landing.add-now.org Open in urlscan Pro
2606:4700:3037::6815:21d9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://livecinemaplay.com/tds3_new2.html?zoneid=5925106
Effective URL:
https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=Prop...
Submission: On December 07 via api (December 7th 2023, 1:31:54 pm UTC) from US — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 14 IPs in 5 countries across 13 domains to perform 27 HTTP transactions. The main IP is 2606:4700:3037::6815:21d9, located in United States and belongs to CLOUDFLARENET, US. The main domain is landing.add-now.org. The Cisco Umbrella rank of the primary domain is 640600.
TLS certificate: Issued by GTS CA 1P5 on November 9th 2023. Valid for: 3 months.

This is the only time landing.add-now.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:8c8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2.21.74.49 2.21.74.49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
2	139.45.195.253 139.45.195.253	9002 (RETN-AS) (RETN-AS)
1 3	2.21.74.65 2.21.74.65	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2606:4700:303... 2606:4700:3032::6815:7c7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:303... 2606:4700:3037::6815:21d9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.167.85.21 52.167.85.21	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
27	14

1 2606:4700::6812:8c8 (United States)

ASN13335 (CLOUDFLARENET, US)

livecinemaplay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.21.74.49 (Prague, Czech Republic) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-74-49.deploy.static.akamaitechnologies.com

ak.roudoduor.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.253 (United Kingdom)

ASN9002 (RETN-AS, GB)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.21.74.65 (Prague, Czech Republic) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-74-65.deploy.static.akamaitechnologies.com

ak.deephicy.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:3032::6815:7c7 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

ad-blocking24.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:3037::6815:21d9 (United States)

ASN13335 (CLOUDFLARENET, US)

landing.add-now.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.167.85.21 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

i.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	add-now.org landing.add-now.org — Cisco Umbrella Rank: 640600	70 KB
5	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 796 c.clarity.ms — Cisco Umbrella Rank: 1377 i.clarity.ms — Cisco Umbrella Rank: 18363	27 KB
3	gstatic.com fonts.gstatic.com	53 KB
3	deephicy.net 1 redirects ak.deephicy.net — Cisco Umbrella Rank: 98971	15 KB
3	roudoduor.com 1 redirects ak.roudoduor.com	14 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	2 KB
2	ad-blocking24.net 1 redirects ad-blocking24.net — Cisco Umbrella Rank: 125446	1 KB
2	datatechone.com datatechone.com — Cisco Umbrella Rank: 41680	937 B
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 12331	983 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 228	761 B
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2189	248 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	83 KB
1	livecinemaplay.com livecinemaplay.com	4 KB
27	13

	Domain	Requested by
6	landing.add-now.org	landing.add-now.org
3	fonts.gstatic.com	fonts.googleapis.com
3	ak.deephicy.net	1 redirects ak.deephicy.net
3	ak.roudoduor.com	1 redirects livecinemaplay.com ak.roudoduor.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	landing.add-now.org www.clarity.ms
2	fonts.googleapis.com	landing.add-now.org
2	ad-blocking24.net	1 redirects
2	datatechone.com	ak.roudoduor.com ak.deephicy.net
2	my.rtmark.net	ak.roudoduor.com ak.deephicy.net
1	i.clarity.ms	www.clarity.ms
1	c.bing.com	1 redirects
1	region1.google-analytics.com	www.googletagmanager.com
1	www.googletagmanager.com	landing.add-now.org
1	livecinemaplay.com
27	15

This site contains no links.

Subject Issuer	Validity	Valid
livecinemaplay.com E1	`2023-11-14` - `2024-02-12`	3 months	crt.sh
ak.hetaruwg.com R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
rtmark.net R3	`2023-10-07` - `2024-01-05`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2022-12-18` - `2023-12-24`	a year	crt.sh
add-now.org GTS CA 1P5	`2023-11-09` - `2024-02-07`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-08-29` - `2024-08-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
ad-blocking24.net E1	`2023-11-05` - `2024-02-03`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
Frame ID: 724888F7AA68A81F3D8DF70E20D71890
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AdSweeper

