ad.install-adblockers.com Open in urlscan Pro
2606:4700:3032::6815:5d8f Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.dinoklafbzor.org/
Effective URL:
https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&camp...
Submission: On July 20 via manual (July 20th 2024, 9:09:13 am UTC) from PH — Scanned from DE

Summary HTTP 41 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 7 domains to perform 41 HTTP transactions. The main IP is 2606:4700:3032::6815:5d8f, located in United States and belongs to CLOUDFLARENET, US. The main domain is ad.install-adblockers.com. The Cisco Umbrella rank of the primary domain is 695071.
TLS certificate: Issued by WE1 on July 12th 2024. Valid for: 3 months.

This is the only time ad.install-adblockers.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 5	2606:4700:303... 2606:4700:3034::ac43:8347	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:303... 2606:4700:3033::6815:155b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	88.212.201.204 88.212.201.204	39134 (UNITEDNET) (UNITEDNET)
2 14	95.101.54.241 95.101.54.241	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
1 1	52.58.28.63 52.58.28.63	16509 (AMAZON-02) (AMAZON-02)
18	2606:4700:303... 2606:4700:3032::6815:5d8f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
41	7

5 2606:4700:3034::ac43:8347 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

www.dinoklafbzor.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3033::6815:155b (United States)

ASN13335 (CLOUDFLARENET, US)

smart-redirect.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.212.201.204 (Russian Federation) 1 redirects

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru

counter.yadro.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 95.101.54.241 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-54-241.deploy.static.akamaitechnologies.com

ak.hetapugs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.58.28.63 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-58-28-63.eu-central-1.compute.amazonaws.com

download-adblock.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2606:4700:3032::6815:5d8f (United States)

ASN13335 (CLOUDFLARENET, US)

ad.install-adblockers.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
18	install-adblockers.com ad.install-adblockers.com — Cisco Umbrella Rank: 695071	199 KB
14	hetapugs.com 2 redirects ak.hetapugs.com	34 KB
5	dinoklafbzor.org 2 redirects www.dinoklafbzor.org	8 KB
3	smart-redirect.org smart-redirect.org — Cisco Umbrella Rank: 512702 Failed	2 KB
2	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 5822	999 B
2	yadro.ru 1 redirects counter.yadro.ru — Cisco Umbrella Rank: 9685	1 KB
1	download-adblock.com 1 redirects download-adblock.com — Cisco Umbrella Rank: 220862	627 B
41	7

	Domain	Requested by
18	ad.install-adblockers.com	ad.install-adblockers.com
14	ak.hetapugs.com	2 redirects ak.hetapugs.com
5	www.dinoklafbzor.org	2 redirects www.dinoklafbzor.org
3	smart-redirect.org	smart-redirect.org
2	my.rtmark.net	ak.hetapugs.com
2	counter.yadro.ru	1 redirects smart-redirect.org
1	download-adblock.com	1 redirects ad.install-adblockers.com
41	7

This site contains no links.

Subject Issuer	Validity	Valid
dinoklafbzor.org WE1	`2024-07-07` - `2024-10-05`	3 months	crt.sh
smart-redirect.org WE1	`2024-07-14` - `2024-10-12`	3 months	crt.sh
ak.hetaruwg.com R3	`2024-05-15` - `2024-08-13`	3 months	crt.sh
rtmark.net R11	`2024-07-05` - `2024-10-03`	3 months	crt.sh
install-adblockers.com WE1	`2024-07-12` - `2024-10-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
Frame ID: 0F61F1284799E71F6ECEDF162B404BAE
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

YTube AdSkipper

Page URL History Show full URLs

https://www.dinoklafbzor.org/ Page URL
https://www.dinoklafbzor.org/cdn-cgi/phish-bypass?atok=VaHPGn2YdGBwCJ3pQf72Ch7xwzaB9aQOmCZ8WK4P3Jw-172146... HTTP 301
https://www.dinoklafbzor.org/ HTTP 303
https://smart-redirect.org/trafficback.html Page URL
http://smart-redirect.org/en/index.html HTTP 307
https://smart-redirect.org/en/index.html Page URL
http://ak.hetapugs.com/4/4923326?var=NEW HTTP 307
https://ak.hetapugs.com/4/4923326?var=NEW Page URL
https://ak.hetapugs.com/?z=4923326&syncedCookie=true&rhd=false HTTP 302
https://ak.hetapugs.com/4/7393037/?var=4923326 Page URL
https://ak.hetapugs.com/?z=7393037&syncedCookie=false&rhd=false HTTP 302
https://download-adblock.com/click?key=fickwiw7fy7yshltu1k2&visitor_id=838454078005846196&cost=0.004540&z... HTTP 307
https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock... Page URL

Page Statistics

41
Requests

93 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

242 kB
Transfer

583 kB
Size

23
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.dinoklafbzor.org/ Page URL
https://www.dinoklafbzor.org/cdn-cgi/phish-bypass?atok=VaHPGn2YdGBwCJ3pQf72Ch7xwzaB9aQOmCZ8WK4P3Jw-1721466543-0.0.1.1-%2F HTTP 301
https://www.dinoklafbzor.org/ HTTP 303
https://smart-redirect.org/trafficback.html Page URL
http://smart-redirect.org/en/index.html HTTP 307
https://smart-redirect.org/en/index.html Page URL
http://ak.hetapugs.com/4/4923326?var=NEW HTTP 307
https://ak.hetapugs.com/4/4923326?var=NEW Page URL
https://ak.hetapugs.com/?z=4923326&syncedCookie=true&rhd=false HTTP 302
https://ak.hetapugs.com/4/7393037/?var=4923326 Page URL
https://ak.hetapugs.com/?z=7393037&syncedCookie=false&rhd=false HTTP 302
https://download-adblock.com/click?key=fickwiw7fy7yshltu1k2&visitor_id=838454078005846196&cost=0.004540&zoneid=7393037&campaignid=7657060&bannerid=19605752&subzoneid=0 HTTP 307
https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3

https://www.dinoklafbzor.org/favicon.ico HTTP 303
https://smart-redirect.org/trafficback.htmlfavicon.ico

