urlscan.io logo urlscan.io
SecurityTrails logo

nowblox.ml Open in urlscan Pro
2606:4700:3030::ac43:937c  Public Scan

Go To Rescan Add Verdict Report
URL: https://nowblox.ml/
Submission Tags: phishingrod
Submission: On January 30 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3030::ac43:937c, located in United States and belongs to CLOUDFLARENET, US. The main domain is nowblox.ml.
TLS certificate: Issued by GTS CA 1P5 on January 26th 2023. Valid for: 3 months.
This is the only time nowblox.ml was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    2606:4700:3030::ac43:937c (United States)

ASN13335 (CLOUDFLARENET, US)
nowblox.ml
7    2a00:1450:400d:807::2002 (Ireland)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
adservice.google.com
3    2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
adservice.google.de
1    2a00:1450:400d:803::2002 (Ireland)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
3    2a00:1450:400d:80a::2001 (Ireland)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
tpc.googlesyndication.com — Cisco Umbrella Rank: 149
204 KB
5 nowblox.ml
nowblox.ml
642 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 70
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 29
5 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8741
531 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 858
602 B
20 6
Domain Requested by
6 pagead2.googlesyndication.com nowblox.ml
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 nowblox.ml nowblox.ml
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
20 8

This site contains links to these domains. Also see Links.

Domain
www.namecheap.com
Subject Issuer Validity Valid
*.nowblox.ml
GTS CA 1P5		 2023-01-26 -
2023-04-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-01-09 -
2023-04-03		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://nowblox.ml/
Frame ID: BB85C66A5097FF8B5DCF5DDE32866C66
Requests: 14 HTTP requests in this frame

Frame: https://nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675051200
Frame ID: 53411431E4AAC9FB26CDAA8312A75571
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
Frame ID: 3A98D48DBC7DD0F93EAE181D910DF5E4
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1675058256&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1675058256370&bpp=2&bdt=1298&idt=250&shv=r20230124&mjsv=m202301120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3733211316288&frm=20&pv=2&ga_vid=575098931.1675058257&ga_sid=1675058257&ga_hid=1363900559&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31071546%2C31071581%2C31071790&oid=2&pvsid=3192002159184903&tmod=1284906245&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=269
Frame ID: E90C98621E62C85D1F9EABCE32A8643E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 693C0C1198D73E155AFEA72A8B79FD77
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 13A8A13BF0D55B42E9C73F05868A1B02
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Website is being created…

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

20
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

1036 kB
Transfer

1736 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nowblox.ml/ 		889 KB
614 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
012ca29f37e69a6a2eda98c11e6b0a752c5d34ba2138a44e5601e6924155dc38

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7917f88b4caa6937-FRA
content-encoding
br
content-type
text/html
date
Mon, 30 Jan 2023 05:57:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06aBKTHmTuGjA9LLmvCOtLMtFyJysmVJXpr94%2FoQvOgs8wz5HHaFX%2BdNLEwqCgYXdg21qkDyJiQRvaSe4xbENG%2FOLasBm98c0BYcerjNahp9zHZZ3dfEe0%2BnLnRjlvWMWAq6K6cyfWjL"}],"group":"cf-nel","max_age":604800}
server
cloudflare
BXBv9-Khw8ZZKK46JofdJQUfKek.js
nowblox.ml/cdn-cgi/apps/head/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/apps/head/BXBv9-Khw8ZZKK46JofdJQUfKek.js
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd77e3bde1fed5d91b058a3460b072a679f6f2adcbcb63b2b156103b83fe7d84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:35 GMT
x-amz-version-id
Ma8ADZjWuOSn3U77nncPrpxzR2xHd779
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
C234PPNHR7FGNJFZ
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
39+aIdix2g4K+yin/dWb+ZjIvZy4nFRDGhhgcDkTS74z0oWHWUaePpW20H/ErMO9CwQI6jKfLuw=
last-modified
Sat, 13 Aug 2022 00:34:31 GMT
server
cloudflare
etag
W/"25425d2e5c873af5b80a5c489da08faa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DqaRGWVN7zypZ0j1d%2BC31mpkml6%2FrkLgjePbGDegRWqyYxs57Q6ID2A40u6JfqgCg5LgvDn1CPI7soFV4CKG96R%2FGJqfBfLSBp3GFY3%2FVFtXv%2Fl1jHTMYLBaDtYt7RmWJiKCLjNfMyM%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7917f88f19546937-FRA
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
202af489c906640c6327214bfd8ddce5a8dfcaddbf3354a0356bc0b08c5fd50f

