtdjhSWnP6vffsp%2B7z8QbwwM3DobwPlHrZZ1uK1cCKnBYKDMv6817g93%2BbH7PA%2FPiH6kQvRbdt%2FrTAdKjqIhV9EAVZTX7ClaTRWtHBDrPv9GjdckJUKXm7Lf%2FrYD%2B2K1%2Fr1xCawNdi3Z6Xr5ywuEMNeka8KbX%2FOpietO5Yen0xjMW6lO4rMslbuyMEgazvjnmDnkud8dnWuwIg0wvPZD423hISuzXDGa%2FkVceauvyq2XgFldGEl8t1YY8GT4yubKsK%2BISQqh3EGxzRiYW84mYmVqPDz00RGzShmKfYTrSzcuRVTwINQhGWHNzRdh29ilDUSNRhuQmwJHGs5%2Fu1ok2xhCvL3QJldhlKEasbaYekxdqctOHci0bRenHPUSwYTU1Qw%3D%3D&type=1&brid=PB07-0HN7TH64V1VD0RUL4&nrid=d2218e201e345e262edcfa6ceea9f75c HTTP 302
  • https://static.imghst-de.com/5e4292eb-1fcd-416f-bd22-05377c27c163.png

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
www.dclicks.site/g101n/
Redirect Chain
  • http://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639b...
  • https://dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639...
  • https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-00...
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
942abb699797e615428c62da209bcaacb26d89835c91b80a1627de4af46d2579
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e55bbba0d1e42dc-EWR
content-encoding
zstd
content-type
text/html; charset=UTF-8
date
Wed, 20 Nov 2024 04:35:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rnrjf0PJw0G4YcA%2BOfRA14OzrXRMAsLVll8HBFvJTXztiaahAF3zD5VFStMj%2FRgvjQL4xQwqUGkfgnn8NEyxpA6s1S%2BOvSUeAk6TUn%2FK1sgAezhjCo7c39bnz2GUIJktP%2Bi0oXg6g2S6d32SHiQv"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=4244&sent=16&recv=13&lost=0&retrans=0&sent_bytes=5340&recv_bytes=5347&delivery_rate=996&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=622&x=1" cfHdrFlush;dur=0
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN SAMEORIGIN
x-permitted-cross-domain-policies
master-only master-only
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e55bbb80a4342dc-EWR
content-type
text/html
date
Wed, 20 Nov 2024 04:35:26 GMT
location
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XWj6wgIXJzlg5Ie8ne0nxnAyef58bkIyIZ843ZYL4qFThBu0C9M42iWdURXADKMCMJp1AwRGcLkELDwroIl6Pl3HXHxrJh8YQIp%2ByYOpZqy5VFzaNxIXXiVWrLLOHcuTFwVaICgwgd%2BhNEU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=4329&sent=13&recv=10&lost=0&retrans=0&sent_bytes=4186&recv_bytes=4647&delivery_rate=843&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=301&x=1" cfHdrFlush;dur=0
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block
styles.css
www.dclicks.site/g101n/css/ 		7 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/g101n/css/styles.css
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e74bcc05c436d6d3534dd4193fa1f29e3f109d328034e9bce6011a14731ec35

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"64e0d319-1c89"
age
4681684
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GkLzPGV%2B00RmfwEf1VvgdpljhPZbHylubUK8Ed2GkQihlgIcjPwtpNtDmRUTQioMNsouqlBYfH2Z%2Bo7I8o3Z7BxmuVw2SEar9OtN31o4BsGmKhZ%2Be14K9LeZW%2F%2FuB8Ex9xiAkCCFpJs1jtJvV2fp"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=15698&sent=30&recv=19&lost=0&retrans=1&sent_bytes=15454&recv_bytes=7036&delivery_rate=11855&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=870&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:26 GMT
content-type
text/css
last-modified
Sat, 19 Aug 2023 14:35:05 GMT
vary
Accept-Encoding
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e55bbbd38cb42dc-EWR
access-control-allow-origin
*
server
cloudflare
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.7.1/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
age
399265
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 13:41:01 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 13:41:01 GMT
last-modified
Tue, 12 Sep 2023 02:38:22 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
accept-ranges
bytes
access-control-allow-origin
*
content-length
30462
x-xss-protection
0
server
sffe
notifications.js
www.dclicks.site/g101n/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/g101n/js/notifications.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9c7de620de17d3edd06df7ad292c4317359dcef409be2b3c965dc62966c0a50