Request Chain 4

https://www.dinoklafbzor.org/cdn-cgi/phish-bypass?atok=VaHPGn2YdGBwCJ3pQf72Ch7xwzaB9aQOmCZ8WK4P3Jw-1721466543-0.0.1.1-%2F HTTP 301
https://www.dinoklafbzor.org/ HTTP 303
https://smart-redirect.org/trafficback.html

Request Chain 5

http://smart-redirect.org/en/index.html HTTP 307
https://smart-redirect.org/en/index.html

Request Chain 6

https://counter.yadro.ru/hit;nextstat?r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851 HTTP 302
https://counter.yadro.ru/hit;nextstat?q;r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851

Request Chain 7

http://ak.hetapugs.com/4/4923326?var=NEW HTTP 307
https://ak.hetapugs.com/4/4923326?var=NEW

Request Chain 14

https://ak.hetapugs.com/?z=4923326&syncedCookie=true&rhd=false HTTP 302
https://ak.hetapugs.com/4/7393037/?var=4923326

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 / Show response
www.dinoklafbzor.org/ 4 KB
2 KB 80ms
31ms Document
text/html 2606:4700:3034::ac43:8347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dinoklafbzor.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:8347 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ea6268bbc9507cdecd69060273a05a1ecafd465a6181214998c9dcdf3f2811f

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-ray: 8a61cf69ad9d3648-FRA
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 20 Jul 2024 09:09:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CHncTpqDCdAyepi4tc2v%2FDVpMPk8V9ZTRyindPo9KuUGCWckJUYfduvTGIK9nlHY%2BkiFvNQqsTk6Hb%2FQcdndsoZrpiUlvy2vIqd8YaWepmbAQ9QWhmMiJet3dkGqIaGQtSsqOjHv9xkusu9RCD7gNbwASA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H3 200 cf.errors.css
www.dinoklafbzor.org/cdn-cgi/styles/ 23 KB
5 KB 26ms
26ms Stylesheet
text/css 2606:4700:3034::ac43:8347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.dinoklafbzor.org/cdn-cgi/styles/cf.errors.css

Requested by

Host: www.dinoklafbzor.org
URL: https://www.dinoklafbzor.org/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:8347 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.dinoklafbzor.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2024 17:11:36 GMT
server: cloudflare
etag: W/"6696a9c8-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8a61cf69edc73648-FRA
expires: Sat, 20 Jul 2024 11:09:03 GMT

GET
H3 200 icon-exclamation.png
www.dinoklafbzor.org/cdn-cgi/images/ 452 B
634 B 26ms
26ms Image
image/png 2606:4700:3034::ac43:8347
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.dinoklafbzor.org/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: www.dinoklafbzor.org
URL: https://www.dinoklafbzor.org/cdn-cgi/styles/cf.errors.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3034::ac43:8347 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.dinoklafbzor.org/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2024 17:11:36 GMT
server: cloudflare
etag: "6696a9c8-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8a61cf6a1e003648-FRA
content-length: 452
expires: Sat, 20 Jul 2024 11:09:03 GMT

GET

trafficback.htmlfavicon.ico
smart-redirect.org/
Redirect Chain

https://www.dinoklafbzor.org/favicon.ico
https://smart-redirect.org/trafficback.htmlfavicon.ico

0
0

GET
H3

200

trafficback.html
smart-redirect.org/
Redirect Chain

https://www.dinoklafbzor.org/cdn-cgi/phish-bypass?atok=VaHPGn2YdGBwCJ3pQf72Ch7xwzaB9aQOmCZ8WK4P3Jw-1721466543-0.0.1.1-%2F
https://www.dinoklafbzor.org/
https://smart-redirect.org/trafficback.html

379 B
678 B

92ms
65ms

Document
text/html

2606:4700:3033::6815:155b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart-redirect.org/trafficback.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:155b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://www.dinoklafbzor.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a61cf829c0971ac-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 20 Jul 2024 09:09:07 GMT
last-modified: Mon, 18 Mar 2024 23:14:10 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cbjo13eB1JYpx5M3Z1HquaubNx7n09EEe7sIJyehIwwMQTHubEG0EvfAMpgEXLs7IFLVwzJ%2BUoXSrDIPHfOaOCMnaLzo0SHrBc7LBeOXrdHAqsDQgCyGHcNWJ%2FpAWpaeeKsDLQACAnMyF5boMHRGjrU%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a61cf820d7a3648-FRA
content-type: text/html; charset=iso-8859-1
date: Sat, 20 Jul 2024 09:09:07 GMT
location: https://smart-redirect.org/trafficback.html
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0BeSyAAq%2BvbKo3dwsD5IgZstmVsaFwHtJJnGq%2FGHsPl2C1hk0a8LpZsTEYP%2Braoog5bCdOyIYbYjHtO5C7TOUcDe0pqxPjCd4p56WkwecBot3MVJFxLcOTvmQwgQV30Gk4PjDCnuK5poIG7TGBzwyJl%2FVg%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H3

200

index.html Show response
smart-redirect.org/en/
Redirect Chain

http://smart-redirect.org/en/index.html
https://smart-redirect.org/en/index.html

539 B
763 B

52ms
51ms

Document
text/html

2606:4700:3033::6815:155b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart-redirect.org/en/index.html
Requested by: Host: smart-redirect.org
URL: https://smart-redirect.org/trafficback.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:155b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 667de1219c6dded5904a908545f417685fc9aa904397dd6a70496e266cec3a83

Request headers

Referer: https://smart-redirect.org/trafficback.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8a61cf83cd6371ac-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 20 Jul 2024 09:09:07 GMT
last-modified: Mon, 18 Mar 2024 23:14:59 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NFYtlRuLp9o3QrDl34xiZIg4EJtbpD021spivm2mnL%2Be67bHpTFQxTDb2zIoWZShUS5DLzABuehVgzdmraFCt0P11eF%2ByvA%2FZIGet3%2FM0YAptJqf5vdh4dKH7uQpuBXQDFI6MkJFprGkK4GiH1RpUIM%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