Page URL History Show full URLs

https://livecinemaplay.com/tds3_new2.html?zoneid=5925106 Page URL
https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null Page URL
https://ak.roudoduor.com/?z=5925106&syncedCookie=true&rhd=false HTTP 302
https://ak.deephicy.net/4/6118780/?var=5925106 Page URL
https://ak.deephicy.net/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://ad-blocking24.net/cp4kl7k.php?key=cvkb851un7wcxn431w3l&visitor_id=756620523789881784&cost=0.00... HTTP 302
https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzw... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

27
Requests

96 %
HTTPS

60 %
IPv6

13
Domains

15
Subdomains

14
IPs

5
Countries

268 kB
Transfer

643 kB
Size

30
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://livecinemaplay.com/tds3_new2.html?zoneid=5925106 Page URL
https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null Page URL
https://ak.roudoduor.com/?z=5925106&syncedCookie=true&rhd=false HTTP 302
https://ak.deephicy.net/4/6118780/?var=5925106 Page URL
https://ak.deephicy.net/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://ad-blocking24.net/cp4kl7k.php?key=cvkb851un7wcxn431w3l&visitor_id=756620523789881784&cost=0.000922&zoneid=6118780&campaignid=7726687&bannerid=19793729&subzoneid=0 HTTP 302
https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://ak.roudoduor.com/?z=5925106&syncedCookie=true&rhd=false HTTP 302
https://ak.deephicy.net/4/6118780/?var=5925106

Request Chain 24

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&RedC=c.clarity.ms&MXFR=21B44CDBC47467CB235B5F3BC0746997 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&MUID=0911DF7071B163EC19C2CC9070636268

27 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 tds3_new2.html
livecinemaplay.com/ 6 KB
4 KB 59ms
17ms Document
text/html 2606:4700::6812:8c8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://livecinemaplay.com/tds3_new2.html?zoneid=5925106
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:8c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 5867
cache-control: public, max-age=2678400
cf-cache-status: HIT
cf-ray: 831d218bf923690d-FRA
content-encoding: br
content-type: text/html
date: Thu, 07 Dec 2023 13:31:48 GMT
expires: Sun, 07 Jan 2024 13:31:48 GMT
last-modified: Thu, 07 Dec 2023 08:59:22 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 afu.php Show response
ak.roudoduor.com/ 30 KB
13 KB 117ms
42ms Document
text/html 2.21.74.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null

Requested by

Host: livecinemaplay.com
URL: https://livecinemaplay.com/tds3_new2.html?zoneid=5925106

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.74.49 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-74-49.deploy.static.akamaitechnologies.com

Software

Resource Hash

e10d9d1877c5479601865fb22bffe42fa86e03315b109253598c0c1552e32d79

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 12415
content-type: text/html; charset=utf8
date: Thu, 07 Dec 2023 13:31:48 GMT
expires: Thu, 07 Dec 2023 13:31:48 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
strict-transport-security: max-age=1
timing-allow-origin: * *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: 16204bbe1e0625696c9415f7c632b65d

POST
H2 200 sftouch
ak.roudoduor.com/ 2 B
540 B 36ms
36ms Ping
text/plain 2.21.74.49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.roudoduor.com/sftouch?userId=45944cfe5b534b91b4c26fc83532bc70&z=5925106&p_rid=d11801fc-07bb-4bab-8091-0f7bf2b52e64&p_src=sf

Requested by

Host: ak.roudoduor.com
URL: https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.74.49 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-74-49.deploy.static.akamaitechnologies.com

Software

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

strict-transport-security: max-age=1
date: Thu, 07 Dec 2023 13:31:48 GMT
x-content-type-options: nosniff
content-length: 2
x-trace-id: 5a35ba48fd015afddff792cf2089838d
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://ak.roudoduor.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Thu, 07 Dec 2023 13:31:48 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
492 B 56ms
14ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=45944cfe5b534b91b4c26fc83532bc70&z=5925106&p_rid=d11801fc-07bb-4bab-8091-0f7bf2b52e64&p_src=sf

Requested by

Host: ak.roudoduor.com
URL: https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ak.roudoduor.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
469 B 58ms
16ms XHR
text/plain 139.45.195.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by: Host: ak.roudoduor.com
URL: https://ak.roudoduor.com/afu.php?zoneid=5925106&ymid=null&var=null
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://ak.roudoduor.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 07 Dec 2023 13:31:48 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://ak.roudoduor.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2

