urlscan.io logo urlscan.io
SecurityTrails logo

kingadblocker.com Open in urlscan Pro
188.114.96.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://appusss.ghost.io/newss022
Effective URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Submission Tags: @phish_report
Submission: On April 27 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 4 countries across 10 domains to perform 23 HTTP transactions. The main IP is 188.114.96.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is kingadblocker.com.
TLS certificate: Issued by E1 on February 29th 2024. Valid for: 3 months.
This is the only time kingadblocker.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 2a04:4e42:600... 54113 (FASTLY)
2 104.16.87.20 13335 (CLOUDFLAR...)
1 91.148.141.242 203380 (DAINTERNA...)
1 1 64.227.23.114 14061 (DIGITALOC...)
2 3 172.67.164.155 13335 (CLOUDFLAR...)
1 1 34.90.81.51 396982 (GOOGLE-CL...)
1 188.114.96.3 13335 (CLOUDFLAR...)
1 104.16.89.20 13335 (CLOUDFLAR...)
3 188.114.97.3 13335 (CLOUDFLAR...)
1 172.67.175.161 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
23 10
12    2a04:4e42:600::775 (United States)

ASN54113 (FASTLY, US)
appusss.ghost.io
2    104.16.87.20 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    91.148.141.242 (Sofia, Bulgaria)

ASN203380 (DAINTERNATIONALGROUP, BG)
PTR: e-relab.mobi
2fu.us
1    64.227.23.114 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
cchcontent.com
3    172.67.164.155 (United States)

ASN13335 (CLOUDFLARENET, US)
buzzonclick.com
1    34.90.81.51 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 51.81.90.34.bc.googleusercontent.com
tracking.pretrackings.com
1    188.114.96.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
kingadblocker.com
1    104.16.89.20 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
3    188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)
kingadblock.com
1    172.67.175.161 (United States)

ASN13335 (CLOUDFLARENET, US)
tururu.info
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
kingadblock.com
Apex Domain
Subdomains		 Transfer
12 ghost.io
appusss.ghost.io
81 KB
4 kingadblock.com
kingadblock.com — Cisco Umbrella Rank: 479359
9 KB
3 buzzonclick.com
buzzonclick.com
5 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 320
358 KB
1 tururu.info
tururu.info — Cisco Umbrella Rank: 572270
1 kingadblocker.com
kingadblocker.com
3 KB
1 pretrackings.com
tracking.pretrackings.com — Cisco Umbrella Rank: 264669
254 B
1 cchcontent.com
cchcontent.com
288 B
1 2fu.us
2fu.us
314 B
0 Failed
function sub() { [native code] }. Failed
23 10
Domain Requested by
12 appusss.ghost.io 1 redirects appusss.ghost.io
cdn.jsdelivr.net
4 kingadblock.com kingadblocker.com
3 buzzonclick.com 2 redirects 2fu.us
3 cdn.jsdelivr.net appusss.ghost.io
kingadblocker.com
1 tururu.info kingadblocker.com
1 kingadblocker.com buzzonclick.com
1 tracking.pretrackings.com 1 redirects
1 cchcontent.com 1 redirects
1 2fu.us appusss.ghost.io
0 invalid Failed kingadblocker.com
23 10

This site contains links to these domains. Also see Links.

Domain
kingadblock.com
Subject Issuer Validity Valid
ghost.io
R3		 2024-04-18 -
2024-07-17		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.2fu.us
R3		 2024-03-01 -
2024-05-30		 3 months crt.sh
buzzonclick.com
GTS CA 1P5		 2024-04-17 -
2024-07-16		 3 months crt.sh
kingadblocker.com
E1		 2024-02-29 -
2024-05-29		 3 months crt.sh
kingadblock.com
GTS CA 1P5		 2024-04-10 -
2024-07-09		 3 months crt.sh
tururu.info
GTS CA 1P5		 2024-03-17 -
2024-06-15		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Frame ID: E25EE68E32080D896177C7AEE43AB9DB
Requests: 21 HTTP requests in this frame