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"65b67350-629"
age
2341839
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bP4EjuAXIDryohHbSJHWzG%2Bxt9EHly%2BdotnNtEXE3iGUifzKdQ%2FzdJOmYTg56vXR3TpMKEPxikcsG2y2NJgOTlsRA8jXperLs%2FroeXSZxXyqKfZVPuJWJFJe6e4ILCRoUAQCSlw1u1j7h4Iy96gX"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=15698&sent=23&recv=19&lost=0&retrans=1&sent_bytes=9086&recv_bytes=7036&delivery_rate=11855&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=867&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:26 GMT
content-type
application/javascript
last-modified
Sun, 28 Jan 2024 15:31:28 GMT
vary
Accept-Encoding
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e55bbbd38cf42dc-EWR
access-control-allow-origin
*
server
cloudflare
pp.js
qfqbk.nxt-psh.com/ps/ 		35 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qfqbk.nxt-psh.com/ps/pp.js?id=0Yid_sX9ik-RuOQ0JAUTvw
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.194.119 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3bb6e24ca14b2640bad0481eafd520c6fca6dc18f7bf14b790bb5b9d4f317802

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
BYPASS
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ODmQJkD98wKd%2BKr4xFnBQXIOZ8jVw2IfkW%2FxuZ8%2BnSdbzRScFjPy%2FN1hjq%2BbHUKOEyV0LwA1vWk9pgaXq9rwgf0ngoT1C8PHk65kIYN7tIVwxykur4JOAKkXbqwoRVecz3NIuw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8e55bbbe2fc9b9c5-EWR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=3344&sent=12&recv=11&lost=0&retrans=0&sent_bytes=4266&recv_bytes=4419&delivery_rate=956&cwnd=12000&unsent_bytes=0&cid=d737adf82c63acdb&ts=224&x=1", cfExtPri, cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:27 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
priority
u=3,i=?0
ipp.js
qfqbk.ajscdn.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ipp.js?id=we8a2dGV7UaW0J1hPcisFQ
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.4.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c80e57ae0109a48b8381f859ae2861a15a013fee0e679e36cc155bc30f5eed0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
BYPASS
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pZOuaqQeFtgLJMV%2BPJAEHKuTlnzHtnGMOCExIXF9%2F%2BcXWEZoCpbHcQ9GXX%2BgSiu5yqpbEwMJebWaHAvSuQ%2Fajt1wM7ZnvGmaIt7vXP41ndXztTnnptWTc%2BwMb501ZWWCBRlU"}],"group":"cf-nel","max_age":604800}
cf-ray
8e55bbbeceee42e7-EWR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=12183&sent=12&recv=10&lost=0&retrans=0&sent_bytes=4237&recv_bytes=4366&delivery_rate=874&cwnd=12000&unsent_bytes=0&cid=814d6ce629b7b7de&ts=211&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:27 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
script.js
www.dclicks.site/g101n/js/ 		15 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/g101n/js/script.js
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c50c1a2f85f42fdb9a94187a348db9d8ae0b9b1de1d82afdf9140e79be51c8b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"64e0daf2-3ab1"
age
10655
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NTRs2xkiogWUw4PodViz45fpbyxL9PcnBim4LKbKu3Ppq7Ltu45ouNh0ha0PHdGe9zaPJsoV%2B9JtR6QXB5rqI1oqY8Rp1e08AghvPzDX4lHxm7Ye17wPWAai%2FjEnR1hQ6CE%2FlTD2Xg7rzulRzBLY"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=15698&sent=25&recv=19&lost=0&retrans=1&sent_bytes=10470&recv_bytes=7036&delivery_rate=11855&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=867&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:26 GMT
content-type
application/javascript
last-modified
Sat, 19 Aug 2023 15:08:34 GMT
vary
Accept-Encoding
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e55bbbd38d242dc-EWR
access-control-allow-origin
*
server
cloudflare
css
fonts.googleapis.com/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Montserrat&subset=latin-ext
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/css/styles.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d2985f60e922d8796396c202ffcb9f6f6c2a57f510cb49f9babf16d025c6b058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 04:35:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 04:35:27 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 20 Nov 2024 04:21:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
x.avifs
www.dclicks.site/g101n/images/ 		528 KB
529 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.dclicks.site/g101n/images/x.avifs
Requested by
Host: www.dclicks.site
URL: https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d75e680607ddf58717733871f056e8ae87e242be6162377b8f5e908f9a0c515
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk

Response headers

cf-cache-status
DYNAMIC
etag
"66e55aba-83ed1"
x-permitted-cross-domain-policies
master-only, master-only
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uk4K65jP3cNGIqsP9sOW7qocqP5AGsET9gCH3WdG98qlJcvCTCpiqfTjheBivQFVRDkZM6Ld7PX%2FqzFNf1%2FFTC48hkgEWy8qGoYGFeusrl%2BytDiUxAYlEb%2F7oTGb78J8G6aOq0asJfW%2BoV6S08CH"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff, nosniff
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30163&sent=35&recv=26&lost=0&retrans=1&sent_bytes=18271&recv_bytes=8342&delivery_rate=176308&cwnd=12000&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=1248&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:27 GMT
content-type
application/octet-stream
last-modified
Sat, 14 Sep 2024 09:43:22 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin, same-origin
cf-ray
8e55bbbe9a4042dc-EWR
accept-ranges
bytes
content-length
540369
x-xss-protection
1; mode=block, 1; mode=block
server
cloudflare
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
fonts.gstatic.com/s/montserrat/v29/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v29/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat&subset=latin-ext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.dclicks.site
Referer
https://fonts.googleapis.com/

Response headers

age
368820
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 22:08:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 22:08:27 GMT
last-modified
Wed, 06 Nov 2024 17:30:39 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18792
x-xss-protection
0
server
sffe
favicon.ico
www.dclicks.site/g101n/ 		99 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.dclicks.site/g101n/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:c9c5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3421d5dc43d6e5a7737267736e7e392c40269714995bb60dc5556f19d43300e0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.dclicks.site/g101n/index.php?t1=%7bsite_id%7d&t2=%7bvariation_id%7d&t3=exoclick%20e&t4=%7bcampaign_id%7d&t5=601626c6-c90e-4a77-affe-003639bbe51e&bemobdata=c%3d601626c6-c90e-4a77-affe-003639bbe51e..l%3d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%3d0..b%3d0..e%3d%257bconversi...%20311%20...3630&s2=2gjn9zkiwu7eu7vtzrdgnk

Response headers

content-encoding
zstd
cf-cache-status
HIT
etag
W/"63483631-18da3"
age
512844
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LlCOvXtSzspYUOtgWCNWAPH0Eyq21OwAaiJ%2Fz5Z8%2BC3adoeZ7H8P%2Bwg0XSZdl6T3XekZDcNjIWPrsWASlXPUBPMBobPM64e%2FkQX9SOMxS%2BPH1onipMuHEBny8E5JUNYVAWC%2B4UEVpxRb6YZow9tm"}],"group":"cf-nel","max_age":604800}
expires
Thu, 31 Dec 2037 23:55:55 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=30085&sent=505&recv=108&lost=0&retrans=1&sent_bytes=571770&recv_bytes=12562&delivery_rate=5493418&cwnd=160200&unsent_bytes=0&cid=ec5deb31dd3e53f1&ts=1647&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:27 GMT
content-type
image/x-icon
last-modified
Thu, 13 Oct 2022 16:00:49 GMT
vary
Accept-Encoding
cache-control
max-age=315360000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e55bbc21fc242dc-EWR
access-control-allow-origin
*
server
cloudflare
ippfeed2
qfqbk.ajscdn.com/ 		2 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ippfeed2?id=we8a2dGV7UaW0J1hPcisFQ&p=https%3A//www.dclicks.site/g101n/index.php%3Ft1%3D%257bsite_id%257d%26t2%3D%257bvariation_id%257d%26t3%3Dexoclick%2520e%26t4%3D%257bcampaign_id%257d%26t5%3D601626c6-c90e-4a77-affe-003639bbe51e%26bemobdata%3Dc%253d601626c6-c90e-4a77-affe-003639bbe51e..l%253d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%253d0..b%253d0..e%253d%25257bconversi...%2520311%2520...3630%26s2%3D2gjn9zkiwu7eu7vtzrdgnk&nrid=c063c704f801e29852f451e90b4dad6a
Requested by
Host: qfqbk.ajscdn.com
URL: https://qfqbk.ajscdn.com/ipp.js?id=we8a2dGV7UaW0J1hPcisFQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.4.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5eb6b6ec850b6872c21a0c567306f8f61e22dc58448c39fce18f8a2901bbf1f1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
inppu
5f55fe3b-281d-474d-bc83-e1af3b19f449
Referer