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bd38e4e9426438f900fff9b392e0fdb731957a5db258e2ddf058d440674ab59

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6d0990f98c60fe79e88077224a65782a51038760013f94d2db98ecc4cc547291

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4c820e03f6fde40a8ed5633b4973d4d69971284eed0a2eecc22f2477c8a8d82

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		147 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/cdn-cgi/apps/head/BXBv9-Khw8ZZKK46JofdJQUfKek.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b7fa56862f414fa29d13ef7d2799c2f38ed34f5c162888bd81f03235c2bac97c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
49812
x-xss-protection
0
server
cafe
etag
17970520428351697520
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 30 Jan 2023 05:57:36 GMT
invisible.js
nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/alpha/ Frame 5341 		36 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675051200
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e78a48525701284ef55a2fe493fefd98c53f859c6ed2f9b9bde2d50ab1278e23

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:35 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FX1ebKGjWeuCVL9OkUXvhpCljEhbq4BLPqXgiteq8hgt%2FFslQ%2FyQ%2F74QA8YxyNOwqY35yQi6LJQvsGfuxyFilTmld7OFwEIezayv7t7bhSJ9n0bd6fqt9gUOc4TQl07%2FhrePcYIWF3YJ"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
7917f893e8219bc4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/ Frame 5341 		25 KB
10 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31e2ec7b480f1c0ce3e30b8c721c9ec9c6f5ad4799171bfe5de748bc6c9bec54

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9EBU21j33xJWY2CLxkBzw07oM5C%2BKUxcpeYnCiyHN%2FpGUxEEzwTDutV3vN6zCCcqA11XY6QMri1Sck37frMvy7e%2F4sTzqr6M4931aK55qqC9%2F%2F3VPOvB5eQftQWKlblQ2jYJ7jYaaSe"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
7917f89428799bc4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
7917f88b4caa6937
nowblox.ml/cdn-cgi/challenge-platform/h/g/cv/result/ Frame 5341 		2 B
664 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/g/cv/result/7917f88b4caa6937
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1675051200
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/json

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3J2M9M4Qa%2FzuEB4CUfVDfg4L%2FI6nSIFXdIkvpIRjEcj%2FUj1aw3n%2Boe8AKkRWnJtEKGWfZF2G806m%2FTLLQmwGpPtEezNUncLwyP4PGu5vNs33QeE7fhuwQHLeihBXShhGlFVH0gb1W9MD"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7917f8963b6d9bc4-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/ 		359 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e5c2c690057824b85d6194c5659b0d65d16d95e14926dda0206a62843a196116
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
120763
x-xss-protection
0
server
cafe
etag
1302584688663565023
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Mon, 30 Jan 2023 05:57:36 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/ Frame 3A98 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230124/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
79385
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4242
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 29 Jan 2023 07:54:31 GMT
etag
10353107486223812946
expires
Sun, 12 Feb 2023 07:54:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ 		387 B
602 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=nowblox.ml&callback=_gfp_s_&client=ca-pub-2979408575349000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:803::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0181e0c089c5ea4f34f9982c4c52b541a93c55884a4bda7dc9600af7fa520e0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
251
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame E90C 		603 B
218 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1675058256&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1675058256370&bpp=2&bdt=1298&idt=250&shv=r20230124&mjsv=m202301120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3733211316288&frm=20&pv=2&ga_vid=575098931.1675058257&ga_sid=1675058257&ga_hid=1363900559&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31071546%2C31071581%2C31071790&oid=2&pvsid=3192002159184903&tmod=1284906245&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=269
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Mon, 30 Jan 2023 05:57:36 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		15 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230124&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2d1b70aab2b4340ccae5799926aa53298449a95bedea6e3916ae25f4ae489c4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:36 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11305
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202301120101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:37 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Mon, 30 Jan 2023 05:57:37 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 693C 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
248015
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 27 Jan 2023 09:04:02 GMT
expires
Sat, 27 Jan 2024 09:04:02 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 13A8 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
ae1b0b9c44ca50996ad3f29fe2699a73c47d76d4d029503fea3cb6ac7f4a40ae
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-xHx8bTEZEyRgJN6eGzLI-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-xHx8bTEZEyRgJN6eGzLI-A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Mon, 30 Jan 2023 05:57:37 GMT
expires
Mon, 30 Jan 2023 05:57:37 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
pagead2.googlesyndication.com/bg/ Frame 693C 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/V3SsRWZOfA-pKEWNVYsb3GaVjAUiaK0X1iPK6a1PXlU.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5774ac45664e7c0fa928458d558b1bdc66958c052268ad17d623cae9ad4f5e55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 23 Jan 2023 20:25:56 GMT
content-encoding
br
x-content-type-options
nosniff
age
552701
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14206
x-xss-protection
0
last-modified
Thu, 19 Jan 2023 11:48:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 23 Jan 2024 20:25:56 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 13A8 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230124&jk=3192002159184903&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 693C 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?jSm40A
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:80a::2001 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