200

/ Show response
ak.deephicy.net/4/6118780/
Redirect Chain

https://ak.roudoduor.com/?z=5925106&syncedCookie=true&rhd=false
https://ak.deephicy.net/4/6118780/?var=5925106

30 KB
13 KB

105ms
44ms

Document
text/html

2.21.74.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.deephicy.net/4/6118780/?var=5925106
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.74.65 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-74-65.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: b0021af002bba23fe301aa696bfd9d7b92e36af96730496a669f1c8b9beecd9f

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.roudoduor.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 12432
content-type: text/html; charset=utf8
date: Thu, 07 Dec 2023 13:31:48 GMT
expires: Thu, 07 Dec 2023 13:31:48 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding
x-trace-id: b2fd80ff8b927adb65de7c1d54f9b79b

Redirect headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ak.roudoduor.com
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Thu, 07 Dec 2023 13:31:48 GMT
expires: Thu, 07 Dec 2023 13:31:48 GMT
link: <https://ak.deephicy.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://ak.deephicy.net/4/6118780/?var=5925106
pragma: no-cache
referrer-policy: no-referrer
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 45ecd4a5f599682b5025b23b845c17e9

POST
H2 200 sftouch
ak.deephicy.net/ 2 B
538 B 47ms
46ms Ping
text/plain 2.21.74.65
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.deephicy.net/sftouch?userId=501e567b114246a6905124b33d3772b9&z=6118780&p_rid=81863b50-eaf9-4619-bf73-e5d3b5359475&p_src=sf

Requested by

Host: ak.deephicy.net
URL: https://ak.deephicy.net/4/6118780/?var=5925106

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.74.65 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-74-65.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ak.deephicy.net/4/6118780/?var=5925106
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

strict-transport-security: max-age=1
date: Thu, 07 Dec 2023 13:31:48 GMT
x-content-type-options: nosniff
content-length: 2
x-trace-id: e05204a19c2a3cac0225ac4aa3267ec6
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://ak.deephicy.net
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Thu, 07 Dec 2023 13:31:48 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
491 B 14ms
14ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=501e567b114246a6905124b33d3772b9&z=6118780&p_rid=81863b50-eaf9-4619-bf73-e5d3b5359475&p_src=sf

Requested by

Host: ak.deephicy.net
URL: https://ak.deephicy.net/4/6118780/?var=5925106

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ak.deephicy.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:48 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
468 B 14ms
14ms XHR
text/plain 139.45.195.253
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
Requested by: Host: ak.deephicy.net
URL: https://ak.deephicy.net/4/6118780/?var=5925106
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.195.253 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://ak.deephicy.net/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 07 Dec 2023 13:31:48 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://ak.deephicy.net
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2

200

Primary Request t28a Show response
landing.add-now.org/
Redirect Chain

https://ak.deephicy.net/?z=6118780&syncedCookie=true&rhd=false
https://ad-blocking24.net/cp4kl7k.php?key=cvkb851un7wcxn431w3l&visitor_id=756620523789881784&cost=0.000922&zoneid=6118780&campaignid=7726687&bannerid=19793729&subzoneid=0
https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o...

2 KB
1 KB

177ms
22ms

Document
text/html

2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94bcb5e1df6f9dcb7c74fbf28ebcaf30a459012b539edd60342afa06f6d302e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.deephicy.net
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 831d219178051e68-FRA
content-encoding: br
content-type: text/html
date: Thu, 07 Dec 2023 13:31:49 GMT
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=teB4JzF7mZ%2FXAztOzYr2YmdIy17ANI6sCLxUCbz0jlfhJYSGD1eh6MuGIvipvrhmfY0kXxsflpIaugNRCxQ7rJrOBVqlTFaAFLfXAGzZi4L4o2k28ro4XlPQ%2BganBM9Y7EXBBZt8QE5I1zMR3OiQjokB"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 831d2190395fbb43-FRA
content-type: text/html; charset=UTF-8
date: Thu, 07 Dec 2023 13:31:49 GMT
location: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5eOm4cvtmmtdLwwTnmlCQbsFO29TNej43zvjuGMFtaSWMX8gEQoORWrNd6fQjli5s%2BWq9E%2BaC%2BfZwUB0pINjXtvYX8TlpV8yQ71lTih2S83%2FAH8ZRaViLg%2F%2FNkpFxtBFRLQ3g%2FP9L2Hi%2Brh9gJ8FwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 style.css
landing.add-now.org/t28a/ 3 KB
1 KB 19ms
18ms Stylesheet
text/css 2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.add-now.org/t28a/style.css?aae31b1596d7aec1f1223d6a959cded9