Frame: https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjprZNLyLmo&r=pr&cid=662d2ea30e8b98000127e1c3&z=4_&v=12&dr=&inw=1600&inh=1200
Frame ID: 02D7D85340A4EA6C90A49571FD45B088
Requests: 1 HTTP requests in this frame

Frame: https://kingadblock.com/clear.php
Frame ID: E02BB07B7295B6A74073AD65782C86E2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ylös - Mainosten esto

Page URL History Show full URLs

  1. https://appusss.ghost.io/newss022 HTTP 301
    https://appusss.ghost.io/newss022/ Page URL
  2. https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc HTTP 302
    https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965 Page URL
  3. https://buzzonclick.com/jump/next.php?stamat=m%257CJmoiO-IhaQdHkAH0dEdHP3xP.dc4%252C7H0PozvLiGV-YkDx... HTTP 302
    https://buzzonclick.com/script/i.php?t=1&c=23791358&stamat=m%257C%252C%252CQiK-Y3d3tGU3Bf-GH0dEdHP3x... HTTP 302
    https://tracking.pretrackings.com/sl?id=65f3322f81c1e9a1bc0578a4&pid=4&sub1=171423709110000TFITV431171547434V5... HTTP 302
    https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

23
Requests

96 %
HTTPS

18 %
IPv6

10
Domains

10
Subdomains

10
IPs

4
Countries

454 kB
Transfer

1700 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://appusss.ghost.io/newss022 HTTP 301
    https://appusss.ghost.io/newss022/ Page URL
  2. https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc HTTP 302
    https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965 Page URL
  3. https://buzzonclick.com/jump/next.php?stamat=m%257CJmoiO-IhaQdHkAH0dEdHP3xP.dc4%252C7H0PozvLiGV-YkDx825CHvFqCTwtj69cLAMa6B_ixZluqnVADw_ZUGwm9V9TwiwtKdhP1P5ny7Kkthi1INPlhh-ZYIafmlGBCVxjhLPnIt9i_CADpUAIq-GSYSo2aqIwQuFn8ly81J-D1nQWPrpIFA%252C%252C&cbpage=https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965&cbur=0.9522730632798659&cbtitle=&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fappusss.ghost.io%2Fnewss022%2F&ufp=Win32%2FMozilla%2FNetscape%2Ftrue%2Ffalse1600x1200-180fi-FI81724%20bits HTTP 302
    https://buzzonclick.com/script/i.php?t=1&c=23791358&stamat=m%257C%252C%252CQiK-Y3d3tGU3Bf-GH0dEdHP3xP.188%252CSU0aC4BHqgMBp6SsgDzXB9byKfZlBIUw7Hh5HiVYE-YNCx9EeT6QM7ltsw578xfUIfPHuLyUNBS3kTBK1BlyNWS-9I-HouBz9dBOKalVArlPC5dOfFTkStqfJkfMVujJL5JnJ2RfjaPjzxIO9XrnkhiZ7dI1ozC1G8aP-Gr-eczO-ZO6zH13iL_32Oll9qL5Q4wjzP9Ar9gbvRZ_ItgU5MgO5fplAjWv1qDvCuG1IuKLvwldQgUxbdr2NvFDjT8TK76ix2LDITIrwFUTZ30KPyohqoD_17NWMA8jfQA2aMcJjOjfxNciXYL66JmAo3StarEEE1UEFbP7MIlPaHYLVcK1Rz1wLx8FyAIOyM7VlhAbYNh96AsjfHqMAkHNxx4k1GMELEX2b365Lo34tKmFISKCwAvFYMmi-PhogKqoqwRYCGIod9gnFK3QJ_w7oYcipadSYLp3WdCfUSZgKXyLaO7bfe1kB24rNF_VMvtkZxovUFqE3tWpLHQQJlFbzGcvr3Qvid1kDX0niMNyrOqebjE8fHzo8pGY6jgN95M9MfJ6nsCr3K1j1tq49G_w0_igcM4rqntSnw58auHIx7SKRe4qDpRFO2hnKei_-FrFTZQWZCkuj_2EpLhyZC8Dm-BKu0w1gZZgoJ2hMOLgaif-YEzDkW58MZTrtG2dzvl-bW7OlFxEkvc4gbMubvmbgC77 HTTP 302
    https://tracking.pretrackings.com/sl?id=65f3322f81c1e9a1bc0578a4&pid=4&sub1=171423709110000TFITV431171547434V51&SUB2=5660982-1770251761-0 HTTP 302
    https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://appusss.ghost.io/newss022 HTTP 301
  • https://appusss.ghost.io/newss022/
Request Chain 11
  • https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc HTTP 302
  • https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
appusss.ghost.io/newss022/
Redirect Chain
  • https://appusss.ghost.io/newss022
  • https://appusss.ghost.io/newss022/
14 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
a1754595c9d1da09df663619d80e32ce13a55b3709b85752662c0bb08ee43d92

