urlscan.io logo urlscan.io
SecurityTrails logo

landing.november-sin.com Open in urlscan Pro
188.114.96.3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Ch...
Effective URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=...
Submission: On September 24 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 10 IPs in 3 countries across 11 domains to perform 24 HTTP transactions. The main IP is 188.114.96.3, located in Italy and belongs to CLOUDFLARENET, US. The main domain is landing.november-sin.com.
TLS certificate: Issued by E1 on August 19th 2023. Valid for: 3 months.
This is the only time landing.november-sin.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 104.21.76.107 13335 (CLOUDFLAR...)
1 2.16.202.97 20940 (AKAMAI-ASN1)
1 2.23.196.132 16625 (AKAMAI-AS)
1 139.45.195.8 9002 (RETN-AS)
1 1 104.21.7.199 13335 (CLOUDFLAR...)
7 188.114.96.3 13335 (CLOUDFLAR...)
1 142.250.185.136 15169 (GOOGLE)
3 142.250.185.106 15169 (GOOGLE)
5 142.250.181.227 15169 (GOOGLE)
1 142.250.184.206 15169 (GOOGLE)
24 10
2    104.21.76.107 (United States)

ASN13335 (CLOUDFLARENET, US)
askalons.com
1    2.16.202.97 (Ascension Island)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-202-97.deploy.static.akamaitechnologies.com
ak.onpluslean.com
1    2.23.196.132 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-23-196-132.deploy.static.akamaitechnologies.com
s.go-mpulse.net
1    139.45.195.8 (Ascension Island)

ASN9002 (RETN-AS, GB)
my.rtmark.net
1    104.21.7.199 (United States)

ASN13335 (CLOUDFLARENET, US)
ad-blocking24.net
7    188.114.96.3 (Italy)

ASN13335 (CLOUDFLARENET, US)
landing.november-sin.com
1    142.250.185.136 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f8.1e100.net
www.googletagmanager.com
3    142.250.185.106 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f10.1e100.net
fonts.googleapis.com
5    142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net
fonts.gstatic.com
1    142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
7 november-sin.com
landing.november-sin.com
110 KB
5 gstatic.com
fonts.gstatic.com
84 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 113
3 KB
2 askalons.com
askalons.com — Cisco Umbrella Rank: 486807
140 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 96
260 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 111
82 KB
1 ad-blocking24.net
ad-blocking24.net
786 B
1 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 6646
508 B
1 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1904
c.go-mpulse.net Failed
49 KB
1 onpluslean.com
ak.onpluslean.com — Cisco Umbrella Rank: 76810
4 KB
0 at-systems.biz Failed
hub.at-systems.biz Failed
24 11
Domain Requested by
7 landing.november-sin.com ak.onpluslean.com
landing.november-sin.com
5 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com landing.november-sin.com
2 askalons.com askalons.com
1 www.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com landing.november-sin.com
1 ad-blocking24.net 1 redirects
1 my.rtmark.net ak.onpluslean.com
1 s.go-mpulse.net ak.onpluslean.com
1 ak.onpluslean.com askalons.com
0 c.go-mpulse.net Failed s.go-mpulse.net
0 hub.at-systems.biz Failed
24 12

This site contains links to these domains. Also see Links.

Domain
ad-blocking24.net
Subject Issuer Validity Valid
askalons.com
GTS CA 1P5		 2023-08-26 -
2023-11-24		 3 months crt.sh
ak.hetaruwg.com
R3		 2023-09-08 -
2023-12-07		 3 months crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh
rtmark.net
R3		 2023-07-25 -
2023-10-23		 3 months crt.sh
november-sin.com
E1		 2023-08-19 -
2023-11-17		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Frame ID: 08D45DDF3392D0B30365D3B2B554AEEA
Requests: 22 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/2HNJE-JMUDN-FRHAR-H9AHD-8XUM9
Frame ID: E96D27A68415718CE341BD0694ED38CC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AdSweeper

