landing.download-adcleaner.xyz Open in urlscan Pro
2606:4700:3034::ac43:c8e5 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://pata.data-free.today/
Effective URL:
https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Pr...
Submission: On February 16 via api (February 16th 2024, 11:45:56 pm UTC) from US — Scanned from US

Summary HTTP 30 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 17 domains to perform 30 HTTP transactions. The main IP is 2606:4700:3034::ac43:c8e5, located in United States and belongs to CLOUDFLARENET, US. The main domain is landing.download-adcleaner.xyz.
TLS certificate: Issued by E1 on February 11th 2024. Valid for: 3 months.

This is the only time landing.download-adcleaner.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 3	147.135.91.251 147.135.91.251	16276 (OVH) (OVH)
1	2607:f8b0:400... 2607:f8b0:4004:c1d::84	15169 (GOOGLE) (GOOGLE)
1 1	2a01:4ff:f0:e... 2a01:4ff:f0:e4a5::1	213230 (HETZNER-C...) (HETZNER-CLOUD2-AS)
1	2607:f8b0:400... 2607:f8b0:4004:c09::84	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c17::84	15169 (GOOGLE) (GOOGLE)
1	139.45.197.242 139.45.197.242	9002 (RETN-AS) (RETN-AS)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 3	23.221.227.172 23.221.227.172	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	37.48.68.71 37.48.68.71	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1 1	35.204.193.90 35.204.193.90	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.58.28.63 52.58.28.63	16509 (AMAZON-02) (AMAZON-02)
10	2606:4700:303... 2606:4700:3034::ac43:c8e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2607:f8b0:400... 2607:f8b0:4004:c08::61	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1f::5f	15169 (GOOGLE) (GOOGLE)
1	2620:1ec:48:1... 2620:1ec:48:1::40	() ()
30	13

3 147.135.91.251 (United States) 1 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-147-135-91.us

pata.data-free.today	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1d::84 (Washington, United States)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4ff:f0:e4a5::1 (Ashburn, United States) 1 redirects

ASN213230 (HETZNER-CLOUD2-AS, DE)

sape.ngumaz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c09::84 (Washington, United States)

ASN15169 (GOOGLE, US)

beast-verification.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c17::84 (Washington, United States)

ASN15169 (GOOGLE, US)

blogger.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.242 (United Kingdom)

ASN9002 (RETN-AS, GB)

feetheho.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.221.227.172 (Ashburn, United States) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-221-227-172.deploy.static.akamaitechnologies.com

ak.ocoaksib.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.48.68.71 (Amsterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)

datatechone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.204.193.90 (Groningen, Netherlands) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 90.193.204.35.bc.googleusercontent.com

tracking.trackingshub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.28.63 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-28-63.eu-central-1.compute.amazonaws.com

datatechdrift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2606:4700:3034::ac43:c8e5 (United States)

ASN13335 (CLOUDFLARENET, US)

landing.download-adcleaner.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c08::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1f::5f (Washington, United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:48:1::40 (None, )

ASN- ()

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	download-adcleaner.xyz landing.download-adcleaner.xyz	56 KB
3	ocoaksib.com 1 redirects ak.ocoaksib.com — Cisco Umbrella Rank: 89440	15 KB
3	data-free.today 1 redirects pata.data-free.today	1 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 9876	994 B
2	blogspot.com 1.bp.blogspot.com — Cisco Umbrella Rank: 12515 beast-verification.blogspot.com	864 B
1	clarity.ms www.clarity.ms	1017 B
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 48	1 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 52	84 KB
1	datatechdrift.com 1 redirects datatechdrift.com — Cisco Umbrella Rank: 105121	413 B
1	trackingshub.com 1 redirects tracking.trackingshub.com — Cisco Umbrella Rank: 140449	338 B
1	datatechone.com datatechone.com — Cisco Umbrella Rank: 36259	468 B
1	feetheho.com feetheho.com	2 KB
1	googleusercontent.com blogger.googleusercontent.com — Cisco Umbrella Rank: 11252	23 KB
1	ngumaz.com 1 redirects sape.ngumaz.com	283 B
0	google-analytics.com Failed www.google-analytics.com Failed
0	gstatic.com Failed fonts.gstatic.com Failed
0	baidu.com Failed hm.baidu.com Failed
30	17