Response headers

content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oWx%2BU9PIimDEK0fM69AF7s%2BnttSdvA2XSZSMyvEpmbEz8iQBwU7iJodzqiNx%2B44APd5jFxiWYhjqDBKz8biXV%2BYx9znkbDo2tReiSiYjzqFfJOcSecLfsE6qkMZ9mr6Iv8ms"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=8844&sent=24&recv=17&lost=0&retrans=0&sent_bytes=16743&recv_bytes=5308&delivery_rate=294165&cwnd=14400&unsent_bytes=0&cid=814d6ce629b7b7de&ts=2748&x=1", cfHdrFlush;dur=0
date
Wed, 20 Nov 2024 04:35:29 GMT
content-type
application/json; charset=utf-8
vary
Origin
cache-control
max-age=0, no-cache, no-store, must-revalidate
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
referrer-policy
no-referrer
cf-ray
8e55bbcdfdef42e7-EWR
access-control-allow-origin
https://www.dclicks.site
server
cloudflare
ippfeed2
qfqbk.ajscdn.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://qfqbk.ajscdn.com/ippfeed2?id=we8a2dGV7UaW0J1hPcisFQ&p=https%3A//www.dclicks.site/g101n/index.php%3Ft1%3D%257bsite_id%257d%26t2%3D%257bvariation_id%257d%26t3%3Dexoclick%2520e%26t4%3D%257bcampaign_id%257d%26t5%3D601626c6-c90e-4a77-affe-003639bbe51e%26bemobdata%3Dc%253d601626c6-c90e-4a77-affe-003639bbe51e..l%253d8bb0a022-fc65-4fed-9ddb-79dfc1cdf444..a%253d0..b%253d0..e%253d%25257bconversi...%2520311%2520...3630%26s2%3D2gjn9zkiwu7eu7vtzrdgnk&nrid=c063c704f801e29852f451e90b4dad6a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.4.94 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
inppu
Access-Control-Request-Method
GET
Origin
https://www.dclicks.site
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
inppu
access-control-allow-methods
GET
access-control-allow-origin
https://www.dclicks.site
access-control-max-age
86400
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8e55bbcccd874265-EWR
date
Wed, 20 Nov 2024 04:35:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FuTg3ULG4gRRQZ1mpirjDKxZxNauF7ENyK%2FoNl3pp4wcJLtbwL1Oawq33HlAyQKi%2B%2B7E%2BuO%2B0S6QQfIoWvozM6YsN6KyEvtdvz1xi4gOFO6BWLGI3N%2FEje%2F4gWt6fT6H%2FBHP"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=10681&sent=10&recv=9&lost=0&retrans=0&sent_bytes=2259&recv_bytes=4515&delivery_rate=963&cwnd=12000&unsent_bytes=0&cid=91946a28f5c393d5&ts=206&x=1" cfHdrFlush;dur=0
x-nginx
filtered
css
fonts.googleapis.com/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,700|Roboto:400,700&subset=cyrillic
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c6710bd9e4f89f434d82297f4202f4e93b57df9049f016be41270ec171a0ced9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 20 Nov 2024 04:35:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 20 Nov 2024 04:35:29 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 20 Nov 2024 04:35:29 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73787cd7d8d0f1954e12f7dff2d5e396b7cc930ed72a27ff15ebca30b72bd786

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/jpeg
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700|Roboto:400,700&subset=cyrillic
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:816::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.dclicks.site
Referer
https://fonts.googleapis.com/

Response headers

age
416315
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sat, 15 Nov 2025 08:56:54 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 15 Nov 2024 08:56:54 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
5e4292eb-1fcd-416f-bd22-05377c27c163.png
static.imghst-de.com/ Frame 6DAA
Redirect Chain
  • https://inpp-ssp-trk.trkless.com/trk?s1=QgmRxgdUtwnpndqnSBOUPQYMoCaZuRaKkp48lKDmGbuXG9eze6LbuFefDAdxdcXZAhI4247Ojfay%2BWS82AL5gASSDejMVJWRLarbcKDSNv88jyw3fNJmazVyjoeXUFLthnsek9T0gQHISKl7tR4wf0rM7u4...
  • https://static.imghst-de.com/5e4292eb-1fcd-416f-bd22-05377c27c163.png
5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.imghst-de.com/5e4292eb-1fcd-416f-bd22-05377c27c163.png
Protocol
H2
Server
104.26.3.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de3d61095949e373c889dacf66572f3b9f1c3f577418573c68009d553be64816