Page URL History Show full URLs

  1. https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_us... Page URL
  2. https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41 Page URL
  3. https://ad-blocking24.net/cp4kl7k.php?key=fickwiw7fy7yshltu1k2&visitor_id=729754518723764615&cost=0.00... HTTP 302
    https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58e... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

24
Requests

92 %
HTTPS

0 %
IPv6

11
Domains

12
Subdomains

10
IPs

3
Countries

473 kB
Transfer

880 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}} Page URL
  2. https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41 Page URL
  3. https://ad-blocking24.net/cp4kl7k.php?key=fickwiw7fy7yshltu1k2&visitor_id=729754518723764615&cost=0.000964&zoneid=5178792&campaignid=7439474&device=desktop&browser=chrome&os=windows&osversion=win10&country=IT&language=it&payout={payout}&user_activity=high HTTP 302
    https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

24 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
askalons.com/l/PA/20/ 		23 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.76.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27c4a98628687e750611e0a243a583f84504935227326f871682304724728e2f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
80ba44d5cff70d65-MXP
content-encoding
br
content-type
text/html; charset=utf-8
date
Sun, 24 Sep 2023 10:15:54 GMT
etag
W/"l/PA/20/index.f7add90982.html"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n8i1gzes5UOFlO%2FZ0leDaAqgt34X%2FLyqvVj%2FWrYbMW%2B59BP7qBT3dJ3zSkFH4qOcjUbe0IR1oAK0hFmrbKUhuIAg%2BqeUDZu5%2FOa2bVTFgfvCgeQfpzIT%2BJxQYCk7hLg%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
cbimage.gif
askalons.com/l/PA/20/ 		132 KB
133 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://askalons.com/l/PA/20/cbimage.gif
Requested by
Host: askalons.com
URL: https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.76.107 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:54 GMT
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"l/PA/20/cbimage.b1b57352c1.gif"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZg8EbuSwtC7qsqwcGQ08l9Ebxs0VI2YzMXilv2ziQHozz7h5lACwDJMgz%2BwdPxv690%2FNYDebA4pYZnnx3VlLqNJ0A76KBl5DvnADWIbgPg3yKf9i6ByagdoumPkh9Y%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
accept-ranges
bytes
cf-ray
80ba44d6d91f0d65-MXP
alt-svc
h3=":443"; ma=86400
content-length
135494
afu.php
ak.onpluslean.com/ 		5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41
Requested by
Host: askalons.com
URL: https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.202.97 , Ascension Island, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-202-97.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