	Domain	Requested by
10	landing.download-adcleaner.xyz	landing.download-adcleaner.xyz
3	ak.ocoaksib.com	1 redirects feetheho.com ak.ocoaksib.com
3	pata.data-free.today	1 redirects pata.data-free.today
2	my.rtmark.net	feetheho.com ak.ocoaksib.com
1	www.clarity.ms	landing.download-adcleaner.xyz www.clarity.ms
1	fonts.googleapis.com	landing.download-adcleaner.xyz
1	www.googletagmanager.com	landing.download-adcleaner.xyz
1	datatechdrift.com	1 redirects
1	tracking.trackingshub.com	1 redirects
1	datatechone.com	ak.ocoaksib.com
1	feetheho.com	beast-verification.blogspot.com
1	blogger.googleusercontent.com	beast-verification.blogspot.com
1	beast-verification.blogspot.com	pata.data-free.today
1	sape.ngumaz.com	1 redirects
1	1.bp.blogspot.com	pata.data-free.today
0	www.google-analytics.com Failed	www.googletagmanager.com
0	fonts.gstatic.com Failed	fonts.googleapis.com
0	hm.baidu.com Failed	pata.data-free.today
30	18

This site contains links to these domains. Also see Links.

Domain
datatechdrift.com

Subject Issuer	Validity	Valid
pata.data-free.today R3	`2023-12-30` - `2024-03-29`	3 months	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
feetheho.com R3	`2023-12-07` - `2024-03-06`	3 months	crt.sh
rtmark.net R3	`2023-12-23` - `2024-03-22`	3 months	crt.sh
ak.hetaruwg.com R3	`2024-02-16` - `2024-05-16`	3 months	crt.sh
datatechone.com Sectigo RSA Domain Validation Secure Server CA	`2023-12-10` - `2024-12-23`	a year	crt.sh
download-adcleaner.xyz E1	`2024-02-11` - `2024-05-11`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-29` - `2024-04-22`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
Frame ID: 0C8BBD331E1DAA518A2A060A024C6885
Requests: 30 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

AdSweeper

Page URL History Show full URLs

http://pata.data-free.today/ HTTP 301
https://pata.data-free.today/ Page URL
https://pata.data-free.today/go.php Page URL
https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw= HTTP 302
https://beast-verification.blogspot.com/ Page URL
https://feetheho.com/4/5667752 Page URL
https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto= Page URL
https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://tracking.trackingshub.com/click?pid=3&offer_id=2435408&sub1=782504592243167616&sub2=6118780 HTTP 302
https://datatechdrift.com/click?key=7177821429ce99d7618c&externalid=65cff3b01de17000010b0fe1&source=3_... HTTP 307
https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r9... Page URL

Detected technologies

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

30
Requests

80 %
HTTPS

53 %
IPv6

17
Domains

18
Subdomains

13
IPs

4
Countries

184 kB
Transfer

548 kB
Size

22
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://datatechdrift.com/click?lp=1
Title: Step 1

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://pata.data-free.today/ HTTP 301
https://pata.data-free.today/ Page URL
https://pata.data-free.today/go.php Page URL
https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw= HTTP 302
https://beast-verification.blogspot.com/ Page URL
https://feetheho.com/4/5667752 Page URL
https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto= Page URL
https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false HTTP 302
https://tracking.trackingshub.com/click?pid=3&offer_id=2435408&sub1=782504592243167616&sub2=6118780 HTTP 302
https://datatechdrift.com/click?key=7177821429ce99d7618c&externalid=65cff3b01de17000010b0fe1&source=3_6118780 HTTP 307
https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://pata.data-free.today/ HTTP 301
https://pata.data-free.today/

Request Chain 4

https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw= HTTP 302
https://beast-verification.blogspot.com/

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
pata.data-free.today/
Redirect Chain

http://pata.data-free.today/
https://pata.data-free.today/

305 B
465 B

671ms
49ms

Document
text/html

147.135.91.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pata.data-free.today/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.91.251 , United States, ASN16276 (OVH, FR),
Reverse DNS: ip251.ip-147-135-91.us
Software: LiteSpeed /
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 212
content-type: text/html
date: Fri, 16 Feb 2024 23:45:47 GMT
last-modified: Sat, 30 Dec 2023 20:15:40 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 707
content-type: text/html
date: Fri, 16 Feb 2024 23:45:47 GMT
location: https://pata.data-free.today/
server: LiteSpeed

