adblock-one-protection.com Open in urlscan Pro
2606:4700:3036::6815:4be1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://filegot.site/all_ebook/EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3...
Effective URL:
https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
Submission Tags: falconsandbox
Submission: On April 21 via api (April 21st 2023, 9:42:27 pm UTC) from US — Scanned from NL

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 9 domains to perform 12 HTTP transactions. The main IP is 2606:4700:3036::6815:4be1, located in United States and belongs to CLOUDFLARENET, US. The main domain is adblock-one-protection.com. The Cisco Umbrella rank of the primary domain is 122496.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on February 27th 2023. Valid for: a year.

This is the only time adblock-one-protection.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3030::ac43:ca25	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	2606:4700:303... 2606:4700:3031::ac43:c38a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 3	35.201.70.46 35.201.70.46	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2606:4700:303... 2606:4700:3036::6815:4be1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
12	5

2 2a06:98c1:3120::3 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

filegot.site	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.2ue82.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3030::ac43:ca25 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

331hwh.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3031::ac43:c38a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

go.tffkroute.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.70.46 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 46.70.201.35.bc.googleusercontent.com

directdexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:3036::6815:4be1 (United States)

ASN13335 (CLOUDFLARENET, US)

adblock-one-protection.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	adblock-one-protection.com adblock-one-protection.com — Cisco Umbrella Rank: 122496	25 KB
3	directdexchange.com 2 redirects directdexchange.com	3 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 119	2 KB
1	gstatic.com fonts.gstatic.com	44 KB
1	tffkroute.com 1 redirects go.tffkroute.com — Cisco Umbrella Rank: 437557	535 B
1	331hwh.com 1 redirects 331hwh.com — Cisco Umbrella Rank: 388329	746 B
1	2ue82.com 1 redirects www.2ue82.com — Cisco Umbrella Rank: 536106	822 B
1	filegot.site 1 redirects filegot.site	644 B
0	Failed function sub() { [native code] }. Failed
12	9

	Domain	Requested by
4	adblock-one-protection.com	directdexchange.com adblock-one-protection.com
3	directdexchange.com	2 redirects
2	fonts.googleapis.com	adblock-one-protection.com
1	fonts.gstatic.com	fonts.googleapis.com
1	go.tffkroute.com	1 redirects
1	331hwh.com	1 redirects
1	www.2ue82.com	1 redirects
1	filegot.site	1 redirects
0	fihgokmkngdlhbfhkcfpddknldflggpc Failed	adblock-one-protection.com
12	9

This site contains links to these domains. Also see Links.

Domain
adblock-guru.com

Subject Issuer	Validity	Valid
directdexchange.com Sectigo RSA Domain Validation Secure Server CA	`2023-01-25` - `2024-01-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-02-27` - `2024-02-26`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-04-03` - `2023-06-26`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
Frame ID: 2153F255E3B91DA291F7A259937A4FCC
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Chrome Notification

Page URL History Show full URLs

https://filegot.site/all_ebook/EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%... HTTP 302
https://www.2ue82.com/scripts/un981c6l?a_aid=45102607&a_bid=e97084f5&data1=EL+D%C3%8DA+QUE+MI+VIDA... HTTP 301
https://331hwh.com/g?visitorid=e58fef1dc89b103a9ffedbbd94nRfA6Z&refid=45102607&bannerid=e97084f... HTTP 302
https://go.tffkroute.com/click?pid=6&offer_id=618&ref_id=e58fef1dc89b103a9ffedbbd94nRfA6Z_45102607_e9... HTTP 302
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07 Page URL
https://directdexchange.com/jump/next.php?stamat=m%257CanNiPyo2aQdH8AH0dEdHP3xP.e91%252CS0kXXHXf2ck-DOZ9... HTTP 302
https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cg3Y_oiF-tGU3B0-GH0dEdHP3xP.542%252CR... HTTP 302
https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-... Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