Referer
https://askalons.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
2461
content-type
text/html; charset=utf8
date
Sun, 24 Sep 2023 10:15:55 GMT
expires
Sun, 24 Sep 2023 10:15:55 GMT
link
<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://ad-blocking24.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
pragma
no-cache
server-timing
edge; dur=1 origin; dur=94 cdn-cache; desc=MISS ak_p; desc="1695550554870_34654813_766288006_9506_967_33_79_255";dur=1
strict-transport-security
max-age=1
timing-allow-origin
* *
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,1
x-content-type-options
nosniff
x-trace-id
b9dc9cf1e7e267d6a764132754d7fd8a
tb
hub.at-systems.biz/impression/ 		0
0
2HNJE-JMUDN-FRHAR-H9AHD-8XUM9
s.go-mpulse.net/boomerang/ Frame E96D 		205 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/2HNJE-JMUDN-FRHAR-H9AHD-8XUM9
Requested by
Host: ak.onpluslean.com
URL: https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.23.196.132 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-23-196-132.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:55 GMT
content-encoding
br
last-modified
Tue, 12 Sep 2023 00:49:31 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
50393
img.gif
my.rtmark.net/ 		43 B
508 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=1899d69bdd5b498682a6e4ccb677dc68
Requested by
Host: ak.onpluslean.com
URL: https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , Ascension Island, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:55 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://ak.onpluslean.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
Primary Request de
landing.november-sin.com/t1c/
Redirect Chain
  • https://ad-blocking24.net/cp4kl7k.php?key=fickwiw7fy7yshltu1k2&visitor_id=729754518723764615&cost=0.000964&zoneid=5178792&campaignid=7439474&device=desktop&browser=chrome&os=windows&osversion=win10...
  • https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uc...
5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Requested by
Host: ak.onpluslean.com
URL: https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid=1679085099805j7oe0e63i&var=41
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d373bc6879da3751e9865df6da70b897c1bf545e3fa70b3db4204bddab5f39ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://ak.onpluslean.com/partitial/5578752/?var=5178792&ab2r=0&prfrev=false&rhd=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
80ba44e16c65bae8-MXP
content-encoding
br
content-type
text/html
date
Sun, 24 Sep 2023 10:15:56 GMT
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Br%2FHdXrCzjQ1VSEs2Ybx4Bu8hS9VkaPDp6gjczCRWdp0hjCL7y7MgXQ7KdZRisGSrIHqlc6RBOw0zPm6%2BC2b6ueXUUm7E1BF9U7sxDB8PxBz01sJe%2FFoIo8evbESAGh0F5%2BObizS1mY33WE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
80ba44dc5d990e23-MXP
content-type
text/html; charset=UTF-8
date
Sun, 24 Sep 2023 10:15:55 GMT
location
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cD5KECoCsRtUg0w5tIi%2FwRvwNhvHq8tgSCJN1o5D0hRjKa79%2Fm7pzpTtnhmodyiapI9e9%2FnSG4qYlHyaBOPCYvfZYwLNfRxg6QjTajDEQo7%2BeJADeTWTkLlV%2B%2FQgpPjntpMdaw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
config.json
c.go-mpulse.net/api/ Frame E96D 		0
0
style.css
landing.november-sin.com/t1c/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://landing.november-sin.com/t1c/style.css?d6653d3705e0549b624f2b3e0d973488
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8219a1ee9bf316df1383c965672d8ea34115281b97a56ae345f885e5afab9825
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
181325
content-encoding
br
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
W/"650d47be-f24"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5dPqN7u0RZotGPStLg15dSeRveGL0q%2Bv%2FvPpcHmWqSlVeQ0IkxMnIXwxuAinBko2pFH2kBk6%2BtaBB8FAIrTX4LTOZrMmiaBpw7WiULbmtzn3hftMVe0HHQ3WmLi6H9hKuBiWUQCRJTHOekE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=31536000
cf-ray
80ba44e1ecf1bae8-MXP
expires
Sat, 21 Sep 2024 07:53:51 GMT
shared.css
landing.november-sin.com/styles/ 		55 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://landing.november-sin.com/styles/shared.css?d6653d3705e0549b624f2b3e0d973488
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5417762aa611ad9f1d01397a654d37bd1b98bb02155d1a859908fdc3595f99cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1153
content-encoding
br
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
W/"650d47be-dd7b"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rpBXn0ZtfD%2B2XMrJcQRaC1vwmB2i6dRMx2NMs%2FBX579yGUeEYkqJ2A3BATJ2iKgRATWK7Z%2B2XzQP4Ps1SAGBxnzKd9y3QPrgaGMSPlEVSwdnE%2F9TqY4p0n9nZ1foDmNaOaD2N7ir8LRhMgE%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
80ba44e1ecf2bae8-MXP
js
www.googletagmanager.com/gtag/ 		233 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-WV373MWWXX