Requested by

Host: landing.add-now.org
URL: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1301a3d95702de3b7b756e303f84ef56c085180dd27bf6a08627d0b5190393f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 82408
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
server: cloudflare
etag: W/"65703a60-ae0"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pj5hB4Ipzj8bYzHj5LSdbcWFr4fFlxnlE3SE7YvcR%2FaE%2FF2Y52yxUYS0DrxJl3arYkL3slzdCAsmsTIl3my8CcvBeYjct6pTek3h%2B3NSFDA%2BemjcXTamUR9TJe95RL6Ag5aSpKtuLRLnQWDtRHTEFwOf"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 831d2191a8481e68-FRA
expires: Thu, 05 Dec 2024 14:38:21 GMT

GET
H2 200 shared.css
landing.add-now.org/styles/ 54 KB
28 KB 20ms
20ms Stylesheet
text/css 2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.add-now.org/styles/shared.css?aae31b1596d7aec1f1223d6a959cded9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

658622c2af479f22ef4479693ad4135f419b34ff2655fe506d0b5d72c53dbba3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 950
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
server: cloudflare
etag: W/"65703a60-d7e7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qsYYBuNZWleaK1njAv%2Fvm%2BFyQ11hAPdtzaf6HRuAY4er3S2Ld1IEplvij9LoL5%2Fjfo5HPly1kclM3mBcooFm14Qv6sZpm0DY6%2FZy0EHJ3se%2BuZcyP5rmht%2FiK4YQgxPAYkw0gNIVx%2F7Xrlveffhiy1N8"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 831d2191a8491e68-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 236 KB
83 KB 66ms
28ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WV373MWWXX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ac2e083705b2e923fac5e3c3fed3ffacabde2994fffdc192385cb96ed10e7b75

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 84166
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 07 Dec 2023 13:31:49 GMT

GET
H2 200 index.js Show response
landing.add-now.org/js/ 158 KB
37 KB 22ms
22ms Script
application/javascript 2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.add-now.org/js/index.js?aae31b1596d7aec1f1223d6a959cded9

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

beeec7fbc2ad6fdec4ba693e6861c973f24315c87cd45fa456d346ea5e7232e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 950
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
server: cloudflare
etag: W/"65703a60-278ef"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UD2jEdpKO0f2DDEMOiedQhqNN%2BrDDmk%2F%2FSMoas2djYZbeiLGk9ZddcDa%2BbnrZdmeLbpNrMvjxRl4%2BrTcxibOmyZ1AucAlfrzT46c7rEcEonDf3GpZ06pizuYb%2B4PQo37PhAQaSgWtUCpXO%2B3xiEwl7oz"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 831d2191a84b1e68-FRA

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
1 KB 62ms
24ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Nunito+Sans:opsz@6..12&display=swap

Requested by

Host: landing.add-now.org
URL: https://landing.add-now.org/t28a/style.css?aae31b1596d7aec1f1223d6a959cded9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a6b6a6b1a31bc200bf5df9e0f37473398e007bc238a5242932ad286d3d3ca240

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 13:31:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 13:27:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 13:31:49 GMT

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
791 B 62ms
25ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Requested by

Host: landing.add-now.org
URL: https://landing.add-now.org/styles/shared.css?aae31b1596d7aec1f1223d6a959cded9

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d5e4168c549beeeb7946e688c11e8ebec9ae7d2d53fd20a1992660551b7b3668

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 07 Dec 2023 13:31:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 11:59:30 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 07 Dec 2023 13:31:49 GMT