12
Requests

67 %
HTTPS

86 %
IPv6

9
Domains

9
Subdomains

5
IPs

2
Countries

74 kB
Transfer

93 kB
Size

3
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://adblock-guru.com/privacy.html
Title: Privacy Policy.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://filegot.site/all_ebook/EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%ADguez HTTP 302
https://www.2ue82.com/scripts/un981c6l?a_aid=45102607&a_bid=e97084f5&data1=EL+D%C3%8DA+QUE+MI+VIDA+CAY%C3%93+-+CALL%C3%93+de+Milagros+Rodr%C3%ADguez HTTP 301
https://331hwh.com/g?visitorid=e58fef1dc89b103a9ffedbbd94nRfA6Z&refid=45102607&bannerid=e97084f5&extra_data1=EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%ADguez&extra_data2= HTTP 302
https://go.tffkroute.com/click?pid=6&offer_id=618&ref_id=e58fef1dc89b103a9ffedbbd94nRfA6Z_45102607_e97084f5&sub1=45102607 HTTP 302
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07 Page URL
https://directdexchange.com/jump/next.php?stamat=m%257CanNiPyo2aQdH8AH0dEdHP3xP.e91%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM-jNynSUdHe-QzhcsxloyCGmcVKhZZznLrEMUxctuUupjAfmzX1cNWDPl323PyIb2-09y0nlQU-FME0vTE1PCaI&cbpage=https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07&cbur=0.47819866507854103&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref= HTTP 302
https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cg3Y_oiF-tGU3B0-GH0dEdHP3xP.542%252CRZjXDVxBEL86XeD6sDkIUfH7BujyzEtKnFFZFo-evgiiUTE1pc1O2ygFo50o2eFAwGWkThIAPfclBM5CjmW3shsOA56EHDNEevqICvTWAvy9GB743_U87i_OFsX-LxBIEW6wFIB8NkzQsC9sRTCUUbO3dfOQF-AksjRvgqqTrPWw6XVDxVT9xVfQbbpLn86CDRKlNrAj2H7iw85dNbzG-ezugnkOaLY69B5nuvLHIwj7EWOFVOUN40e2axItLfwUhaEIy3q80tD86LN3ffLqtpsY6IVNgPhSNR3IQU-BXEFw2o4--mF7ynKBjKJfJeP01qg_GoYDBLDxK4IVd_jbK4XtpuUFig9ErJ4hrykGDrPAHkY7qSW73WZjY1kt0jnnwmXg05uu6_jQyndXSTUg_wi5U_PvW-35gWZyW7WP9f6Zn3sUOeG7p8yGjVRdjWdgECR56IbO62OUkjAPe4xCxiOBfCeZQ3_xgejhXHLCqFzUP539ReWPmFG55_YUd4VoEV2GQGAvGtBdi0p7HZqS6zk4CytFlQ-0y0PRToE-vcuKrOPwyEpybseXYu9JYAq9LmHoceQ_AltRYZkFFzgyAd4XqE9jlid5NZwGG1iRJkU%252C HTTP 302
https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://filegot.site/all_ebook/EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%ADguez HTTP 302
https://www.2ue82.com/scripts/un981c6l?a_aid=45102607&a_bid=e97084f5&data1=EL+D%C3%8DA+QUE+MI+VIDA+CAY%C3%93+-+CALL%C3%93+de+Milagros+Rodr%C3%ADguez HTTP 301
https://331hwh.com/g?visitorid=e58fef1dc89b103a9ffedbbd94nRfA6Z&refid=45102607&bannerid=e97084f5&extra_data1=EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%ADguez&extra_data2= HTTP 302
https://go.tffkroute.com/click?pid=6&offer_id=618&ref_id=e58fef1dc89b103a9ffedbbd94nRfA6Z_45102607_e97084f5&sub1=45102607 HTTP 302
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07