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.136 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
2662b50e91dbec6cb28681186f005aca904ac25f91c8a2a8ded7e2bac81530a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
83799
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sun, 24 Sep 2023 10:15:57 GMT
css2
fonts.googleapis.com/ 		9 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Comfortaa:wght@700&family=Lato:wght@700&family=Nunito:wght@600&family=Roboto:wght@400;500&display=swap
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f10.1e100.net
Software
ESF /
Resource Hash
d49403c5ad711c8f48115b3f247eb9d95fc12cf856d8c3ebe17b0d4afd7cce4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Sep 2023 10:15:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Sep 2023 08:44:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Sep 2023 10:15:56 GMT
vwo.js
landing.november-sin.com/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://landing.november-sin.com/js/vwo.js?d6653d3705e0549b624f2b3e0d973488
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
140de897bb414f0cbe6577d23699df976fc7ef39afb5709790b1e49c21914fd8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1113
content-encoding
br
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
W/"650d47be-8f0"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fV9jqSxyu4agq3bN0xPYwzgzCC2dmUbXqHg5hAUbiV2xC5xYJhODF6FjteRnBvzCPugWuL%2BF4mkcLSng44p0X4tTgGxE%2BbSTbN5g0k2TbVrssc8%2BF%2Bdf%2BkKK0jBuHqUElPm4S7enac3ksTI%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
80ba44e1fd0bbae8-MXP
logo.svg
landing.november-sin.com/images/promo-images/t1a/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://landing.november-sin.com/images/promo-images/t1a/logo.svg
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
622aa5e1804340b4fed467c79b62c8a308cfda49e8156ef4103a7143a5c78fd3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3801
content-encoding
br
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
W/"650d47be-fa8"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FwK2MsnQbpOoMmQG6bw%2FaW%2FY7mV0n%2Bzy%2FJr77JP9r1awQZ5sH1kXx0F1ri8rUTtlfpeUpq36d2ZxWd6%2Fif6z8ktoEviAlNhgt99HJjj%2BJPS0dfQ5NTTJHu6DKDqp4lOvp4rIZkq3CHgcvpk%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
80ba44e4fff5bae8-MXP
index.js
landing.november-sin.com/js/ 		46 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://landing.november-sin.com/js/index.js?d6653d3705e0549b624f2b3e0d973488
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c72dff279a67fd1c1f9d58af8700aae0ff4bf8085c07d5b5965786585c296a1d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:56 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1055
content-encoding
br
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
W/"650d47be-b701"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AnLoP59bar9MJOFjTfLgp%2FnuOvEGkppY%2BFZSOSwiN4byhXE3B7SZ2G4liXwljPjDXKcbho8lrVvG%2Boc6V6Vc4K42ByHCT7bq%2BzQsLV0lcSNrXzQw3qR%2BT0q6aBb2ix0MAkdMZ9xxeWdr3cw%3D"}],"group":"cf-nel","max_age":604800}
cache-control
max-age=14400
cf-ray
80ba44e4fff3bae8-MXP
css2
fonts.googleapis.com/ 		11 KB
913 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/style.css?d6653d3705e0549b624f2b3e0d973488
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f10.1e100.net
Software
ESF /
Resource Hash
f890ba0ffd7012cb3248709ec502bc061109c5c669af09e0d2d4c786b192158e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Sep 2023 10:15:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Sep 2023 08:54:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Sep 2023 10:15:56 GMT
css2
fonts.googleapis.com/ 		3 KB
661 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Nunito:wght@400;700&display=swap
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/styles/shared.css?d6653d3705e0549b624f2b3e0d973488
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.106 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f10.1e100.net
Software
ESF /
Resource Hash
0538b9cbde0bc08b6eef1647c4a009330e8ff2e13614312fa8a56de3e31d5266
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sun, 24 Sep 2023 10:15:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sun, 24 Sep 2023 09:49:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 24 Sep 2023 10:15:56 GMT
XRXI3I6Li01BKofiOc5wtlZ2di8HDGUmdTQ3jw.woff2
fonts.gstatic.com/s/nunito/v26/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunito/v26/XRXI3I6Li01BKofiOc5wtlZ2di8HDGUmdTQ3jw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Comfortaa:wght@700&family=Lato:wght@700&family=Nunito:wght@600&family=Roboto:wght@400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
sffe /
Resource Hash
72f4dad9076ee652f90406ad66b457b11fce8de23bcccf06ceb95b1e1c66a5dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://landing.november-sin.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 20:17:22 GMT
x-content-type-options
nosniff
age
223115