Location: https://smart-redirect.org/en/index.html
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1

200
OK

hit;nextstat
counter.yadro.ru/
Redirect Chain

https://counter.yadro.ru/hit;nextstat?r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851
https://counter.yadro.ru/hit;nextstat?q;r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851

43 B
528 B

61ms
60ms

Image
image/gif

88.212.201.204
UNITEDNET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://counter.yadro.ru/hit;nextstat?q;r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851

Requested by

Host: smart-redirect.org
URL: https://smart-redirect.org/en/index.html

Protocol

HTTP/1.1

Server

88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),

Reverse DNS

host204.rax.ru

Software

nginx/1.17.9 /

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://smart-redirect.org/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 20 Jul 2024 09:09:08 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: image/gif
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin: *
Cache-control: no-cache
Connection: keep-alive
Content-Length: 43
Expires: Thu, 20 Jul 2023 21:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sat, 20 Jul 2024 09:09:08 GMT
Strict-Transport-Security: max-age=86400
Server: nginx/1.17.9
Content-Type: text/html
Location: https://counter.yadro.ru/hit;nextstat?q;r;s1600*1200*24;uhttps%3A//smart-redirect.org/en/index.html;h;0.5381042263063851
P3P: policyref="/w3c/p3p.xml", CP="UNI"
Cache-control: no-cache
Connection: keep-alive
Content-Length: 32
Expires: Thu, 20 Jul 2023 21:00:00 GMT

GET
H2

200

4923326 Show response
ak.hetapugs.com/4/
Redirect Chain

http://ak.hetapugs.com/4/4923326?var=NEW
https://ak.hetapugs.com/4/4923326?var=NEW

31 KB
14 KB

292ms
131ms

Document
text/html

95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/4/4923326?var=NEW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

4b4af66d73671a0131f5d1f812d609d4857e05cc4863dc00a2d09bd7633bb639

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://smart-redirect.org/en/index.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 13796
content-type: text/html; charset=utf8
date: Sat, 20 Jul 2024 09:09:08 GMT
expires: Sat, 20 Jul 2024 09:09:08 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
strict-transport-security: max-age=1
timing-allow-origin: * *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: 6fc3d21db84c178cdf4bb9113d01650d

Redirect headers

Location: https://ak.hetapugs.com/4/4923326?var=NEW
Non-Authoritative-Reason: HttpsUpgrades

GET
H3 404 favicon.ico
smart-redirect.org/ 280 B
673 B 36ms
36ms Other
text/html 2606:4700:3033::6815:155b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://smart-redirect.org/favicon.ico
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::6815:155b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://smart-redirect.org/en/index.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:08 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 126
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hTJtYli3IAQnaDbI%2B0zoEDUUKDwp5Cn%2Fmn1t0gerluvsjNLI6CjddOGJaxA5pSg%2FL2p2NA%2Bgtuqfrxgkf2Kg83HpEn5aqWygyjhrqvkxIiFo6YKzw7GOrSB0S%2BwQDA9VaimQXHf%2BIVUdfaJNr8%2Bal90%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-ray: 8a61cf86084f71ac-FRA
alt-svc: h3=":443"; ma=86400

POST
H2 200 sftouch
ak.hetapugs.com/ 2 B
533 B 75ms
75ms Ping
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/sftouch?userId=00809fffd69d4497e52ac2670d3997bf&z=4923326&p_rid=aaa62ec4-60a2-47f5-8e6f-72a3c5b00219&p_src=sf&branchId=0&rb=u3uw0DsRL1rDzOIZDw3LTQz3hu6vFMVFLXQoH3sAPqPTkRpLrJ9RWJ1Qw31kJoc1d-rb0EAyI5zh74HuozHlnSrhWkLsIZEmOIL7iRT5KSjjxBtXspwLnGwPUZayAFnq9S4cUALac8JVpiU1cxSjqsWHhZvAcFblYhstmwkNGHVCK9Pl0h0Tm7yANJkWMwtjPSlBWErCCGmaOfD3EZoEFIIbqlJndgtSTLGtuotb0yxIBFqhPMMP5qPp5J4oz_l4wb-szp3fYlpqAJf95Av5o0o5rK_JRjSG409s8Q==

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/4923326?var=NEW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/4/4923326?var=NEW
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=1
date: Sat, 20 Jul 2024 09:09:08 GMT
x-content-type-options: nosniff
content-length: 2
x-trace-id: 5684c37427287d62ea44ebd6db3a171c
pragma: no-cache
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H2 200 img.gif
my.rtmark.net/ 43 B
492 B 119ms
36ms Image
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=00809fffd69d4497e52ac2670d3997bf&z=4923326&p_rid=aaa62ec4-60a2-47f5-8e6f-72a3c5b00219&p_src=sf

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/4923326?var=NEW

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:08 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H2 200 add
ak.hetapugs.com/log/ 12 B
412 B 156ms
154ms XHR
application/json 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aaa62ec4-60a2-47f5-8e6f-72a3c5b00219

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/4923326?var=NEW

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/4/4923326?var=NEW
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
strict-transport-security: max-age=1
date: Sat, 20 Jul 2024 09:09:08 GMT
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
content-length: 12
expires: Sat, 20 Jul 2024 09:09:08 GMT

POST
H2 404 add Show response
ak.hetapugs.com/async_log/ 16 B
475 B 71ms
70ms XHR
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aaa62ec4-60a2-47f5-8e6f-72a3c5b00219
Requested by: Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/4923326?var=NEW
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e836cf151c055c64b3b2991de7067f3d9e925b51d1050e57ff93a7b88667031f