GET
H2 200 fsfss%2B%25281%2529.gif
1.bp.blogspot.com/-4MmEmATwoJU/YRCgO_yOnOI/AAAAAAAACQs/yRrK6HMrO9YkSfoL6od11hB592cFzCasgCPcBGAsYHg/w400-h134/ 31 KB
0 156ms
87ms Image
image/gif 2607:f8b0:4004:c1d::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-4MmEmATwoJU/YRCgO_yOnOI/AAAAAAAACQs/yRrK6HMrO9YkSfoL6od11hB592cFzCasgCPcBGAsYHg/w400-h134/fsfss%2B%25281%2529.gif

Requested by

Host: pata.data-free.today
URL: https://pata.data-free.today/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://pata.data-free.today/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:20:19 GMT
x-content-type-options: nosniff
age: 1529
cross-origin-resource-policy: cross-origin
content-disposition: inline;filename="fsfss (1).gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55745
x-xss-protection: 0
server: fife
etag: "v90b"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sat, 17 Feb 2024 23:20:19 GMT

GET
H2 200 go.php
pata.data-free.today/ 642 B
401 B 221ms
220ms Document
text/html 147.135.91.251
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://pata.data-free.today/go.php
Requested by: Host: pata.data-free.today
URL: https://pata.data-free.today/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 147.135.91.251 , United States, ASN16276 (OVH, FR),
Reverse DNS: ip251.ip-147-135-91.us
Software: LiteSpeed /
Resource Hash

Request headers

Referer: https://pata.data-free.today/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: br
content-length: 322
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 23:45:48 GMT
server: LiteSpeed
vary: Accept-Encoding

GET hm.js
hm.baidu.com/ 0
0

GET
H2

200

/
beast-verification.blogspot.com/
Redirect Chain

https://sape.ngumaz.com/api/direct/450299?s1=%subid1%&kw=
https://beast-verification.blogspot.com/

825 B
864 B

395ms
273ms

Document
text/html

2607:f8b0:4004:c09::84
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://beast-verification.blogspot.com/

Requested by

Host: pata.data-free.today
URL: https://pata.data-free.today/go.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: gzip
content-length: 566
content-type: text/html; charset=UTF-8
date: Fri, 16 Feb 2024 23:45:49 GMT
etag: W/"59b325077e48bff76023c8b2ec1c23988473330a8cc0c2a85127e6abe3897897"
expires: Fri, 16 Feb 2024 23:45:49 GMT
last-modified: Fri, 19 Jan 2024 01:26:13 GMT
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

Redirect headers

cache-control: private
content-length: 0
date: Fri, 16 Feb 2024 23:45:49 GMT
location: https://beast-verification.blogspot.com
server: nginx
x-robots-tag: noindex, nofollow

GET
H2 200 ccs.gif
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3TezIi6ZFFlp4Xrl5IX9jgM4zKfBX-jbzAJTSfFtetWJkKvYxN-nDX3pbFI3Jio1jtGD0lPQXn7cWbti4RgPJVUF_yA8eV8jmZrQAQdhfwB-53lubF5HbI9Ejyuj1y8oR8i-RuL9UnoX4I-s6... 23 KB
23 KB 532ms
376ms Image
image/gif 2607:f8b0:4004:c17::84
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj3TezIi6ZFFlp4Xrl5IX9jgM4zKfBX-jbzAJTSfFtetWJkKvYxN-nDX3pbFI3Jio1jtGD0lPQXn7cWbti4RgPJVUF_yA8eV8jmZrQAQdhfwB-53lubF5HbI9Ejyuj1y8oR8i-RuL9UnoX4I-s6Q07usP0Kw3sj1sH9mvR54I-V6j53jtRNkwGEk6s_lA/s16000/ccs.gif

Requested by

Host: beast-verification.blogspot.com
URL: https://beast-verification.blogspot.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c17::84 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://beast-verification.blogspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:50 GMT
x-content-type-options: nosniff
server: fife
etag: "v57a"
vary: Origin
content-type: image/gif
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="ccs.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23041
x-xss-protection: 0
expires: Sat, 17 Feb 2024 23:45:50 GMT

GET
H2 200 5667752
feetheho.com/4/ 1 KB
2 KB 1154ms
882ms Document
text/html 139.45.197.242
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://feetheho.com/4/5667752
Requested by: Host: beast-verification.blogspot.com
URL: https://beast-verification.blogspot.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.242 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Referer: https://beast-verification.blogspot.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
content-type: text/html; charset=utf8
date: Fri, 16 Feb 2024 23:45:50 GMT
expires: Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://ak.ocoaksib.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
pragma: no-cache no-cache
server: nginx
timing-allow-origin: *
x-trace-id: a5f5a29f4c9a84e86a4de6f77bbb8b97