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
age
42254
alt-svc
clear
cache-control
public, max-age=0
content-encoding
gzip
content-length
4236
content-type
text/html; charset=utf-8
date
Sat, 27 Apr 2024 16:58:09 GMT
etag
W/"39ef-k6+gyDdBuV0auM/6yDLvfANUFcs"
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
server
openresty
status
200 OK
vary
Cookie, Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
HIT, HIT
x-cache-hits
67, 1
x-request-id
525c26cc-d339-44d8-babd-99293822b135
x-served-by
cache-ams12739-AMS, cache-hel1410033-HEL
x-timer
S1714237090.826611,VS0,VE1

Redirect headers

accept-ranges
bytes
age
40971
alt-svc
clear
cache-control
public, max-age=31536000
content-length
0
date
Sat, 27 Apr 2024 16:58:09 GMT
ghost-age
0
ghost-cache
MISS
ghost-fastly
true
location
/newss022/
server
openresty
status
301 Moved Permanently
vary
Cookie
via
1.1 varnish, 1.1 varnish
x-cache
HIT, MISS
x-cache-hits
5, 0
x-request-id
1dd205f8-860f-493d-965b-2fddcf209f5a
x-served-by
cache-ams21020-AMS, cache-hel1410033-HEL
x-timer
S1714237090.768547,VS0,VE27
screen.css
appusss.ghost.io/assets/built/ 		50 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/assets/built/screen.css?v=8aa00c8890
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
22a8aef44eb15fd81ffdf9f13231012adab3fe65bc268746cf56601005c58f26

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
83882
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
9643
ghost-fastly
true
x-request-id
f6d688e8-127f-4975-bbb1-edbf6864cc75
x-served-by
cache-ams21066-AMS, cache-hel1410033-HEL
last-modified
Tue, 23 Apr 2024 07:00:24 GMT
server
openresty
x-timer
S1714237090.862493,VS0,VE2
etag
W/"c621-18f09c17340"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
56, 1
source.js
appusss.ghost.io/assets/built/ 		51 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/assets/built/source.js?v=8aa00c8890
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
24535c67dbe1b65bde77fc3ea0a6ff4f3c3342c93296b692c4b72ca9cb6739df