GET
H2 200 jfl2pu6cif Show response
www.clarity.ms/tag/ 650 B
1014 B 129ms
97ms Script
application/x-javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jfl2pu6cif
Requested by: Host: landing.add-now.org
URL: https://landing.add-now.org/js/index.js?aae31b1596d7aec1f1223d6a959cded9
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ae3c75c1a70505b9b9ce8680ded2667f0ad5ab3dbe38b3a45c9a9d95547ac7e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

expires: -1
date: Thu, 07 Dec 2023 13:31:49 GMT
x-azure-ref: 20231207T133149Z-gnfmnyp3b17uh0gc9vhqn1hg0800000000w000000000rdfp
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 650
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H3 200 3182.2682440e2f81b332832a.js Show response
landing.add-now.org/js/ 533 B
885 B 26ms
26ms Script
application/javascript 2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.add-now.org/js/3182.2682440e2f81b332832a.js

Requested by

Host: landing.add-now.org
URL: https://landing.add-now.org/js/index.js?aae31b1596d7aec1f1223d6a959cded9

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dbe9763f8387408d28c5c72e02271ded7c9be04a7e58af0a96c55d2d44875d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
server: cloudflare
etag: W/"65703a60-215"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYI%2F1D2hbIgxEOmY8WAVP8Hzhd73ngW9yembI64zkSTnqEaGTaPVyd8q2l4w7izayakdpJYFYmGoZ77lQc99IzU%2Fj6eRWSTRseVyy0A8W29PkK2Dx5X%2FBXdXMUqIH%2FMWxVC2X23bge1orBjgziozlrIK"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 831d21923a1291f3-FRA

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 66ms
31ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://landing.add-now.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 16:05:47 GMT
x-content-type-options: nosniff
age: 249962
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Dec 2024 16:05:47 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 51ms
15ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://landing.add-now.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 23:12:30 GMT
x-content-type-options: nosniff
age: 224359
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Dec 2024 23:12:30 GMT

GET
H2 200 pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfUVwoNnq4CLz0_upHZPYsZ51Q42ptCprt1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 22 KB
22 KB 53ms
18ms Font
font/woff2 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfUVwoNnq4CLz0_upHZPYsZ51Q42ptCprt1R-s.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Nunito+Sans:opsz@6..12&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ff77c61bd9f925275715a3f2685f4a8b4335f887d7dd00bac1c44f5cd58bde45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://landing.add-now.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 07:10:12 GMT
x-content-type-options: nosniff
age: 282097
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22228
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 01:41:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 03 Dec 2024 07:10:12 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
248 B 49ms
19ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-WV373MWWXX&gtm=45je3bt0v9138627631&_p=1701955909470&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=2026208391.1701955910&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1701955909&sct=1&seg=0&dl=https%3A%2F%2Flanding.add-now.org%2Ft28a%3Fclk_domain%3Dad-blocking24.net%26flow%3Dbinom%26campaignId%3D20101%26cid%3Db07ecxsbzwfa26o322%26source%3DPropellerAds%26lpkey%3D171a01399521621309%26uclick%3Dxsbzwfa26o%26uclickhash%3Dxsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=587
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WV373MWWXX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 13:31:49 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://landing.add-now.org
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 chrome_store_icon.svg
landing.add-now.org/images/browser-icons/ 2 KB
1 KB 17ms
17ms Image
image/svg+xml 2606:4700:3037::6815:21d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.add-now.org/images/browser-icons/chrome_store_icon.svg

Requested by

Host: landing.add-now.org
URL: https://landing.add-now.org/styles/shared.css?aae31b1596d7aec1f1223d6a959cded9

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3037::6815:21d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f564c0872b20b68ed53a1dd9940756dc2d67f836c11d719af67b16a68142180

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/styles/shared.css?aae31b1596d7aec1f1223d6a959cded9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3935
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 06 Dec 2023 09:09:52 GMT
server: cloudflare
etag: W/"65703a60-853"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jqp5Tk2E3JaFUQXm1HGmXom6EqxPauNbWsW5oBeOx4YqUA03dm6pnksP1OkAaimK0tOIOAS1fCb%2B%2B7X1CZqy7FvEv82gyea%2Ba%2BCZephUkK3kRJ9EMbDSACnkonvxZxtr9JP0rHuZrkk6DSOzNkj%2BZLLc"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 831d21928a6691f3-FRA