POST
H2 200 img.gif
my.rtmark.net/ 43 B
504 B 411ms
100ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=00800479b9d145fae3a419fc6e8cdadc

Requested by

Host: feetheho.com
URL: https://feetheho.com/4/5667752

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:51 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://feetheho.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

GET
H2 200 / Show response
ak.ocoaksib.com/4/6118780/ 33 KB
14 KB 427ms
141ms Document
text/html 23.221.227.172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto=
Requested by: Host: feetheho.com
URL: https://feetheho.com/4/5667752
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.221.227.172 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-221-227-172.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 3e59dee800bc9a7d9d913ba2bbfbe25b1e51e6e4fdd65013831133ddab6bc7b0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods: GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: * *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 13322
content-type: text/html; charset=utf8
date: Fri, 16 Feb 2024 23:45:51 GMT
expires: Fri, 16 Feb 2024 23:45:51 GMT
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
timing-allow-origin: *
vary: Accept-Encoding
x-trace-id: 1b9f2307efddf37270d71bbbe8868b13

POST
H2 200 sftouch
ak.ocoaksib.com/ 2 B
539 B 155ms
155ms Ping
text/plain 23.221.227.172
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.ocoaksib.com/sftouch?userId=0080048e39ab43bce873bfd85fb5ec16&z=6118780&p_rid=2073697e-ae0b-42d9-a471-03dbb64b3f8c&p_src=sf&branchId=150041&rb=XebPcK4ykrCEbcxCesEXeP_Fm2NJMWBQtQd6oRo6N1-c9iGjmgBPb_xiNd0UGzgSh10B8FFp1SehGV6AT_2Y-2iE8N0zUQgoAEFb-4zbjMoVjXPDz3YbURBp6S2s8r7VnXcCh7q0wz5wbbIwFip0iT3mP5J_mZiVWWaRjVvP6T4lbTyQsz3reOVb4TefBhMe_Gr7tSuiP-fTDn7n_-5_I2LicKjDZQ1ABbQqcDYdcCdK34cFNo5X4pI_aj8Eyyt2b-UuHfOddvI3k2vgVovzwtm8wmn6ahpJu0bwjnnqk8ICxKTgDUMSEg==

Requested by

Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.221.227.172 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-221-227-172.deploy.static.akamaitechnologies.com

Software

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=1
date: Fri, 16 Feb 2024 23:45:51 GMT
x-content-type-options: nosniff
content-length: 2
x-trace-id: 9be7d5dd59a3845f96a1d8db826c2d20
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://ak.ocoaksib.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires: Fri, 16 Feb 2024 23:45:51 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
490 B 146ms
146ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=0080048e39ab43bce873bfd85fb5ec16&z=6118780&p_rid=2073697e-ae0b-42d9-a471-03dbb64b3f8c&p_src=sf

Requested by

Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ak.ocoaksib.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:51 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H/1.1 200
OK add
datatechone.com/log/ 2 B
468 B 1327ms
259ms XHR
text/plain 37.48.68.71
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=2073697e-ae0b-42d9-a471-03dbb64b3f8c
Requested by: Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software: nginx/1.19.10 /
Resource Hash

Request headers

Referer: https://ak.ocoaksib.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Fri, 16 Feb 2024 23:45:52 GMT
Server: nginx/1.19.10
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://ak.ocoaksib.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length: 2

GET
H2

200

Primary Request t14a Show response
landing.download-adcleaner.xyz/
Redirect Chain

https://ak.ocoaksib.com/?z=6118780&syncedCookie=true&rhd=false
https://tracking.trackingshub.com/click?pid=3&offer_id=2435408&sub1=782504592243167616&sub2=6118780
https://datatechdrift.com/click?key=7177821429ce99d7618c&externalid=65cff3b01de17000010b0fe1&source=3_6118780
https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=...