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
83881
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
18487
ghost-fastly
true
x-request-id
75cbd448-1cfb-4b77-a611-d83ea101eea1
x-served-by
cache-ams12758-AMS, cache-hel1410033-HEL
last-modified
Tue, 23 Apr 2024 07:00:24 GMT
server
openresty
x-timer
S1714237090.862487,VS0,VE2
etag
W/"cdf7-18f09c17340"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
56, 1
portal.min.js
cdn.jsdelivr.net/ghost/portal@~2.37/umd/ 		1 MB
263 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18cb2b4dccdc4fc8f6bb8f4f7fcd3899043234a4c946e620efa7effd7310388b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Origin
https://appusss.ghost.io
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
22026
x-jsd-version
2.37.6
content-encoding
br
x-cache
MISS, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
fastly-restarts
1
x-served-by
cache-fra-etou8220116-FRA, cache-lga21964-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"10e8ce-wXRZUnbTPKbup6D25izekxZ83b0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKwr747vuGB5nATwElWWD0M4LK%2FL15UZPAhJ5qFZfMVJBcyD%2Bk5WM6z5GzWEgwfrru2epKWALQhIFtM5Jf%2Bt3%2BXLMMEyp%2FP7rjQnSn1g2cKdU1QFGfFTXRXj3RL0s2a3%2F0c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin
*
cf-ray
87b05b14490695ee-ARN
sodo-search.min.js
cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/ 		197 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/ghost/sodo-search@~1.1/umd/sodo-search.min.js
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Origin
https://appusss.ghost.io
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
40704
x-jsd-version
1.1.1
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220075-FRA, cache-bma1641-BMA
x-jsd-version-type
version
server
cloudflare
etag
W/"313b2-PGFkfSo33Bwphw9PaHfsB1kMn/Y"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcfnRlv5MmYUQ8Afen8MRmfoEfzE5BGWlm5WpdMLUn0VJtf8J89wPodAci5yw5oPodgonKgvl2uspCvpHCrEFvEIe4slqALQa%2Fv6OnWxOfQAb7gzqmvzGsa1atULdQSKH48%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=600, s-maxage=43200, stale-while-revalidate=600, stale-if-error=86400
timing-allow-origin
*
cf-ray
87b05b14490b95ee-ARN
cards.min.js
appusss.ghost.io/public/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/public/cards.min.js?v=8aa00c8890
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
7b9c762be52fed9737a319df953c29ad448a7713a31a4ba0f76ab15013512ee6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
83882
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
1557
ghost-fastly
true
x-request-id
4a3ad15e-dd80-4afe-bb8c-b8e5f029defa
x-served-by
cache-ams12744-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.914611,VS0,VE2
etag
W/"431228c753b74a6958600d170f921e6d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
56, 1
cards.min.css
appusss.ghost.io/public/ 		39 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/public/cards.min.css?v=8aa00c8890
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
bbb5fad81eb93d4f4c9acd239d60092e2ddb1016346f683850ef982bd564ed2c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
83882
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
6799
ghost-fastly
true
x-request-id
16cf87c3-f0b4-4cc6-98c1-7fca26144a15
x-served-by
cache-ams12729-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.862497,VS0,VE2
etag
W/"319cd350df7c9bc419a2a235b70ccc0d"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
56, 1
member-attribution.min.js
appusss.ghost.io/public/ 		2 KB
904 B 		Script
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/public/member-attribution.min.js?v=8aa00c8890
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
0b144beb896e0d7612e0eeab489e4e682adac07cbc139924ce892bde3ccd3605

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
83882
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
727
ghost-fastly
true
x-request-id
1784ca68-5b63-48b9-909e-502aa042d5b2
x-served-by
cache-ams21079-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.914611,VS0,VE2
etag
W/"909b42c515ee6c2aece5a3f270049f98"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
57, 1
index.php
2fu.us/ 		119 B
314 B 		Script
General
Check archive.org
Download Go to
Full URL
https://2fu.us/index.php?username=eldemo2&counter=lapaja2025
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/newss022/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
91.148.141.242 Sofia, Bulgaria, ASN203380 (DAINTERNATIONALGROUP, BG),
Reverse DNS
e-relab.mobi
Software
nginx/1.20.1 / PHP/8.0.30
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Sat, 27 Apr 2024 16:58:10 GMT
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
server
nginx/1.20.1
x-powered-by
PHP/8.0.30
content-type
application/javascript
inter-roman.woff2
appusss.ghost.io/assets/fonts/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/assets/fonts/inter-roman.woff2
Requested by
Host: appusss.ghost.io
URL: https://appusss.ghost.io/assets/built/screen.css?v=8aa00c8890
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash
39e72c0794c12f2dbb14a0f61ca946b535f795b1478fcf795bd26e5cb52ded34