12 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

next.php
directdexchange.com/jump/
Redirect Chain

https://filegot.site/all_ebook/EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%ADguez
https://www.2ue82.com/scripts/un981c6l?a_aid=45102607&a_bid=e97084f5&data1=EL+D%C3%8DA+QUE+MI+VIDA+CAY%C3%93+-+CALL%C3%93+de+Milagros+Rodr%C3%ADguez
https://331hwh.com/g?visitorid=e58fef1dc89b103a9ffedbbd94nRfA6Z&refid=45102607&bannerid=e97084f5&extra_data1=EL%20D%C3%8DA%20QUE%20MI%20VIDA%20CAY%C3%93%20-%20CALL%C3%93%20de%20Milagros%20Rodr%C3%A...
https://go.tffkroute.com/click?pid=6&offer_id=618&ref_id=e58fef1dc89b103a9ffedbbd94nRfA6Z_45102607_e97084f5&sub1=45102607
https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07

7 KB
3 KB

187ms
144ms

Document
text/html

35.201.70.46
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.70.46 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 46.70.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 21 Apr 2023 21:42:22 GMT
server: openresty
via: 1.1 google

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7bb8cbe6ed560e3a-AMS
content-length: 0
date: Fri, 21 Apr 2023 21:42:22 GMT
location: https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yDc85oNjfP6e6Zr8QUspucRIDlkFXDb6jmalJ9jbPCFq7CN9OIWBF%2B%2Fu4xHxU6oQ7LBwLluhGR177%2FztOSLit%2FMqreEXAqdwqFdOxsyaO%2Bcq97vTmP0%2BGXeh5Q7kMXkkB7%2FMsdyJ20mAyKXp41y7"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-adjust-use-original-forwarded-for: 1

GET
H2

200

Primary Request notification.html Show response
adblock-one-protection.com/
Redirect Chain

https://directdexchange.com/jump/next.php?stamat=m%257CanNiPyo2aQdH8AH0dEdHP3xP.e91%252CS0kXXHXf2ck-DOZ9HRvwuM9aL_G46JdZU-2oa3bmXM-jNynSUdHe-QzhcsxloyCGmcVKhZZznLrEMUxctuUupjAfmzX1cNWDPl323PyIb2-09...
https://directdexchange.com/script/i.php?t=1&stamat=m%257C%252C%252Cg3Y_oiF-tGU3B0-GH0dEdHP3xP.542%252CRZjXDVxBEL86XeD6sDkIUfH7BujyzEtKnFFZFo-evgiiUTE1pc1O2ygFo50o2eFAwGWkThIAPfclBM5CjmW3shsOA56EHD...
https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

10 KB
4 KB

122ms
76ms

Document
text/html

2606:4700:3036::6815:4be1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Requested by

Host: directdexchange.com
URL: https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:4be1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

645e41afbf4e7695701ba89aba51d02bb1ce50d507f420a87c49c118ff36ded4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000

Request headers

Referer: https://directdexchange.com/jump/next.php?r=3052727&sub1=pcpa1-645102607-618-5f0f018d2bdea5690c593f07
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7bb8cbeb7d5841e8-AMS
content-encoding: br
content-type: text/html
date: Fri, 21 Apr 2023 21:42:23 GMT
last-modified: Mon, 27 Feb 2023 17:54:47 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9RvYWZ%2FGBCke7VmU%2BqQbg0J%2F7qyBfhsSsJIeouKQEUyXdDHEunKACbOuCMOXFl9uLLMxyyPkKsLfF5jFSaDq4Y%2FgIzoFM4%2BE2Ja45Rd5Bn8h4iANZ%2ByFyMGbooUysRfAtQHRme7dNvzNg74x5n50VMj73wxObDmvKw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=16000000
vary: Accept-Encoding

Redirect headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: text/html; charset=utf-8
date: Fri, 21 Apr 2023 21:42:23 GMT
location: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
server: openresty
via: 1.1 google

GET
H2 200 chrome-notification-LP.css
adblock-one-protection.com/ 3 KB
1 KB 21ms
20ms Stylesheet
text/css 2606:4700:3036::6815:4be1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://adblock-one-protection.com/chrome-notification-LP.css