3 KB
1 KB

476ms
142ms

Document
text/html

2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5502b6e082aa8d9f9cf9f8c7602658a7222746628baa4f5e347474f3c6c0c09

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.ocoaksib.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8569aabc084a43ff-EWR
content-encoding: br
content-type: text/html
date: Fri, 16 Feb 2024 23:45:54 GMT
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n%2BMHZ3kU1hvy12AmPnxgw%2B4%2BRzld%2FEfRE8m6%2FIioLzZoTXmN97sblpY0pHPg2KZ1WQtj8me1Yo7FXQ9M5Mk2Tv5vfLYBrfmjLZ1D5KEa%2BHoSmf7qUn2pnCEE%2FTIRXlJtFW63Euwdj8mMp72sBjxPeTNECfQ0PvsrnN67Tss%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY

Redirect headers

content-length: 0
date: Fri, 16 Feb 2024 23:45:54 GMT
location: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
server: Caddy
x-request-id: d3de6582-b4e2-4ff6-b3d6-b00dba57302b

GET
H2 200 style.css
landing.download-adcleaner.xyz/t14a/ 4 KB
1 KB 48ms
40ms Stylesheet
text/css 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.download-adcleaner.xyz/t14a/style.css?fa117cb85ad39888f11a2d9f38958ad6

Requested by

Host: landing.download-adcleaner.xyz
URL: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71e8dfbb507c7a96d1a0cba8a1e84c052b703a741613fc7b5221a882b3d21e21

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 42564
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-ea9"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdHED6%2BvOQmay8oWAYZyvpulS8QwxcqvU6RdmrrqSsFqwcgSkMm1MXLHoq1YIzPYgyfu2l4KDzH1wl09EO6m%2FCYd2BCKTgSGyRMvqELiMkcL36rMNIhwqOC26jcsJ08HtvQ%2BXz2LtUMZk8hhE%2FUn%2FLEbmW2zTjZ4Vz5uYXU%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 8569aabd094443ff-EWR
expires: Sat, 15 Feb 2025 11:56:30 GMT

GET
H2 200 shared.css
landing.download-adcleaner.xyz/styles/ 24 KB
6 KB 50ms
43ms Stylesheet
text/css 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.download-adcleaner.xyz/styles/shared.css?fa117cb85ad39888f11a2d9f38958ad6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f6d325f88bd958a422137a658dc31ab40c83a324904041fbc966cceeeb586ae9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6162
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-61c5"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPfxAjpBgIec6fqsJntXD1LU2Pb8acDHircncobh2P58tFUNNMUBj%2FfEzrYpntXy9pb7a5sZ1BSbPD6dm9FeHvysWeaSYhq9ZZgzduIax1AtnyI6i4c11zAn7dv9YH10pGjHDSC%2FMjbA%2BXYAbTF18UssLHcqO6sKLSMlZjg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094643ff-EWR

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 240 KB
84 KB 155ms
62ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WV373MWWXX

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1de80ceb79c941e269a01a3476ee69237dbfda1b8c884f348aa18ab72ca9b141

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 85737
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 16 Feb 2024 23:45:54 GMT

GET
H2 200 step-active.svg
landing.download-adcleaner.xyz/images/promo-images/t14/ 2 KB
1 KB 49ms
42ms Image
image/svg+xml 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.download-adcleaner.xyz/images/promo-images/t14/step-active.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

838bcfa0ebd4da221a32f9be6280cd55acb6bfdccecc567032dbbaf94db056d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1233
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-696"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tT8V22lNo3OUJkZhAr1Ua3DMm9ta3qfO8t5Pjd%2Bm%2BdLUT2CUcDIuIDzoYllO9%2FLW%2BG3F6iNQODk0JO7PY92qSM2H%2FRMDz0d0S7mtwIZg6KCHsXIlCCD8VR53%2FCATsJffSCcCVAzS0A7ZHdCmnt7X1j7pXcaTW15FIklmd7M%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094743ff-EWR

GET
H2 200 step.svg
landing.download-adcleaner.xyz/images/promo-images/t14/ 1 KB
956 B 51ms
44ms Image
image/svg+xml 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.download-adcleaner.xyz/images/promo-images/t14/step.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f17876c92f5bc2de5b0a5a1dde2cc79d5ad2718d199fdd571b7f4bb4451a1a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4372
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-53c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lelJttMplCt5tXNPVzc0Mk6SJErDhT65j5XhPy4yxEnBhfppaZ%2FINmz%2Fbq%2BwFN0nvgjQQ3vgNlpXD7i1OfWpH5aWZxvm7sXN77KrmNPZoG0%2BaoFkJBgRQ358pPjRuY9UP7riG%2FekQH%2FnqQtX5UQZBRpro6xKPLBGxHjw80U%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094843ff-EWR

GET
H2 200 block-icon.svg
landing.download-adcleaner.xyz/images/promo-images/t14/ 3 KB
2 KB 46ms
43ms Image
image/svg+xml 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.download-adcleaner.xyz/images/promo-images/t14/block-icon.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