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/assets/built/screen.css?v=8aa00c8890
Origin
https://appusss.ghost.io
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:09 GMT
via
1.1 varnish, 1.1 varnish
age
83634
x-cache
HIT, HIT
status
200 OK
alt-svc
clear
content-length
37780
ghost-fastly
true
x-request-id
a794e44d-1349-4b10-93a2-244295fcff3e
x-served-by
cache-ams21030-AMS, cache-hel1410033-HEL
last-modified
Tue, 23 Apr 2024 07:00:24 GMT
server
openresty
x-timer
S1714237090.930546,VS0,VE1
etag
W/"9394-18f09c17340"
content-type
font/woff2
cache-control
public, max-age=31536000
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
56, 11
/
appusss.ghost.io/members/api/member/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/members/api/member/
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:10 GMT
via
1.1 varnish, 1.1 varnish
age
42255
x-cache
HIT, HIT
status
204 No Content
alt-svc
clear
ghost-fastly
true
x-request-id
9921f03c-e636-4637-bcbd-a5c3b5a56843
x-served-by
cache-ams12741-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.200678,VS0,VE2
vary
Cookie
access-control-allow-origin
*
cache-control
no-cache, private, no-store, must-revalidate, max-stale=0, post-check=0, pre-check=0
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
69, 1
next.php
buzzonclick.com/jump/
Redirect Chain
  • https://cchcontent.com/?k=d779c440edb57bd974c500d65f843657&type=mainstream&subtype=global&data1=pc
  • https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965
Requested by
Host: 2fu.us
URL: https://2fu.us/index.php?username=eldemo2&counter=lapaja2025
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.164.155 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://appusss.ghost.io/newss022/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-headers
Content-Type
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87b05b19df2439be-FRA
content-encoding
br
content-type
text/html; charset=utf-8
date
Sat, 27 Apr 2024 16:58:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FVuU8Xjso6bAroPphYH8hzWE%2FBiswjBP3DUlq3UtuJethdPCuGPAzSbxbg2RJCdDRvp3HfAJa5rTTem2Z1fnZgQ1NzZ3nDlqloaslwKZss0D0N45i%2Fgi36Ftaw7ybChREtA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
via
1.1 google

Redirect headers

Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 27 Apr 2024 16:58:10 GMT
Location
https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965
Server
nginx/1.16.1 (Ubuntu)
/
appusss.ghost.io/ghost/api/content/settings/ 		1 KB
871 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/ghost/api/content/settings/?key=49a1ecab6cc497d9333f12e985&limit=all
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:10 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
42255
x-cache
HIT, HIT
status
200 OK
content-version
v5.82
alt-svc
clear
content-length
625
ghost-fastly
true
x-request-id
37043518-2e44-4aed-b6e8-ed713d38be5e
x-served-by
cache-ams21041-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.233158,VS0,VE2
etag
W/"52e-SD70NKgkgD1m48+RsU5RVwElXMo"
vary
Accept-Version, Cookie, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
70, 1
/
appusss.ghost.io/ghost/api/content/tiers/ 		697 B
521 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/ghost/api/content/tiers/?key=49a1ecab6cc497d9333f12e985&limit=all&include=monthly_price,yearly_price,benefits
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:10 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
42255
x-cache
HIT, HIT
status
200 OK
content-version
v5.82
alt-svc
clear
content-length
319
ghost-fastly
true
x-request-id
59f024ed-172d-443e-930a-00e7c5e8035b
x-served-by
cache-ams21051-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.233350,VS0,VE2
etag
W/"2b9-Ap09U2zCAgx/lB5Jd9PYGOB1LjU"
vary
Accept-Version, Cookie, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
70, 1
/
appusss.ghost.io/ghost/api/content/newsletters/ 		417 B
551 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://appusss.ghost.io/ghost/api/content/newsletters/?key=49a1ecab6cc497d9333f12e985&limit=all
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/ghost/portal@~2.37/umd/portal.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::775 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://appusss.ghost.io/newss022/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