Request headers

Referer: https://ak.hetapugs.com/4/4923326?var=NEW
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
content-length: 16
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H2 204 favicon.ico
ak.hetapugs.com/ 0
110 B 62ms
61ms Other
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://ak.hetapugs.com/4/4923326?var=NEW
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:08 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H2

200

/ Show response
ak.hetapugs.com/4/7393037/
Redirect Chain

https://ak.hetapugs.com/?z=4923326&syncedCookie=true&rhd=false
https://ak.hetapugs.com/4/7393037/?var=4923326

31 KB
14 KB

85ms
85ms

Document
text/html

95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/4/7393037/?var=4923326

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

9a060fb3d0d117e01220cd97db02031b063449bf242f2fad16b6e4666cede237

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.hetapugs.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-encoding: gzip
content-length: 13800
content-type: text/html; charset=utf8
date: Sat, 20 Jul 2024 09:09:08 GMT
expires: Sat, 20 Jul 2024 09:09:08 GMT
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma: no-cache
strict-transport-security: max-age=1
timing-allow-origin: * *
vary: Accept-Encoding
x-content-type-options: nosniff
x-trace-id: bb7dbb873d4b3b258863bc6706d699d7

Redirect headers

accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: https://ak.hetapugs.com
access-control-max-age: 86400
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Sat, 20 Jul 2024 09:09:08 GMT
expires: Sat, 20 Jul 2024 09:09:08 GMT
link: <https://ak.hetapugs.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location: https://ak.hetapugs.com/4/7393037/?var=4923326
pragma: no-cache
referrer-policy: no-referrer
strict-transport-security: max-age=1
timing-allow-origin: * *
x-content-type-options: nosniff
x-trace-id: 736c0d03d78243847fd981553cc1aaf2

GET
H2 204 favicon.ico
ak.hetapugs.com/ 0
110 B 107ms
63ms Other
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://ak.hetapugs.com/afu.php?zoneid=4923326&var=4923326&rid=BPTR34PbLD67mf1dYD5JaA%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:08 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 20 Jul 2024 09:09:08 GMT

POST
H2 200 sftouch
ak.hetapugs.com/ 2 B
533 B 71ms
71ms Ping
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/sftouch?userId=00809fffd69d4497e52ac2670d3997bf&z=7393037&p_rid=929da604-447c-492c-ab94-b730705fe5f6&p_src=sf&branchId=0&rb=E35pruxJnaeYplbgaGwvK0VGq_jK73nCBTZuFCuxUhuA4hSVi0vwL-v3YiWp9wzONDCOkMySKx3R5Ks5q89MdXHeqImom6LGzQeHQgO1ForoGmfibaB-jhTpkm5k4ZNfeZapldJyeclO5DiLiqXfHJk08b76yp-SnZRQtqT0KYKjrFAciBu8bMXVfxtIH-cdsyvsbc6RYBvoBQ4Rb_Q_GGyX4ctQ7XC6syjW3wTTRNCPq43b1Iu7Q4AwYHnyPnXJt9rdl5X4NZXEle5Csx8GAMpbRUyLI7KH3SycWA==

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/7393037/?var=4923326

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/4/7393037/?var=4923326
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=1
date: Sat, 20 Jul 2024 09:09:08 GMT
x-content-type-options: nosniff
content-length: 2
x-trace-id: 793a943155462a24b2ed86ab4d454b92
pragma: no-cache
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
expires: Sat, 20 Jul 2024 09:09:08 GMT

POST
H2 200 img.gif
my.rtmark.net/ 43 B
507 B 36ms
36ms Ping
image/gif 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/img.gif?f=merge&userId=00809fffd69d4497e52ac2670d3997bf&z=7393037&p_rid=929da604-447c-492c-ab94-b730705fe5f6&p_src=sf

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/7393037/?var=4923326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:08 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
server: nginx
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: image/gif
access-control-allow-origin: https://ak.hetapugs.com
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 43

POST
H2 200 add
ak.hetapugs.com/log/ 12 B
412 B 63ms
62ms XHR
application/json 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://ak.hetapugs.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=929da604-447c-492c-ab94-b730705fe5f6

Requested by

Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/7393037/?var=4923326

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-54-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

Referer: https://ak.hetapugs.com/4/7393037/?var=4923326
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
strict-transport-security: max-age=1
date: Sat, 20 Jul 2024 09:09:08 GMT
x-content-type-options: nosniff
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
content-length: 12
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H2 204 favicon.ico
ak.hetapugs.com/ 0
110 B 139ms
139ms Other
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://ak.hetapugs.com/afu.php?zoneid=7393037&var=7393037&rid=UOc2oKHlKAQMxeQ00KE1Mg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:08 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H3

200

Primary Request / Show response
ad.install-adblockers.com/
Redirect Chain

https://ak.hetapugs.com/?z=7393037&syncedCookie=false&rhd=false
https://download-adblock.com/click?key=fickwiw7fy7yshltu1k2&visitor_id=838454078005846196&cost=0.004540&zoneid=7393037&campaignid=7657060&bannerid=19605752&subzoneid=0
https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&...

6 KB
3 KB

268ms
46ms

Document
text/html

2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Next.js

Resource Hash

c3b089ea0eca5ff2dc0d702b4ef11b1cbfd2ac756d666ff7b291363b1090fc5f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://ak.hetapugs.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, max-age=0, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8a61cf8db9763722-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Sat, 20 Jul 2024 09:09:09 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FJVcvV10TdZaGic11tD2MSjqSZY%2Bo29%2BzL20ALA7vDizGc%2B%2FSYwgT4OcW%2BkWYTLdxDRQnowEnJZNXeghqRJ2GybL7bcDnyExRJAnn9mcu99UvdOfr7ijIgrRO89HI2Cu8wTU0a1noDaVtH0TrZzxebRtClf3KFRX"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: DENY
x-powered-by: Next.js

Redirect headers

content-length: 0
date: Sat, 20 Jul 2024 09:09:09 GMT
location: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
server: Caddy
x-request-id: 174af84f-aebd-4886-9159-e2e641fc590b