Requested by

Host: adblock-one-protection.com
URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:4be1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

183dd3c151874d6f696b780a54e23ab7524fd73e0418c1fb81b6f78e47729c02

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:42:23 GMT
strict-transport-security: max-age=16000000
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 27 Feb 2023 17:54:36 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3140
etag: W/"a8c-5f5b22c16aa9b-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2BL%2Bob%2BqjhPApRRiuVBdVMhkuvwqs6Es3dfCZAQKy41wLCo2zM%2FiT%2BuKO5Eg51VEzCDYglm46E1svJ5BDLSQAK4AfUFqMjExh3f5YtX5P22Ba6K13Ho5P%2BSfveMAPoDNNsy%2FwME6eTeqaLqYl1mLr%2B%2FlC2mPo9LaYw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=14400
cf-ray: 7bb8cbec0d8441e8-AMS
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 css
fonts.googleapis.com/ 9 KB
824 B 81ms
31ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,700,800&display=swap

Requested by

Host: adblock-one-protection.com
URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

39fa995445040bd37f19d9231733b24e6f18318c992a80898e27bef4bc93f8d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://adblock-one-protection.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 21 Apr 2023 21:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 20:10:01 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Apr 2023 21:42:23 GMT

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1023 B 80ms
30ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Varela+Round&display=swap

Requested by

Host: adblock-one-protection.com
URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b65b92da8ef150f21fca355bb79a852862ead18e54a8b675b708dc65caf5e5ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://adblock-one-protection.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 21 Apr 2023 21:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/bcfae741e379a885f2ab2cf83ebe6d32
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 21 Apr 2023 20:01:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 21 Apr 2023 21:42:23 GMT

GET
H2 200 gear.png
adblock-one-protection.com/img/ 13 KB
14 KB 21ms
21ms Image
image/png 2606:4700:3036::6815:4be1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adblock-one-protection.com/img/gear.png

Requested by

Host: adblock-one-protection.com
URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:4be1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6004485d4591d0541dae0fcd5d1f0acd0f045a438319dc512553daececdfd420

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:42:23 GMT
strict-transport-security: max-age=16000000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 91
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13780
last-modified: Mon, 27 Feb 2023 17:55:04 GMT
server: cloudflare
etag: "35d4-5f5b22dc0ff3b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MYwhbdnusxzH%2F9ELVNXNLetNQSdhe6C4LqWcYTBakX7pXntpR8miJGSN2Zwj6GiGENWuUEdixp%2BhqXAt6GczpAo5d51PCnGSDh7v%2Bt1jqPnpnUNyx5zSSd1KYc2LfMN02xq8qbEa3FZZ%2BEwPUwa%2BtS7NPsZbjDfnEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7bb8cbec1d9241e8-AMS

GET
H2 200 ChromeWebStore_Badge_v2_340x96.png
adblock-one-protection.com/img/ 6 KB
6 KB 23ms
23ms Image
image/png 2606:4700:3036::6815:4be1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adblock-one-protection.com/img/ChromeWebStore_Badge_v2_340x96.png

Requested by

Host: adblock-one-protection.com
URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3036::6815:4be1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f49e4bff319083c20b3386f23547315773631e155e389ed42550295e4913e12d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Fri, 21 Apr 2023 21:42:23 GMT
strict-transport-security: max-age=16000000
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3179
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 5640
last-modified: Mon, 27 Feb 2023 17:55:05 GMT
server: cloudflare
etag: "1608-5f5b22dd0fcfb"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f49vVBlZAdXeCJMCrVMqe7JM%2BuaakFXbQdbeJerhyJtuLwgS68pWY6%2BWFPC3Ev7tq21hk6nBBAAwvhU0e5HOEbTpjzgBuOE3nib6KwY045lRvc8n6ufoukDIK62CfLlU2471m3bRiU0%2BBN%2FwkkNyomDynnnKaj0uaA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7bb8cbec1d9341e8-AMS