ghost-age
0
date
Sat, 27 Apr 2024 16:58:10 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
42255
x-cache
HIT, HIT
status
200 OK
content-version
v5.82
alt-svc
clear
content-length
293
ghost-fastly
true
x-request-id
b1248a19-4716-4722-a2a5-21478938e527
x-served-by
cache-ams21075-AMS, cache-hel1410033-HEL
server
openresty
x-timer
S1714237090.233332,VS0,VE2
etag
W/"1a1-HJnkwOzOVH8ubBMr4pQOoU5pgW0"
vary
Accept-Version, Cookie, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=0
ghost-cache
MISS
accept-ranges
bytes
x-cache-hits
68, 1
Primary Request extension.php
kingadblocker.com/
Redirect Chain
  • https://buzzonclick.com/jump/next.php?stamat=m%257CJmoiO-IhaQdHkAH0dEdHP3xP.dc4%252C7H0PozvLiGV-YkDx825CHvFqCTwtj69cLAMa6B_ixZluqnVADw_ZUGwm9V9TwiwtKdhP1P5ny7Kkthi1INPlhh-ZYIafmlGBCVxjhLPnIt9i_CADp...
  • https://buzzonclick.com/script/i.php?t=1&c=23791358&stamat=m%257C%252C%252CQiK-Y3d3tGU3Bf-GH0dEdHP3xP.188%252CSU0aC4BHqgMBp6SsgDzXB9byKfZlBIUw7Hh5HiVYE-YNCx9EeT6QM7ltsw578xfUIfPHuLyUNBS3kTBK1BlyNWS...
  • https://tracking.pretrackings.com/sl?id=65f3322f81c1e9a1bc0578a4&pid=4&sub1=171423709110000TFITV431171547434V51&SUB2=5660982-1770251761-0
  • https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Requested by
Host: buzzonclick.com
URL: https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.96.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43dfb9fcb22a8926b7bc7ff7bf5f702e7480a332d46c61c7d103eea0cafd80a3

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://buzzonclick.com/jump/next.php?r=5660982&pub_clickid=e12e00fd80e0e87a7ecddd1c9381e207&sub1=15965
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87b05b256c2a1d88-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 27 Apr 2024 16:58:12 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SUuTHj3Neb%2F9RbHTuFzvsSNADNRzgWPFZ6iDHMwQ7HjN8T8T9zfaeoh%2BYMobhTykbXu2sVWdg19O%2FvnIGqSedCsQLnLyvWKz9Q6NK%2BvUkMS7KuCaBvhrD49Ox1K84b9xApuwdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Redirect headers

access-control-allow-origin
*
content-length
0
date
Sat, 27 Apr 2024 16:58:11 GMT
location
https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
server
nginx
x-adjust-use-original-forwarded-for
1
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/ 		190 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.16.89.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://kingadblocker.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
14744987
x-jsd-version
5.2.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230122-FRA, cache-bma1621-BMA
x-jsd-version-type
version
server
cloudflare
etag
W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AN%2FWmuxOWplArHtM8Njt3z9mcBkMFlsKycCZcdoffmuV%2FXf70%2FE%2BVo0eegLYYKJplQ42CXjHusQGc1s%2FTaOwcEZfEb%2B%2BW8%2F3ZKoAHBrxPt7L1kZYtV5vfH0n38Ts5paTSgY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
87b05b26a8bf98f7-ARN
icon.png
kingadblock.com/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kingadblock.com/images/icon.png
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091483d5419eb9e98f0edd49563409fad2eb24f1d10bc161b9716e0f0ee86b35