date
Mon, 30 Jan 2023 05:57:37 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230124&jk=3192002159184903&bg=!Dg2lDUnNAAZSrDxfcqw7ACkAdvg8WhPCgw0x9m7K0ExJDLtRyxBkxZyQMM4H01-4YrAFcHmNIswK3gIAAAA_UgAAAANoAQcKANwYZSZIhjM-OGeJPYrfDwHlrqCXoWpRS4BD7xT50_xxZzMdBgdFNuYMEjygkA40_t9UVFAzLLQ3hgDkKcJEbnpnpcY_kmDKFNLJVTIME16QUSsbe5ujv0wD9J82gieakeFO_maJ7d1dYrJQ5z2dtAhFbFbiBUiAsXiKCKxTXpFx1QeF-Yr0mVU83BEFLw1i4vAqxAWA-CWW6l-E0tg0j1oxhlZmcWCIdOMhxRQYbhFtBDvKqtlp2YRxekv2Yr7kte_RiHEcDOx9NrVjd4e1Tm8OrVbZtKwRgbtOBz9fmQKhglEqP6uLG5Mf9diT5CdGozBQu08IxXwUn9gCSsl3R0wxZKAK_4AI7VC8ix7cQrIvPXmjWiSBVCIdmIuRT9Y0MEkJnxjZvQ8mT0r-Qg62pvfLPHpnGNKf96AXMN2j9kurHBFn_HzWGhUpy3WZR4GltMboU5e7oPPPNBfrbUbr74ELNI2O5XbVD13Q-7sWd0y6uEFexsYMdBfbZ-9dngkbE41qi5-exH1QFIV4It4prl29_dmr_OW0DIn4tCzvCO-1uS7EnXjVgW07trJYR1BPmvs-e6X_jODbqWnhmng0TzhlADbDPWeq-uNszRUaCJDG6HpqWxrL7m40glCysVa1L2AkBpNMrr9GnBNlEW66XNFoPbfobbGyw6hyGUBekuy8bJXEgkrM-jY8c1nzudnVedifB9OY8STaEeny2OklaGYu1khk_MbpjvF4L1fNplRC-IKP42x9VNlQYyIs0S2KmYvDo_NxdSBAIf7MxGr649ecaFyqRsoXfgqCAehZbDoCk8u3HL9bE_sdVJ5cnpsvSNZKzK6rRRgISJHKHCG0tW6jxGtecM-FZ-RdGNxsbyPVPFGfbpF0qWOIzfjPhmKvDtMl0iXk46fxC_7k5i8WLLHfKShrq1hdhwbrfegnSDAU2UPbVt5N-zabYrW6KgpijVgMAzUxk7gUs6NTB3d5pnGuVPiorJxy3zlKGcLT1Xrn9mwoH-_YiDMyAB7vyA7Na7huwJiQAwtfguoEpR7w5fxuKfYdRXxp7S_6-0bEYNaUzmbih9EB5zBbQ4tR9rxtfawQ2IpHmCCgPUeHrOEwSB1lkU9FYnKvf_GoEOPJJO4NMgTVpf-VhvK8UxfK5WdKaproEkaHSuUjcsAjFCTLrqUXVGZ6WF24va5KiXuZEdKbgg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400d:807::2002 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| oncontentvisibilityautostatechange object| CloudflareApps object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests

4 Cookies

Domain/Path Name / Value
.nowblox.ml/ Name: __cf_bm
Value: jFpm71bF7.Phjr8eHa3dRpS3DcMY7kw_ytk9KrKcuJs-1675058256-0-Ab4MxLmM0H7dgW/XAeVAm51cms/OMUM5NcNzFy6xpE9Pc3+yMuViJi4mGIq7zVwilc7HyZzDFInaxH0wjkjoxu0B36Xh2hyilHgC7vNTiyULh60sl1cYlHJMIQiv6O1vL1FhhXMKQqERhdaGRMzSEu8=
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.nowblox.ml/ Name: __gads
Value: ID=d0f34b389ab9b954-22fae1f178db00a3:T=1675058256:RT=1675058256:S=ALNI_MY-OH9eXT1pHEs1TyQ_QPSMEPrf9w
.nowblox.ml/ Name: __gpi
Value: UID=00000bacde08f9af:T=1675058256:RT=1675058256:S=ALNI_MYEExBwrUUMoFH98bg4hLE5XUIWjQ

2 Console Messages

Source Level URL
Text
network error URL: https://nowblox.ml/
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1675058256&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1675058256370&bpp=2&bdt=1298&idt=250&shv=r20230124&mjsv=m202301120101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=3733211316288&frm=20&pv=2&ga_vid=575098931.1675058257&ga_sid=1675058257&ga_hid=1363900559&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31071546%2C31071581%2C31071790&oid=2&pvsid=3192002159184903&tmod=1284906245&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=269
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
nowblox.ml
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
2606:4700:3030::ac43:937c
2a00:1450:4001:813::2004
2a00:1450:400d:802::2002
2a00:1450:400d:803::2002
2a00:1450:400d:807::2002
2a00:1450:400d:80a::2001
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
012ca29f37e69a6a2eda98c11e6b0a752c5d34ba2138a44e5601e6924155dc38
0181e0c089c5ea4f34f9982c4c52b541a93c55884a4bda7dc9600af7fa520e0c
202af489c906640c6327214bfd8ddce5a8dfcaddbf3354a0356bc0b08c5fd50f
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2d1b70aab2b4340ccae5799926aa53298449a95bedea6e3916ae25f4ae489c4b
31e2ec7b480f1c0ce3e30b8c721c9ec9c6f5ad4799171bfe5de748bc6c9bec54
4bd38e4e9426438f900fff9b392e0fdb731957a5db258e2ddf058d440674ab59
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5774ac45664e7c0fa928458d558b1bdc66958c052268ad17d623cae9ad4f5e55
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6d0990f98c60fe79e88077224a65782a51038760013f94d2db98ecc4cc547291
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c820e03f6fde40a8ed5633b4973d4d69971284eed0a2eecc22f2477c8a8d82
ae1b0b9c44ca50996ad3f29fe2699a73c47d76d4d029503fea3cb6ac7f4a40ae
b7fa56862f414fa29d13ef7d2799c2f38ed34f5c162888bd81f03235c2bac97c
cd77e3bde1fed5d91b058a3460b072a679f6f2adcbcb63b2b156103b83fe7d84
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c2c690057824b85d6194c5659b0d65d16d95e14926dda0206a62843a196116
e78a48525701284ef55a2fe493fefd98c53f859c6ed2f9b9bde2d50ab1278e23