857a9783ae5f2411e1976e29a38261ca13b042d428e6e1d9a974fb45aa570a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1233
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-bf8"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8bAkedBNre7rk1ki9z3%2B%2BwR34jNmMSy%2FNsV2f0FiSK%2FDcaOlN9zap%2BAxjjIX7DdHDrZ5LBg%2FkekfuzxPFxwkbgrPolQiy0wRWmmkVFGxHF%2FhSPZHLq%2B4Pg0GB6S6S6YwzAgpb2y7S2Z6ASbUSznio3yUtCOWME%2BEM0DnPAg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094b43ff-EWR

GET
H2 200 mcfee-icon.svg
landing.download-adcleaner.xyz/images/promo-images/t14/ 574 B
684 B 43ms
41ms Image
image/svg+xml 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.download-adcleaner.xyz/images/promo-images/t14/mcfee-icon.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2ad6704acd84aebc6cc13ed063e879439f50d3b762dfb45574864e7a57d7a00

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2339
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-23e"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eOXUHeW1S%2FKW0X5AnI4F0EjQsl74lLYjloHNhX9p2NpyhykeafRKgpX5MVbCZxJRcsx0H9VaO6Ierxxl8tJpjUfJRIcXs%2FnyazNjea2NU%2FX688xkK%2FOvOipAiympcH1qMRvcMUeBoda%2B7Z%2BDQuChvNqLi%2BXbZ%2FkYPlyF%2FKc%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094c43ff-EWR

GET
H2 200 index.js Show response
landing.download-adcleaner.xyz/js/ 170 KB
40 KB 47ms
45ms Script
application/javascript 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.download-adcleaner.xyz/js/index.js?fa117cb85ad39888f11a2d9f38958ad6

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6586e955fd0b4298d3e3f7be3deb6627728198eee0404bf82c5929f0d339e179

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6162
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-2a9c0"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tXvHE0QkejR44%2FoyI%2Fsm2vORJUaxw%2Bd6cmXixnfGZ0bPrNt1ONcDKWQlFS1eG14zOYT2UfhKaveudgHGUCWNW%2FgpXD%2Bh0URFgZmUTjOMBoZNvt2hgcdtDqlQmW1fkegp9CdoRTTZBEbWyEjtYH5jtmtLir3KGJqC2LO8cjg%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabd094943ff-EWR

GET
H2 200 css2
fonts.googleapis.com/ 7 KB
1 KB 186ms
64ms Stylesheet
text/css 2607:f8b0:4004:c1f::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Requested by

Host: landing.download-adcleaner.xyz
URL: https://landing.download-adcleaner.xyz/styles/shared.css?fa117cb85ad39888f11a2d9f38958ad6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1f::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Feb 2024 23:45:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 16 Feb 2024 23:38:50 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Feb 2024 23:45:54 GMT

GET
H2 200 jfl2pu6cif Show response
www.clarity.ms/tag/ 650 B
1017 B 1079ms
833ms Script
application/x-javascript 2620:1ec:48:1::40

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/jfl2pu6cif
Requested by: Host: landing.download-adcleaner.xyz
URL: https://landing.download-adcleaner.xyz/js/index.js?fa117cb85ad39888f11a2d9f38958ad6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:48:1::40 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 582327186138c2f86b79d73a61e583344962591936f99d714c46001b34cf2086

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
date: Fri, 16 Feb 2024 23:45:54 GMT
x-azure-ref: 0s/PPZQAAAAArERuC3PlrQrULCupyOia4TU5aMjIxMDYwNjEyMDI1ADZjZmJlZWUwLTUwMjctNDg0Yi04OTY3LTRhMjlhZjc3ZjFlMQ==
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
content-length: 650
expires: -1

GET KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 0
0

GET KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 0
0

GET KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 0
0

GET
H3 200 8960.bf1a99d00c2fddb18d7f.js Show response
landing.download-adcleaner.xyz/js/ 819 B
1 KB 90ms
90ms Script
application/javascript 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://landing.download-adcleaner.xyz/js/8960.bf1a99d00c2fddb18d7f.js

Requested by

Host: landing.download-adcleaner.xyz
URL: https://landing.download-adcleaner.xyz/js/index.js?fa117cb85ad39888f11a2d9f38958ad6