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.20/ 60 KB
25 KB 29ms
29ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.20/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/jfl2pu6cif
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
content-encoding: br
last-modified: Mon, 04 Dec 2023 12:08:18 GMT
etag: W/"0x8DBF4C1B3818466"
vary: Accept-Encoding
x-azure-ref: 20231207T133149Z-gnfmnyp3b17uh0gc9vhqn1hg0800000000w000000000rdg6
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: a83e7593-d01e-0008-28ad-2634d4000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H2 200 cp4kl7k.php
ad-blocking24.net/ 0
286 B 35ms
34ms Image
text/html 2606:4700:3032::6815:7c7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-blocking24.net/cp4kl7k.php?add_event6=1&uclick=xsbzwfa26o
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::6815:7c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/t28a?clk_domain=ad-blocking24.net&flow=binom&campaignId=20101&cid=b07ecxsbzwfa26o322&source=PropellerAds&lpkey=171a01399521621309&uclick=xsbzwfa26o&uclickhash=xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 13:31:49 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xto0tNBQU4gWAQsqBAAQLgcqInha1lHR7g48TsrpItzUSL7kMdEfFFU3G8rAE3IeoKTU6zot2os3Fr0giWJc%2BUT1baVHCygIqvy0%2BtultGVZODnXpgFX5UjMNvFEGV0slqK6D7mtVlWZT2RNAkjMXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cf-ray: 831d21934ce2bb43-FRA
alt-svc: h3=":443"; ma=86400

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&RedC=c.clarity.ms&MXFR=21B44CDBC47467CB235B5F3BC0746997
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&MUID=0911DF7071B163EC19C2CC9070636268

42 B
466 B

30ms
30ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&MUID=0911DF7071B163EC19C2CC9070636268
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://landing.add-now.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 07 Dec 2023 13:31:49 GMT
last-modified: Wed, 30 Aug 2023 19:01:41 GMT
server: Microsoft-IIS/10.0
etag: "8d59566974dbd91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Thu, 07 Dec 2023 13:31:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 181DDC7D4067428F87ACAA4AE4173841 Ref B: FRAEDGE2011 Ref C: 2023-12-07T13:31:49Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=75E332F3138D4E08A536A671CD154FC7&MUID=0911DF7071B163EC19C2CC9070636268
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

POST
H/1.1 204
No Content collect Show response
i.clarity.ms/ 0
299 B 327ms
101ms XHR
text/plain 52.167.85.21
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.167.85.21 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://landing.add-now.org/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.62 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://landing.add-now.org
Date: Thu, 07 Dec 2023 13:31:50 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:593e4080-f032-4d00-a652-e17f01252a9d

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.livecinemaplay.com/	1970-01-21 02:21:55	Name: id Value: a3fWa
ak.roudoduor.com/	1970-01-21 01:31:31	Name: OAID Value: 45944cfe5b534b91b4c26fc83532bc70
ak.roudoduor.com/	1970-01-21 01:31:31	Name: oaidts Value: 1701955908
my.rtmark.net/	1970-01-21 01:31:31	Name: ID Value: 45944cfe5b534b91b4c26fc83532bc70
ak.roudoduor.com/	1970-01-20 16:56:00	Name: syncedCookie Value: true
ak.deephicy.net/	1970-01-21 01:31:31	Name: oaidts Value: 1701955908
ak.deephicy.net/	1970-01-21 01:31:31	Name: OAID Value: 45944cfe5b534b91b4c26fc83532bc70
ak.deephicy.net/	1970-01-20 16:56:00	Name: syncedCookie Value: true
ad-blocking24.net/	1970-01-20 16:47:22	Name: uclick Value: xsbzwfa26o
ad-blocking24.net/	1970-01-20 16:47:22	Name: uclickhash Value: xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
.add-now.org/	1970-01-21 02:21:55	Name: _ga Value: GA1.1.2026208391.1701955910
.add-now.org/	1970-01-21 02:21:55	Name: _ga_WV373MWWXX Value: GS1.1.1701955909.1.0.1701955909.0.0.0
.add-now.org/	1970-01-21 02:21:55	Name: clk_domain Value: ad-blocking24.net
.add-now.org/	1970-01-21 02:21:55	Name: flow Value: binom
.add-now.org/	1970-01-21 02:21:55	Name: campaignId Value: 20101
.add-now.org/	1970-01-21 02:21:55	Name: cid Value: b07ecxsbzwfa26o322
.add-now.org/	1970-01-21 02:21:55	Name: source Value: PropellerAds
.add-now.org/	1970-01-21 02:21:55	Name: lpkey Value: 171a01399521621309
.add-now.org/	1970-01-21 02:21:55	Name: uclick Value: xsbzwfa26o
.add-now.org/	1970-01-21 02:21:55	Name: uclickhash Value: xsbzwfa26o-xsbzwfa26o-x9bl-0-usdu-8pe2-8pb7-3de384
www.clarity.ms/	1970-01-21 01:31:31	Name: CLID Value: 2123e16edd9c40c9973159123a516b77.20231207.20241206
.add-now.org/	1970-01-21 01:31:31	Name: _clck Value: 1ee9sqg%7C2%7Cfhc%7C0%7C1436
.bing.com/	1970-01-21 02:07:31	Name: MUID Value: 0911DF7071B163EC19C2CC9070636268
.c.bing.com/	1970-01-20 16:56:00	Name: MR Value: 0
.c.bing.com/	1970-01-21 02:07:31	Name: SRM_B Value: 0911DF7071B163EC19C2CC9070636268
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 02:07:31	Name: MUID Value: 0911DF7071B163EC19C2CC9070636268
.c.clarity.ms/	1970-01-20 16:56:00	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 16:45:56	Name: ANONCHK Value: 0
.add-now.org/	1970-01-20 16:47:22	Name: _clsk Value: 1if2jfp%7C1701955910066%7C1%7C1%7Ci.clarity.ms%2Fcollect