POST
H2 404 add
ak.hetapugs.com/async_log/ 16 B
475 B 139ms
138ms XHR
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=929da604-447c-492c-ab94-b730705fe5f6
Requested by: Host: ak.hetapugs.com
URL: https://ak.hetapugs.com/4/7393037/?var=4923326
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://ak.hetapugs.com/afu.php?zoneid=7393037&var=7393037&rid=UOc2oKHlKAQMxeQ00KE1Mg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:08 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain; charset=utf-8
access-control-allow-origin: https://ak.hetapugs.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
content-length: 16
expires: Sat, 20 Jul 2024 09:09:08 GMT

GET
H2 204 favicon.ico
ak.hetapugs.com/ 0
110 B 196ms
58ms Other
text/plain 95.101.54.241
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ak.hetapugs.com/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.54.241 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-54-241.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Referer: https://ak.hetapugs.com/afu.php?zoneid=7393037&var=7393037&rid=UOc2oKHlKAQMxeQ00KE1Mg%3D%3D&rhd=false&ab2r=0&sf=1&is_mobile=false
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2024 09:09:09 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sat, 20 Jul 2024 09:09:09 GMT

GET
H3 200 9d92a176c9608aa4.css
ad.install-adblockers.com/_next/static/css/ 102 B
632 B 59ms
58ms Stylesheet
text/css 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/css/9d92a176c9608aa4.css

Requested by

Host: ad.install-adblockers.com
URL: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b5d584b6200dfb2ea17d372ceb88c61ee68bf6e7ae5cabed28d31952b048a10

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4929815
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 May 2024 22:48:26 GMT
server: cloudflare
etag: W/"66-18fa7a42fbe"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XZzoVQKrclPWTYLd0aMzQ65CrO%2FcqRUD%2FFMqFbctGtVFFTH%2FWwbWw9Bq4HAnOPQNdCVgVCWs1MYynwqj%2FsLJH0uQ9gMMqW80aXrc1Cfwb1nkgTGeoCSSuzN1ufo7Re%2F%2Fc6nrcX3wmRbgCuITwCStuTIzhy3GWJRf"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e19e63722-FRA

GET
H3 200 4cb03ffc738a1e28.css
ad.install-adblockers.com/_next/static/css/ 40 KB
27 KB 37ms
37ms Stylesheet
text/css 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/css/4cb03ffc738a1e28.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce28d0a03de974891bb7ac6f5ff3e41d89911583f7291524cf63f7c7ce4b961c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"a134-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTfTO2clisrq42pkyFHALVru%2FnVgw%2BUvgbXPaRbwnj4iP%2B5Xjqcg6gh7wWg%2FAt2gnB9MtHqpyxAZZj%2FZnSFYHi9w%2BR%2BjG5QcfUxerxq09lrLlJpUp%2BTHbWpTVNMc%2BVPliV6aqmgqksL2G9oGSpFjEQE4Zp1vqGHr"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e19e83722-FRA

GET
H3 200 4b136f3db283c9a2.css
ad.install-adblockers.com/_next/static/css/ 7 KB
2 KB 61ms
61ms Stylesheet
text/css 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f463e49ea998095b29b698c94c927cd77852f684063202ab668ddfc103566bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"1c18-190cd2eca9c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: text/css; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EzhUaD5uaPzLcmJ1OQs50qB1Lf6oLOlnCC536PMN8oIgt5R3LCkEXFG58KKK330POLn2TxGkvBBUBSV7PF9RGnmRHshpkcYZkl%2FAjNr5FRHrqOFExRBkefdBYwYS5OiPDf%2B3G6jicFns3mY%2Bi6W%2FYhqBSEIMnw%2F1"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e19eb3722-FRA

GET
H3 200 6596.1e2770d8cb80e5c4.js Show response
ad.install-adblockers.com/_next/static/chunks/ 10 KB
5 KB 51ms
50ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/6596.1e2770d8cb80e5c4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0b1789100e7305e15058fc8e41721bc1a4d7b944299207134996e1415dd114d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"282c-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ubj%2F35I4AD8tzK0nXoJ7cw%2BkiAGbZ8s5abS3PlvcaPKcOY6Xh7wzUfBuuoHBhlzByPp0Tm7ZCjaBjI36lNaSiJ9Tvx6DBskKr5eOypW8Erlb5lOjmuUiSqqU7RiXoqE3rq33wPIVO9O%2FxXPoF%2Fg%2BeBNzvGtC8B88"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a033722-FRA

GET
H3 200 webpack-c2a70d89340b95f3.js Show response
ad.install-adblockers.com/_next/static/chunks/ 11 KB
6 KB 69ms
68ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/webpack-c2a70d89340b95f3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44706ccbbf96f502d51f9ecc7fef6e278ec0eebdb79057f30ac0bcf4107a249d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"2de0-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aK4XxAVvKZLYH%2FJ541y16i8z8y4F%2F9C8tctuoUptf1cF1S9NgDVDXf4bJzW83wMgH3S2vahBizBt2l4qlz4cD9x61crFOz%2FPXwW7STOCKFXuUwT9bX5U54n6%2FwquSltRhXUY48cjEycLwUt3QxavgXfT93ZJnpOB"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a083722-FRA

GET
H3 200 framework-3671d8951bf44e4e.js Show response
ad.install-adblockers.com/_next/static/chunks/ 138 KB
45 KB 70ms
69ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/framework-3671d8951bf44e4e.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1845c289c582dd2b58a3ab7f8eadb695ebabbfe7a2685e5f9012ae16e0541580

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 4929814
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 May 2024 22:48:26 GMT
server: cloudflare
etag: W/"226fd-18fa7a42fba"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2FmpbF%2Bxrxh5bhhSt%2F2hWaWJJ8roeKY7C8pZXbAadTuSPJeUw26ubrQSQUoEOoM0xQmod7H5%2BhnE676RP%2F9mcKqcUmAtIkxTyHa2MxqJC%2FagkFNmrpQqMLybHsIQcwzlxz10ozKi6UALxee1CfSu3a4%2F9foLmiaI"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a0a3722-FRA