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

cf-cache-status
HIT
etag
"66dee866-1544"
age
5447
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x5QiV2WGhPllkauaNwN8CfTr5560X6c7kePF7LIdOCr6RflCh6PMoBsA1JHpzdmwmDDgG7TtoWpUU4LgDiMCsylE1e92sOrEjzfavJE1jdXPnny1H8LW2D602lnrr%2BFTlwE2oVvn"}],"group":"cf-nel","max_age":604800}
server-timing
cfL4;desc="?proto=TCP&rtt=3682&sent=6&recv=12&lost=0&retrans=0&sent_bytes=3991&recv_bytes=2299&delivery_rate=994833&cwnd=253&unsent_bytes=0&cid=76624c5b5631c436&ts=23&x=0"
date
Wed, 20 Nov 2024 04:35:30 GMT
content-type
image/png
last-modified
Mon, 09 Sep 2024 12:21:58 GMT
vary
Accept-Encoding
cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
8e55bbd18efc7d18-EWR
accept-ranges
bytes
access-control-allow-origin
*
content-length
5444
server
cloudflare

Redirect headers

cache-control
max-age=0, no-cache, no-store, must-revalidate
location
https://static.imghst-de.com/5e4292eb-1fcd-416f-bd22-05377c27c163.png
cf-cache-status
DYNAMIC
accept-ch
Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DQgWHKnnoD%2Fjtj68Gk0C35VqVeaJVKYAB%2FuF%2B0%2B6EZ1a7BUE4s4ww%2FVIUuwCQETFe1hx6%2B2zzrOnFMjBbizkQVpravuPkcDRDtzY%2Bz%2BPcELmj6MHQOp%2FhIxnFlabKGeB26qMoUZqbBdwKqw%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy
no-referrer
cf-ray
8e55bbd03b784315-EWR
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=4791&sent=14&recv=11&lost=0&retrans=0&sent_bytes=4311&recv_bytes=5155&delivery_rate=874&cwnd=12000&unsent_bytes=0&cid=6346d6669c40fd0c&ts=197&x=1", cfHdrFlush;dur=0
content-length
0
date
Wed, 20 Nov 2024 04:35:30 GMT
server
cloudflare

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| getURLParameter function| replaceCustomParams function| __assign function| CountUp function| a0_0x2313 function| __showPush

4 Cookies

Domain/Path Name / Value
qfqbk.ajscdn.com/ Name: __inppu
Value: 5f55fe3b-281d-474d-bc83-e1af3b19f449
www.dclicks.site/ Name: __inppu
Value: 5f55fe3b-281d-474d-bc83-e1af3b19f449
www.dclicks.site/ Name: inpp_2BP4_EXH2
Value: 1
www.dclicks.site/ Name: inpp_2BP4_EXH2_cap
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
dclicks.site
fonts.googleapis.com
fonts.gstatic.com
inpp-ssp-trk.trkless.com
qfqbk.ajscdn.com
qfqbk.nxt-psh.com
static.imghst-de.com
www.dclicks.site
104.21.4.94
104.26.3.30
172.67.145.143
172.67.194.119
2606:4700:3035::ac43:c9c5
2607:f8b0:4006:816::2003
2607:f8b0:4006:81e::200a
2607:f8b0:4006:824::200a
0e74bcc05c436d6d3534dd4193fa1f29e3f109d328034e9bce6011a14731ec35
1c9c85d0b73b7321eb8ed22e0b6bcd577478dd5f99d1379a5d4cea10884033ac
2c80e57ae0109a48b8381f859ae2861a15a013fee0e679e36cc155bc30f5eed0
3421d5dc43d6e5a7737267736e7e392c40269714995bb60dc5556f19d43300e0
3bb6e24ca14b2640bad0481eafd520c6fca6dc18f7bf14b790bb5b9d4f317802
3c50c1a2f85f42fdb9a94187a348db9d8ae0b9b1de1d82afdf9140e79be51c8b
5eb6b6ec850b6872c21a0c567306f8f61e22dc58448c39fce18f8a2901bbf1f1
73787cd7d8d0f1954e12f7dff2d5e396b7cc930ed72a27ff15ebca30b72bd786
7d75e680607ddf58717733871f056e8ae87e242be6162377b8f5e908f9a0c515
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
942abb699797e615428c62da209bcaacb26d89835c91b80a1627de4af46d2579
a9c7de620de17d3edd06df7ad292c4317359dcef409be2b3c965dc62966c0a50
c6710bd9e4f89f434d82297f4202f4e93b57df9049f016be41270ec171a0ced9
d2985f60e922d8796396c202ffcb9f6f6c2a57f510cb49f9babf16d025c6b058
de3d61095949e373c889dacf66572f3b9f1c3f577418573c68009d553be64816
fc9a93dd241f6b045cbff0481cf4e1901becd0e12fb45166a8f17f95823f0b1a