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

67609637819f856101ce7f3d96e74d7ff849b462f6669f0cf9004829e0a444cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:54 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4516
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-333"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fm8aGfF7MPzRd%2FS5wlqy2kt0SnTSoyU0Zl9CssPdNdxwZvnEnBEGKq24GB1tdU1ebe7LdeMeEeLVq6T1tJjIEs3vRu8NeqJhosTzpEs647tB7J3PW7om%2FXl7Y63Vm2GjJixgkgBfEIUo4Yz2gdCQSexkre8Enam8FjLim5Y%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabeaccd1931-EWR

POST collect
www.google-analytics.com/g/ 0
0

GET
H3 200 chrome-icon.svg
landing.download-adcleaner.xyz/images/promo-images/t2a/ 1 KB
1 KB 195ms
195ms Image
image/svg+xml 2606:4700:3034::ac43:c8e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://landing.download-adcleaner.xyz/images/promo-images/t2a/chrome-icon.svg

Requested by

Host: landing.download-adcleaner.xyz
URL: https://landing.download-adcleaner.xyz/styles/shared.css?fa117cb85ad39888f11a2d9f38958ad6

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:c8e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1f8dde475dd304b26ab4f75ef94ff2ca64432059020f4614084e873f63ea393

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://landing.download-adcleaner.xyz/styles/shared.css?fa117cb85ad39888f11a2d9f38958ad6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date: Fri, 16 Feb 2024 23:45:55 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2631
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 16 Feb 2024 11:46:58 GMT
server: cloudflare
etag: W/"65cf4b32-5f0"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ilaD0mRibIWnpnXS51ZFJvTK0MWue9JYv%2BiqG8Aq3ZtBnL%2FSA%2BdvWRnf9a7nLcdg4Vbe%2BhNu%2FuXnijbWexO83B1YristnU5I67BxDqEoimKXeet9e3yqWP%2BpxGvZ4XkZNzF940Yu0VrKUn5eAqJ5IakqfS5%2Bhc3aZMFDN5o%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-ray: 8569aabf5d4c1931-EWR

GET clarity.js
www.clarity.ms/s/0.7.20/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: hm.baidu.com
URL: https://hm.baidu.com/hm.js?96203ca5188c89396572f4c329976446

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Domain: fonts.gstatic.com
URL: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Domain: www.google-analytics.com
URL: https://www.google-analytics.com/g/collect?v=2&tid=G-WV373MWWXX&gtm=45je42e0v9138627631za200&_p=1708127154974&gcd=13l3l3l3l1&npa=0&dma=0&cid=497222368.1708127155&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&sid=1708127155&sct=1&seg=0&dl=https%3A%2F%2Flanding.download-adcleaner.xyz%2Ft14a%3Fclk_domain%3Ddatatechdrift.com%26flow%3Dbinom%26campaignId%3D10722%26cid%3Dcn7v7cj2r96s7381sed0%26source%3DPrimeroll%26lpkey%3D17081b825342252a83e1af868a35067b24e9227454%26isV2%3Dtrue&dt=&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3418

Domain: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
sape.ngumaz.com/	1970-01-21 04:04:47	Name: nauid Value: dqoJJkxGnWfmtBYhs59P
sape.ngumaz.com/	1970-01-21 04:04:47	Name: asgle Value: 13814704716577534053
feetheho.com/	1970-01-21 03:14:23	Name: OAID Value: 00800479b9d145fae3a419fc6e8cdadc
feetheho.com/	1970-01-21 03:14:23	Name: oaidts Value: 1708127150
my.rtmark.net/	1970-01-21 03:14:23	Name: ID Value: 00800479b9d145fae3a419fc6e8cdadc
ak.ocoaksib.com/	1970-01-21 03:14:23	Name: oaidts Value: 1708127151
ak.ocoaksib.com/	1970-01-21 03:14:23	Name: OAID Value: 00800479b9d145fae3a419fc6e8cdadc
ak.ocoaksib.com/	1970-01-20 18:38:51	Name: syncedCookie Value: true
tracking.trackingshub.com/	1970-01-21 03:14:23	Name: afclick Value: 65cff3b01de17000010b0fe1
tracking.trackingshub.com/	1970-01-21 03:14:23	Name: afoffers Value: {"2435408":1708127152}
datatechdrift.com/	1970-01-21 03:14:23	Name: uclick Value: n7yMnFcKP4813+D9a2CYtmkn3nuh3j2ZI6AhNQ/umNJV7FI5TdSCJ/uHg6BvKPyAZ8/WLwY=
datatechdrift.com/	1970-01-21 03:14:23	Name: bcid Value: cn7v7cj2r96s7381sed0
datatechdrift.com/	1970-01-21 03:14:23	Name: cid Value: cn7v7cj2r96s7381sed0
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: _ga Value: GA1.1.497222368.1708127155
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: _ga_WV373MWWXX Value: GS1.1.1708127155.1.0.1708127155.0.0.0
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: clk_domain Value: datatechdrift.com
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: flow Value: binom
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: campaignId Value: 10722
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: cid Value: cn7v7cj2r96s7381sed0
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: source Value: Primeroll
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: lpkey Value: 17081b825342252a83e1af868a35067b24e9227454
.download-adcleaner.xyz/	1970-01-21 04:04:47	Name: isV2 Value: true