GET
H3 200 main-403c8612371c9360.js Show response
ad.install-adblockers.com/_next/static/chunks/ 87 KB
27 KB 90ms
89ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/main-403c8612371c9360.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0514cea519259a90ef195e663ef8f544520a3b08a3e3986179e7e43a56cfba1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 4929814
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 23 May 2024 22:48:26 GMT
server: cloudflare
etag: W/"15cff-18fa7a42fba"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZLTK%2FSVbtcjkXiIO4UzGYaBNJvbeG1VdLQNtEzLPh6OnGgbIeGdTkC3nbtr%2BYP0w1ZS0yezFQM1XrP2%2BqnshnDq5BpwcnpZ0eLpkF64Gc4kCjka4LgVxkLjnWxeLG7bAMLSAsOlB4FJmMlsdzro7%2BQjl%2BA5nYGP1"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a0b3722-FRA

GET
H3 200 _app-87caf57b67b1ab2f.js Show response
ad.install-adblockers.com/_next/static/chunks/pages/ 19 KB
8 KB 111ms
110ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/pages/_app-87caf57b67b1ab2f.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c4527b1d4c7de1d4226e0c4e97325b387d4509386e56b6240929d288dc087b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"4d1b-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d21f3NkYVQsc3I8lnwIPONZRJhLys14LjpYmjLf9TPqrXgPJLWdVgQmwtVxijwKd4bPYVEFgKhQzfGDH6Qav2%2FbzD%2B8c2OuwSl57pYXex91LlVm7%2Bb7lh2YLxMtMn9ChnKsV%2F5opYTBguio%2FW8BUNvs5tPb%2FlEaa"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a0e3722-FRA

GET
H3 200 7928-05ecf8aaff239994.js Show response
ad.install-adblockers.com/_next/static/chunks/ 98 KB
33 KB 111ms
111ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/7928-05ecf8aaff239994.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8ddde2edd47f897685960063c729c2be2123e1d72298a6c47f77524ad8a2fdc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"1893c-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lG6KgcUVIqRiGSoOQ6y4d%2ByspCJiMuIKKSH0NbWTuRRgySTmR%2FyRuvele2MdpjNsMhFbPPcKfT6Lbk9IHM4yo31eK5733NRi6lgS%2BaqcnkVT9ZPSr3cH8KrCAd%2BVo2Fg9FslywFVVeL0WqPw73B1dCMDbWTkMVY3"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a123722-FRA

GET
H3 200 index-2aaa5b91f011b27c.js Show response
ad.install-adblockers.com/_next/static/chunks/pages/ 23 KB
9 KB 112ms
112ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/chunks/pages/index-2aaa5b91f011b27c.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0892c0deb242597ce3552e7e7bda717b0bfa5a3bffd0f566649940c485f4f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"5af9-190cd2eca98"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxcnONchRU6KlshLFJq4NG5neY0Ybvj8U4dowH4qMSYYdYTtq8HM6wrrMf1ieA4%2FltwSRkKpYzOoSSB5zNmZNbvGNoz583EY%2FkTFLN1Qf%2BPdjf48FB7HXVsAasBU%2FBVsYxDu8gYyenZtgz0qyjCLsQ4r0%2B98fzBa"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a133722-FRA

GET
H3 200 _buildManifest.js Show response
ad.install-adblockers.com/_next/static/IdHUlOjGMc9AyHQlBAlyU/ 1 KB
1 KB 112ms
112ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/IdHUlOjGMc9AyHQlBAlyU/_buildManifest.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274a39b9eb57b1ea69ed91f0de2250fcfbfbd3de3a87f99c4ab557c63668779

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: HIT
age: 37178
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"40a-190cd2eca94"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jXYEiWmdS1SvUdh7VONs7LjwEi%2Bsr%2BiHFhO38zR%2BUGCzpA%2BYHAYBU4za8NMtPV1kAy%2Bu2AdMjYANiN3mQ8lg82OhyzVSwT9Dj8PM%2BZzIMUPSIyrjHmYTZSsIvBXXY89Sgdf9YkzPd6x7dEUzKa5mmexK509DU5jH"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a183722-FRA

GET
H3 200 _ssgManifest.js Show response
ad.install-adblockers.com/_next/static/IdHUlOjGMc9AyHQlBAlyU/ 77 B
609 B 112ms
112ms Script
application/javascript 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/IdHUlOjGMc9AyHQlBAlyU/_ssgManifest.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 37178
content-encoding: br
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:34 GMT
server: cloudflare
etag: W/"4d-190cd2eca94"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o3qFx6HSFugvUUntU579E1qQbFw8YUbBK%2FJHzaw%2FPId2PCgZLuJ9iblnoQ5p6Fx6oPHuEMn3y2jbQsHn3dX2GGFI3NM2mRPKa9ayam1UproI6z0LPBlR0FhI%2FkncN8DL7XjBQf7I5TmQu2dsE4TXqOqERS1JO2jU"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=31536000, immutable
cf-ray: 8a61cf8e2a1a3722-FRA

GET
H3 200 icon.svg
ad.install-adblockers.com/images/promo-images/salmon/ 3 KB
2 KB 62ms
61ms Image
image/svg+xml 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.install-adblockers.com/images/promo-images/salmon/icon.svg

Requested by

Host: ad.install-adblockers.com
URL: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4abf215f3a2e97a09a6bbbcce397edebe274eb2f4d30017d51538db5d8ce8bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:20 GMT
server: cloudflare
etag: W/"a60-190cd2e93a8"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qyaN8lsRAMxrVyLv3dPott8Y0QuFXbrxIiif9JjuUAoeJtgKiih7MmN8Yi2pa2JRorx%2FkUNbhrrRE9rV1U83%2FJc9ppLluei0CweItUavkyjwy%2Fubgm66WBIUu2l0P9K0yGBoro9o6WmeNAFVlN0A1TDbP%2BCnIxWp"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
cf-ray: 8a61cf8e7a8e3722-FRA