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-blocking24.net
ak.deephicy.net
ak.roudoduor.com
c.bing.com
c.clarity.ms
datatechone.com
fonts.googleapis.com
fonts.gstatic.com
i.clarity.ms
landing.add-now.org
livecinemaplay.com
my.rtmark.net
region1.google-analytics.com
www.clarity.ms
www.googletagmanager.com
139.45.195.253
139.45.195.8
2.21.74.49
2.21.74.65
2001:4860:4802:34::36
2606:4700:3032::6815:7c7
2606:4700:3037::6815:21d9
2606:4700::6812:8c8
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:811::2008
2a00:1450:4001:812::2003
2a00:1450:4001:81c::200a
52.167.85.21
68.219.88.97
1301a3d95702de3b7b756e303f84ef56c085180dd27bf6a08627d0b5190393f9
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
658622c2af479f22ef4479693ad4135f419b34ff2655fe506d0b5d72c53dbba3
94bcb5e1df6f9dcb7c74fbf28ebcaf30a459012b539edd60342afa06f6d302e3
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9f564c0872b20b68ed53a1dd9940756dc2d67f836c11d719af67b16a68142180
a6b6a6b1a31bc200bf5df9e0f37473398e007bc238a5242932ad286d3d3ca240
ac2e083705b2e923fac5e3c3fed3ffacabde2994fffdc192385cb96ed10e7b75
ae3c75c1a70505b9b9ce8680ded2667f0ad5ab3dbe38b3a45c9a9d95547ac7e9
b0021af002bba23fe301aa696bfd9d7b92e36af96730496a669f1c8b9beecd9f
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
beeec7fbc2ad6fdec4ba693e6861c973f24315c87cd45fa456d346ea5e7232e3
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
d5e4168c549beeeb7946e688c11e8ebec9ae7d2d53fd20a1992660551b7b3668
dbe9763f8387408d28c5c72e02271ded7c9be04a7e58af0a96c55d2d44875d15
e10d9d1877c5479601865fb22bffe42fa86e03315b109253598c0c1552e32d79
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ff77c61bd9f925275715a3f2685f4a8b4335f887d7dd00bac1c44f5cd58bde45

landing.add-now.org Open in urlscan Pro 2606:4700:3037::6815:21d9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

96 %HTTPS

60 %IPv6

13 Domains

15 Subdomains

14 IPs

5 Countries

268 kBTransfer

643 kBSize

30 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

landing.add-now.org Open in urlscan Pro
2606:4700:3037::6815:21d9 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

60 %
IPv6

13
Domains

15
Subdomains

14
IPs

5
Countries

268 kB
Transfer

643 kB
Size

30
Cookies

27 HTTP transactions
0 data transactions