GET 128.png
fihgokmkngdlhbfhkcfpddknldflggpc/ 0
0

GET
DATA 200
OK truncated
/ 173 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b

Request headers

accept-language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 103ms
31ms Font
font/woff2 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,700,800&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://adblock-one-protection.com
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date: Tue, 18 Apr 2023 02:01:11 GMT
x-content-type-options: nosniff
age: 330074
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 17 Apr 2024 02:01:11 GMT

GET 128.png
fihgokmkngdlhbfhkcfpddknldflggpc/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: fihgokmkngdlhbfhkcfpddknldflggpc
URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png

Domain: fihgokmkngdlhbfhkcfpddknldflggpc
URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png

Domain: fihgokmkngdlhbfhkcfpddknldflggpc
URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png

Domain: fihgokmkngdlhbfhkcfpddknldflggpc
URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
filegot.site/	1970-01-20 11:16:39	Name: asdfgh_all_ebook Value: 0
www.2ue82.com/	1970-01-20 11:15:13	Name: PAPAffiliateId Value: 45102607
www.2ue82.com/	1970-01-20 20:00:49	Name: PAPVisitorId Value: e58fef1dc89b103a9ffedbbd94nRfA6Z

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0(Line 118) Message: Access to XMLHttpRequest at 'chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png' from origin 'https://adblock-one-protection.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0 Message: Access to XMLHttpRequest at 'chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png' from origin 'https://adblock-one-protection.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0 Message: Access to XMLHttpRequest at 'chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png' from origin 'https://adblock-one-protection.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0 Message: Access to XMLHttpRequest at 'chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png' from origin 'https://adblock-one-protection.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://adblock-one-protection.com/notification.html?an=ac&cid=168211334210000TDETV4890885624V5ccf&sid=3052727-689437888-0 Message: Access to XMLHttpRequest at 'chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png' from origin 'https://adblock-one-protection.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network	error	URL: chrome-extension://fihgokmkngdlhbfhkcfpddknldflggpc/128.png Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

331hwh.com
adblock-one-protection.com
directdexchange.com
fihgokmkngdlhbfhkcfpddknldflggpc
filegot.site
fonts.googleapis.com
fonts.gstatic.com
go.tffkroute.com
www.2ue82.com
fihgokmkngdlhbfhkcfpddknldflggpc
2606:4700:3030::ac43:ca25
2606:4700:3031::ac43:c38a
2606:4700:3036::6815:4be1
2a00:1450:4001:812::200a
2a00:1450:4001:82f::2003
2a06:98c1:3120::3
35.201.70.46
183dd3c151874d6f696b780a54e23ab7524fd73e0418c1fb81b6f78e47729c02
39fa995445040bd37f19d9231733b24e6f18318c992a80898e27bef4bc93f8d8
6004485d4591d0541dae0fcd5d1f0acd0f045a438319dc512553daececdfd420
645e41afbf4e7695701ba89aba51d02bb1ce50d507f420a87c49c118ff36ded4
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8e32d99e816a42958b9473f470a2600963602981007576d85220044e6137965b
b65b92da8ef150f21fca355bb79a852862ead18e54a8b675b708dc65caf5e5ad
f49e4bff319083c20b3386f23547315773631e155e389ed42550295e4913e12d

adblock-one-protection.com Open in urlscan Pro 2606:4700:3036::6815:4be1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

67 %HTTPS

86 %IPv6

9 Domains

9 Subdomains

5 IPs

2 Countries

74 kBTransfer

93 kBSize

3 Cookies

1 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

3 Cookies

10 Console Messages

Indicators

adblock-one-protection.com Open in urlscan Pro
2606:4700:3036::6815:4be1 Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

67 %
HTTPS

86 %
IPv6

9
Domains

9
Subdomains

5
IPs

2
Countries

74 kB
Transfer

93 kB
Size

3
Cookies

12 HTTP transactions
1 data transactions