GET
H3 200 available-in-chrome.svg
ad.install-adblockers.com/images/browser-icons/ 12 KB
5 KB 59ms
59ms Image
image/svg+xml 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.install-adblockers.com/images/browser-icons/available-in-chrome.svg

Requested by

Host: ad.install-adblockers.com
URL: https://ad.install-adblockers.com/_next/static/css/4cb03ffc738a1e28.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed7d9565486a66ea74ca2944c02ba502f78fd8e56052a18c9407d61d7442460f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/_next/static/css/4cb03ffc738a1e28.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:20 GMT
server: cloudflare
etag: W/"309d-190cd2e938c"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BK6gvCLI05OJQ8b%2Bd468F30CSjsccqIeT0py6c62suMMWXormPHFcB6yQeF7VKUJFDSB1h7evXIwlB%2F7OODXMfD0O9jTgVq4k6uEZFlyAzxsUFypSOKj5rPoaAo%2BlviRGNENNt9mKZ4YoLsrFdu6DdhcCHpQdW0q"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
cf-ray: 8a61cf8e7a8f3722-FRA

GET
H3 200 627622453ef56b0d.p.woff2
ad.install-adblockers.com/_next/static/media/ 11 KB
11 KB 56ms
55ms Font
font/woff2 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/media/627622453ef56b0d.p.woff2

Requested by

Host: ad.install-adblockers.com
URL: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css
Origin: https://ad.install-adblockers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4929813
alt-svc: h3=":443"; ma=86400
content-length: 11072
last-modified: Thu, 23 May 2024 22:48:26 GMT
server: cloudflare
etag: W/"2b40-18fa7a42fba"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ybHknOXuQvI4ukI2RGeuM2%2FxyhuAn73RFm6w%2Fmn57H%2B818mk1iUAo9iqSSRxEUV00LzFEH3isNNQeWV2Qv%2FzCGj4FG1HvDwyCxfUF6Ni0pgYiAunihZeOEDsriDB2bGm9Aa2AYyGop%2BPyGhsn4%2FvYyXuqoQfdOjP"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
vary: Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 8a61cf8e8a953722-FRA

GET
H3 200 934c4b7cb736f2a3.p.woff2
ad.install-adblockers.com/_next/static/media/ 11 KB
11 KB 74ms
74ms Font
font/woff2 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/_next/static/media/934c4b7cb736f2a3.p.woff2

Requested by

Host: ad.install-adblockers.com
URL: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/_next/static/css/4b136f3db283c9a2.css
Origin: https://ad.install-adblockers.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4929813
alt-svc: h3=":443"; ma=86400
content-length: 11028
last-modified: Thu, 23 May 2024 22:48:26 GMT
server: cloudflare
etag: W/"2b14-18fa7a42fba"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B40oPehaSwzG99n2mkWVwMJYLxmOAdWktufCDUeyVANT39o9hUkqWzVBmmHvUR5kkMa5DQb2mNH4hl3A%2BDtXbqjy2jaRDKkqVPMsA3AzMJrAz940g%2BswB6Nx0qbGtiwhHSW6a5aHhJSUfByFqA9ebxkFl6yHbAUN"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
vary: Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
cf-ray: 8a61cf8e8a983722-FRA

GET click
download-adblock.com/ 0
0

GET
H3 200 favicon.ico
ad.install-adblockers.com/images/extension-icons/ytube-adskipper/ 15 KB
2 KB 42ms
41ms Other
image/x-icon 2606:4700:3032::6815:5d8f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.install-adblockers.com/images/extension-icons/ytube-adskipper/favicon.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3032::6815:5d8f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a50d59f092cfa8b87b6b2ed6742805559faff8421d625acf90eed3c34422f10

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Sat, 20 Jul 2024 09:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 19 Jul 2024 22:48:20 GMT
server: cloudflare
etag: W/"3aee-190cd2e9398"
vary: Accept-Encoding
x-frame-options: DENY
content-type: image/x-icon
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWCQGOCcLFprDZPvWmRjpq6hlUuKqiJTFNcJ7yyjEg3iAVfS21fp4JuCNjy4cJp6Q1KO%2FtwBkT7tX1KreAtOVQabvbtfKyHJBdpGz9fszuAK%2BzCHvu6oEf49Ix8OMGZ8sz7b2v0PzDCeEIG9U8VLL5G3PG1i3vKa"}],"group":"cf-nel","max_age":604800}
cache-control: public, max-age=14400
cf-ray: 8a61cf8f1b4d3722-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: smart-redirect.org
URL: https://smart-redirect.org/trafficback.htmlfavicon.ico