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16540
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:02:20 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Sep 2024 20:17:22 GMT
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Comfortaa:wght@700&family=Lato:wght@700&family=Nunito:wght@600&family=Roboto:wght@400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://landing.november-sin.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Thu, 21 Sep 2023 16:54:52 GMT
x-content-type-options
nosniff
age
235265
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Sep 2024 16:54:52 GMT
1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4Y_LDrMfIA.woff2
fonts.gstatic.com/s/comfortaa/v45/ 		13 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/comfortaa/v45/1Pt_g8LJRfWJmhDAuUsSQamb1W0lwk4S4Y_LDrMfIA.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Comfortaa:wght@700&family=Lato:wght@700&family=Nunito:wght@600&family=Roboto:wght@400;500&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
sffe /
Resource Hash
563b63f72c9af73637db7102243b5b2c4ca6d70abf7e3d446daf58cd34f27dc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://landing.november-sin.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Fri, 22 Sep 2023 15:45:59 GMT
x-content-type-options
nosniff
age
152998
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
13472
x-xss-protection
0
last-modified
Thu, 24 Aug 2023 20:50:21 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Sep 2024 15:45:59 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
sffe /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://landing.november-sin.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sat, 23 Sep 2023 02:35:09 GMT
x-content-type-options
nosniff
age
114048
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15920
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 22 Sep 2024 02:35:09 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.227 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f3.1e100.net
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://landing.november-sin.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Fri, 22 Sep 2023 04:06:52 GMT
x-content-type-options
nosniff
age
194945
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Sep 2024 04:06:52 GMT
player.webp
landing.november-sin.com/images/promo-images/t1c/ 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://landing.november-sin.com/images/promo-images/t1c/player.webp
Requested by
Host: landing.november-sin.com
URL: https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
188.114.96.3 , Italy, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffb7306ebf140834ec4aa82442afabccee2a144228f87b7377a253350f27f17b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/t1c/de?t=2&clk_domain=ad-blocking24.net&flow=binom&campaignId=10557&cid=b58ef2ta9u3j2cde&source=PropellerAds&src=5178792&lpkey=167b950f55f2088655&uclick=2ta9u3j2&uclickhash=2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Sun, 24 Sep 2023 10:15:57 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
3773
alt-svc
h3=":443"; ma=86400
content-length
60574
last-modified
Fri, 22 Sep 2023 07:52:30 GMT
server
cloudflare
etag
"650d47be-ec9e"
x-frame-options
DENY
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DIpZ1YzVP%2BTWFLnzQ8OFQu%2FN22bt7kPUvrpgl7weAedeOciFMs0ogLJQHqzQT8YDamz4GhvlypzzoVVq2Ae380tDg%2Fuz5BWbij9Hveju3v%2FdQE11kQcP1TxJlpMfyscbM3nKXWyo9Go%2BAWM%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
vary
Accept-Encoding
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
80ba44e5387abae8-MXP
collect
www.google-analytics.com/g/ 		0
260 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-WV373MWWXX&gtm=45je39k2&_p=795930289&cid=2095153274.1695550558&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ngs=1&_s=1&sid=1695550557&sct=1&seg=0&dl=https%3A%2F%2Flanding.november-sin.com%2Ft1c%2Fde%3Ft%3D2%26clk_domain%3Dad-blocking24.net%26flow%3Dbinom%26campaignId%3D10557%26cid%3Db58ef2ta9u3j2cde%26source%3DPropellerAds%26src%3D5178792%26lpkey%3D167b950f55f2088655%26uclick%3D2ta9u3j2%26uclickhash%3D2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c&dt=AdSweeper&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WV373MWWXX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://landing.november-sin.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 24 Sep 2023 10:15:57 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://landing.november-sin.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hub.at-systems.biz
URL
https://hub.at-systems.biz/impression/tb?impression_id=1679085099805j7oe0e63i
Domain
c.go-mpulse.net
URL
https://c.go-mpulse.net/api/config.json?key=2HNJE-JMUDN-FRHAR-H9AHD-8XUM9&d=ak.onpluslean.com&t=5651835&v=1.720.0&if=&sl=0&si=52a75414-7290-4fed-af56-734fd37b0d48-s1hj6j&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=777544