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://feetheho.com/partitial/5117856/?var=5667752&ab2r=0&prfrev=false&rhd=false&sf=1 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://ak.ocoaksib.com/4/6118780/?var=5667752&btz=&bto= Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://landing.download-adcleaner.xyz/t14a?clk_domain=datatechdrift.com&flow=binom&campaignId=10722&cid=cn7v7cj2r96s7381sed0&source=Primeroll&lpkey=17081b825342252a83e1af868a35067b24e9227454&isV2=true Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
ak.ocoaksib.com
beast-verification.blogspot.com
blogger.googleusercontent.com
datatechdrift.com
datatechone.com
feetheho.com
fonts.googleapis.com
fonts.gstatic.com
hm.baidu.com
landing.download-adcleaner.xyz
my.rtmark.net
pata.data-free.today
sape.ngumaz.com
tracking.trackingshub.com
www.clarity.ms
www.google-analytics.com
www.googletagmanager.com
fonts.gstatic.com
hm.baidu.com
www.clarity.ms
www.google-analytics.com
139.45.195.8
139.45.197.242
147.135.91.251
23.221.227.172
2606:4700:3034::ac43:c8e5
2607:f8b0:4004:c08::61
2607:f8b0:4004:c09::84
2607:f8b0:4004:c17::84
2607:f8b0:4004:c1d::84
2607:f8b0:4004:c1f::5f
2620:1ec:48:1::40
2a01:4ff:f0:e4a5::1
35.204.193.90
37.48.68.71
52.58.28.63
1de80ceb79c941e269a01a3476ee69237dbfda1b8c884f348aa18ab72ca9b141
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
31d196afc7bf97b61be0a9881f623b3b8a7b56d4b0c08c6b78c37ce92d7827b2
3e59dee800bc9a7d9d913ba2bbfbe25b1e51e6e4fdd65013831133ddab6bc7b0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
582327186138c2f86b79d73a61e583344962591936f99d714c46001b34cf2086
6586e955fd0b4298d3e3f7be3deb6627728198eee0404bf82c5929f0d339e179
67609637819f856101ce7f3d96e74d7ff849b462f6669f0cf9004829e0a444cf
71e8dfbb507c7a96d1a0cba8a1e84c052b703a741613fc7b5221a882b3d21e21
838bcfa0ebd4da221a32f9be6280cd55acb6bfdccecc567032dbbaf94db056d0
857a9783ae5f2411e1976e29a38261ca13b042d428e6e1d9a974fb45aa570a10
b2ad6704acd84aebc6cc13ed063e879439f50d3b762dfb45574864e7a57d7a00
c5502b6e082aa8d9f9cf9f8c7602658a7222746628baa4f5e347474f3c6c0c09
f17876c92f5bc2de5b0a5a1dde2cc79d5ad2718d199fdd571b7f4bb4451a1a4a
f1f8dde475dd304b26ab4f75ef94ff2ca64432059020f4614084e873f63ea393
f6d325f88bd958a422137a658dc31ab40c83a324904041fbc966cceeeb586ae9

landing.download-adcleaner.xyz Open in urlscan Pro 2606:4700:3034::ac43:c8e5 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

30 Requests

80 %HTTPS

53 %IPv6

17 Domains

18 Subdomains

13 IPs

4 Countries

184 kBTransfer

548 kBSize

22 Cookies

1 Outgoing links

Page URL History

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

22 Cookies

4 Console Messages

Indicators

landing.download-adcleaner.xyz Open in urlscan Pro
2606:4700:3034::ac43:c8e5 Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

80 %
HTTPS

53 %
IPv6

17
Domains

18
Subdomains

13
IPs

4
Countries

184 kB
Transfer

548 kB
Size

22
Cookies

30 HTTP transactions
0 data transactions