Domain: download-adblock.com
URL: https://download-adblock.com/click?upd_clickid=cqdntdb2r96s73f1a9b0&add_event6=1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.dinoklafbzor.org/	1970-01-20 22:12:32	Name: __cf_mw_byp Value: VaHPGn2YdGBwCJ3pQf72Ch7xwzaB9aQOmCZ8WK4P3Jw-1721466543-0.0.1.1-/
.yadro.ru/	1970-01-21 06:55:58	Name: FTID Value: 1cctwq1t5fOq1cctwq002NJA
.yadro.ru/	1970-01-21 06:55:58	Name: VID Value: 1aBanA29dUeq1cctwq002DKx
ak.hetapugs.com/	1970-01-21 06:56:42	Name: OAID Value: 00809fffd69d4497e52ac2670d3997bf
ak.hetapugs.com/	1970-01-21 06:56:42	Name: oaidts Value: 1721466548
my.rtmark.net/	1970-01-21 06:56:42	Name: ID Value: 00809fffd69d4497e52ac2670d3997bf
ak.hetapugs.com/	1970-01-20 22:21:11	Name: syncedCookie Value: true
download-adblock.com/	1970-01-20 22:21:11	Name: bc398 Value: 467fbc9c580bd0f327041f41bf6618ccd::2120:432
download-adblock.com/	1970-01-20 22:21:11	Name: rc398 Value: 467fbc9c580bd0f327041f41bf6618ccd::432
download-adblock.com/	1970-01-21 06:56:42	Name: uclick Value: y7mCk19ePdI1g+H0YWCYtRHwRpHCKWRFXJ72Uy521P6wfKHpzFlUN2URA8UfBwIx1X4d/kc=
download-adblock.com/	1970-01-21 06:56:42	Name: bcid Value: cqdntdb2r96s73f1a9b0
download-adblock.com/	1970-01-21 06:56:42	Name: cid Value: cqdntdb2r96s73f1a9b0
.install-adblockers.com/	1970-01-21 07:47:06	Name: extension Value: ytube_adskipper
.install-adblockers.com/	1970-01-21 07:47:06	Name: promo Value: salmon
.install-adblockers.com/	1970-01-21 07:47:06	Name: big Value: none
.install-adblockers.com/	1970-01-21 07:47:06	Name: clk_domain Value: download-adblock.com
.install-adblockers.com/	1970-01-21 07:47:06	Name: flow Value: binom
.install-adblockers.com/	1970-01-21 07:47:06	Name: campaignId Value: 10557
.install-adblockers.com/	1970-01-21 07:47:06	Name: trafficsource Value: 32
.install-adblockers.com/	1970-01-21 07:47:06	Name: src Value: 7393037
.install-adblockers.com/	1970-01-21 07:47:06	Name: cid Value: cqdntdb2r96s73f1a9b0
.install-adblockers.com/	1970-01-21 07:47:06	Name: lpkey Value: 17214f6c61580cfaa6ebf6925ae979c3c101b66849
.install-adblockers.com/	1970-01-21 07:47:06	Name: isV2 Value: true

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://smart-redirect.org/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ak.hetapugs.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=aaa62ec4-60a2-47f5-8e6f-72a3c5b00219 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://ak.hetapugs.com/async_log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=929da604-447c-492c-ab94-b730705fe5f6 Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: https://ad.install-adblockers.com/?extension=ytube_adskipper&promo=salmon&big=none&clk_domain=download-adblock.com&flow=binom&campaignId=10557&trafficsource=32&src=7393037&cid=cqdntdb2r96s73f1a9b0&lpkey=17214f6c61580cfaa6ebf6925ae979c3c101b66849&isV2=true Message: Access to XMLHttpRequest at 'https://download-adblock.com/click?upd_clickid=cqdntdb2r96s73f1a9b0&add_event6=1' from origin 'https://ad.install-adblockers.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://download-adblock.com/click?upd_clickid=cqdntdb2r96s73f1a9b0&add_event6=1 Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.install-adblockers.com
ak.hetapugs.com
counter.yadro.ru
download-adblock.com
my.rtmark.net
smart-redirect.org
www.dinoklafbzor.org
download-adblock.com
smart-redirect.org
139.45.195.8
2606:4700:3032::6815:5d8f
2606:4700:3033::6815:155b
2606:4700:3034::ac43:8347
52.58.28.63
88.212.201.204
95.101.54.241
0514cea519259a90ef195e663ef8f544520a3b08a3e3986179e7e43a56cfba1a
1845c289c582dd2b58a3ab7f8eadb695ebabbfe7a2685e5f9012ae16e0541580
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3d0892c0deb242597ce3552e7e7bda717b0bfa5a3bffd0f566649940c485f4f8
3ea6268bbc9507cdecd69060273a05a1ecafd465a6181214998c9dcdf3f2811f
44706ccbbf96f502d51f9ecc7fef6e278ec0eebdb79057f30ac0bcf4107a249d
4b4af66d73671a0131f5d1f812d609d4857e05cc4863dc00a2d09bd7633bb639
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5274a39b9eb57b1ea69ed91f0de2250fcfbfbd3de3a87f99c4ab557c63668779
5a50d59f092cfa8b87b6b2ed6742805559faff8421d625acf90eed3c34422f10
5c4527b1d4c7de1d4226e0c4e97325b387d4509386e56b6240929d288dc087b9
5f463e49ea998095b29b698c94c927cd77852f684063202ab668ddfc103566bd
667de1219c6dded5904a908545f417685fc9aa904397dd6a70496e266cec3a83
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ddde2edd47f897685960063c729c2be2123e1d72298a6c47f77524ad8a2fdc4
9a060fb3d0d117e01220cd97db02031b063449bf242f2fad16b6e4666cede237
9b5d584b6200dfb2ea17d372ceb88c61ee68bf6e7ae5cabed28d31952b048a10
a4abf215f3a2e97a09a6bbbcce397edebe274eb2f4d30017d51538db5d8ce8bb
bce2f309470952b7affa62ff4d91b454334c68cefa541429b502904d20696875
c3b089ea0eca5ff2dc0d702b4ef11b1cbfd2ac756d666ff7b291363b1090fc5f
ce28d0a03de974891bb7ac6f5ff3e41d89911583f7291524cf63f7c7ce4b961c
d0b1789100e7305e15058fc8e41721bc1a4d7b944299207134996e1415dd114d
e836cf151c055c64b3b2991de7067f3d9e925b51d1050e57ff93a7b88667031f
ed7d9565486a66ea74ca2944c02ba502f78fd8e56052a18c9407d61d7442460f
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

ad.install-adblockers.com Open in urlscan Pro 2606:4700:3032::6815:5d8f Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

41 Requests

93 %HTTPS

43 %IPv6

7 Domains

7 Subdomains

7 IPs

4 Countries

242 kBTransfer

583 kBSize

23 Cookies

0 Outgoing links

Page URL History

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

ad.install-adblockers.com Open in urlscan Pro
2606:4700:3032::6815:5d8f Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

93 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

242 kB
Transfer

583 kB
Size

23
Cookies

41 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!