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://kingadblocker.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:13 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 16 Aug 2023 09:41:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64dc99b2-1121"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yE9dsorYz%2BgvaRMG7pqMPN6ar6TP%2FjjB%2BRC6gFN55gn8y0FGNiAm%2FosNq5hmNnDqOqC4J6aCDMRhQnRQFgNBweCnGQGHvgrnRj96mO80H%2FCoCTh8loGECvgX%2BRbXLGeiZQU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
87b05b27eb62bb86-FRA
alt-svc
h3=":443"; ma=86400
content-length
4385
cws.png
kingadblock.com/images/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kingadblock.com/images/cws.png
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b74fcd6c38eb603d9c86cd1c8cb97ba423d200d7e3e555cbc5a704ac456e00f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://kingadblocker.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:13 GMT
cf-cache-status
DYNAMIC
last-modified
Mon, 04 Sep 2023 08:56:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64f59bc4-d6b"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UCjqLHNCzHdb1GrxgVdg5Iw1HlEV2b7otzcbVuhw3oMKoe3y2KNcfrd5OVGGxkuszFsmbRjYJb%2BIL%2FXORruOomVuXkIILOIrdlkQ5OJEBoTGpO5HiQknXy%2BgF1nvmzy7opg%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
87b05b27eb6abb86-FRA
alt-svc
h3=":443"; ma=86400
content-length
3435
/
invalid/ 		0
0
a.php
tururu.info/ Frame 02D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjprZNLyLmo&r=pr&cid=662d2ea30e8b98000127e1c3&z=4_&v=12&dr=&inw=1600&inh=1200
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.175.161 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87b05b27cde0922c-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 27 Apr 2024 16:58:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=58kXwfX0gfKUTJn4XjOgWTPajxD%2B4cvw5KaMtKiTRCIsS3n604o%2B0YcB9lo7YLHaw9prxAAmmNDIC%2FbKbZiSY8ZPXxGm7ErvknVTIFsZ0RhOQ7%2FOl4GOXn2d55LK0A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
clear.php
kingadblock.com/ Frame E02B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://kingadblock.com/clear.php
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
fi-FI,fi;q=0.9;q=0.9
Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
87b05b29ea88886f-WAW
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 27 Apr 2024 16:58:13 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JEXCeVFifHpr7OZ7wdpAQiuIH6Tq3NXDrz87sQKUfC3z1KI4oe3YaU4DIadtS6XXUN5GmyyLloeDGFMqjcTwT6vTzV073HqF0rZFoKBVXElVlDZQAiVSofIYar1B9HRG3N9wLvtYlssUkuM752I%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
icon.png
kingadblock.com/images/ 		4 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://kingadblock.com/images/icon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091483d5419eb9e98f0edd49563409fad2eb24f1d10bc161b9716e0f0ee86b35

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://kingadblocker.com/
Accept-Language
fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 27 Apr 2024 16:58:13 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 16 Aug 2023 09:41:06 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64dc99b2-1121"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yE9dsorYz%2BgvaRMG7pqMPN6ar6TP%2FjjB%2BRC6gFN55gn8y0FGNiAm%2FosNq5hmNnDqOqC4J6aCDMRhQnRQFgNBweCnGQGHvgrnRj96mO80H%2FCoCTh8loGECvgX%2BRbXLGeiZQU%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
87b05b27eb62bb86-FRA
alt-svc
h3=":443"; ma=86400
content-length
4385

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
invalid
URL
chrome-extension://invalid/

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| req_existing_user object| landing_iframe function| openNewWindow function| openNewTab function| openSameTab function| listenInstallCompleted function| openInstructions object| windowObjectReference

7 Cookies

Domain/Path Name / Value
tracking.pretrackings.com/ Name: afclick
Value: 662d2ea30e8b98000127e1c3
.tururu.info/ Name: c0083
Value: cjprZNLyLmo
.tururu.info/ Name: r0083
Value: pr
.tururu.info/ Name: cid0083
Value: 662d2ea30e8b98000127e1c3
.tururu.info/ Name: z0083
Value: 4_
.tururu.info/ Name: e0083
Value: VPGCNBK0FG
.tururu.info/ Name: _asd
Value: 17142370937464650

8 Console Messages

Source Level URL
Text
network error URL: chrome-extension://invalid/
Message:
Failed to load resource: net::ERR_BLOCKED_BY_CLIENT
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjprZNLyLmo&_d=3&ju=4_&jq=662d2ea30e8b98000127e1c3&jp=pr
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.