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| dataLayer object| google_tag_manager object| google_tag_data object| gaGlobal

17 Cookies

Domain/Path Name / Value
ak.onpluslean.com/ Name: OAID
Value: 1899d69bdd5b498682a6e4ccb677dc68
ak.onpluslean.com/ Name: oaidts
Value: 1695550554
my.rtmark.net/ Name: ID
Value: 1899d69bdd5b498682a6e4ccb677dc68
ad-blocking24.net/ Name: uclick
Value: 2ta9u3j2
ad-blocking24.net/ Name: uclickhash
Value: 2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
.november-sin.com/ Name: t
Value: 2
.november-sin.com/ Name: clk_domain
Value: ad-blocking24.net
.november-sin.com/ Name: flow
Value: binom
.november-sin.com/ Name: campaignId
Value: 10557
.november-sin.com/ Name: cid
Value: b58ef2ta9u3j2cde
.november-sin.com/ Name: source
Value: PropellerAds
.november-sin.com/ Name: src
Value: 5178792
.november-sin.com/ Name: lpkey
Value: 167b950f55f2088655
.november-sin.com/ Name: uclick
Value: 2ta9u3j2
.november-sin.com/ Name: uclickhash
Value: 2ta9u3j2-2ta9u3j2-8p6o-0-ftdz-h9rn-h9bg-d8397c
.november-sin.com/ Name: _ga
Value: GA1.1.2095153274.1695550558
.november-sin.com/ Name: _ga_WV373MWWXX
Value: GS1.1.1695550557.1.0.1695550557.0.0.0

1 Console Messages

Source Level URL
Text
security warning URL: https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}
Message:
Mixed Content: The page at 'https://askalons.com/l/PA/20/?resubscription=1&clickid=1679085099805j7oe0e63i&source=41&unique_user=1&browser_name=Chrome&browser_version=109.0.0.0&country=IT&partner=PA&language=it-IT&unixtime=1679085099&tb={https://ak.onpluslean.com/afu.php?zoneid=5178792&ymid={clickid}&var={traffic_source}}' was loaded over HTTPS, but requested an insecure element 'http://hub.at-systems.biz/impression/tb?impression_id=1679085099805j7oe0e63i'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad-blocking24.net
ak.onpluslean.com
askalons.com
c.go-mpulse.net
fonts.googleapis.com
fonts.gstatic.com
hub.at-systems.biz
landing.november-sin.com
my.rtmark.net
s.go-mpulse.net
www.google-analytics.com
www.googletagmanager.com
c.go-mpulse.net
hub.at-systems.biz
104.21.7.199
104.21.76.107
139.45.195.8
142.250.181.227
142.250.184.206
142.250.185.106
142.250.185.136
188.114.96.3
2.16.202.97
2.23.196.132
0538b9cbde0bc08b6eef1647c4a009330e8ff2e13614312fa8a56de3e31d5266
140de897bb414f0cbe6577d23699df976fc7ef39afb5709790b1e49c21914fd8
2662b50e91dbec6cb28681186f005aca904ac25f91c8a2a8ded7e2bac81530a7
27c4a98628687e750611e0a243a583f84504935227326f871682304724728e2f
5417762aa611ad9f1d01397a654d37bd1b98bb02155d1a859908fdc3595f99cd
563b63f72c9af73637db7102243b5b2c4ca6d70abf7e3d446daf58cd34f27dc3
622aa5e1804340b4fed467c79b62c8a308cfda49e8156ef4103a7143a5c78fd3
72f4dad9076ee652f90406ad66b457b11fce8de23bcccf06ceb95b1e1c66a5dc
8219a1ee9bf316df1383c965672d8ea34115281b97a56ae345f885e5afab9825
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c72dff279a67fd1c1f9d58af8700aae0ff4bf8085c07d5b5965786585c296a1d
d373bc6879da3751e9865df6da70b897c1bf545e3fa70b3db4204bddab5f39ed
d49403c5ad711c8f48115b3f247eb9d95fc12cf856d8c3ebe17b0d4afd7cce4f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f890ba0ffd7012cb3248709ec502bc061109c5c669af09e0d2d4c786b192158e
ffb7306ebf140834ec4aa82442afabccee2a144228f87b7377a253350f27f17b