urlscan.io logo urlscan.io
SecurityTrails logo

nowblox.ml Open in urlscan Pro
2606:4700:3030::ac43:937c  Public Scan

Go To Rescan Add Verdict Report
URL: https://nowblox.ml/
Submission Tags: phishingrod
Submission: On March 26 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 2 countries across 6 domains to perform 20 HTTP transactions. The main IP is 2606:4700:3030::ac43:937c, located in United States and belongs to CLOUDFLARENET, US. The main domain is nowblox.ml.
TLS certificate: Issued by GTS CA 1P5 on March 26th 2023. Valid for: 3 months.
This is the only time nowblox.ml was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

5    2606:4700:3030::ac43:937c (United States)

ASN13335 (CLOUDFLARENET, US)
nowblox.ml
6    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
1    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
partner.googleadservices.com
1    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.de
1    2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
adservice.google.com
3    2a00:1450:4001:806::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
tpc.googlesyndication.com
1    2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
Apex Domain
Subdomains		 Transfer
9 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 108
tpc.googlesyndication.com — Cisco Umbrella Rank: 135
202 KB
5 nowblox.ml
nowblox.ml
635 KB
2 google.com
adservice.google.com — Cisco Umbrella Rank: 68
www.google.com — Cisco Umbrella Rank: 2
2 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 29
5 KB
1 google.de
adservice.google.de — Cisco Umbrella Rank: 8820
531 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 886
601 B
20 6
Domain Requested by
6 pagead2.googlesyndication.com nowblox.ml
pagead2.googlesyndication.com
tpc.googlesyndication.com
5 nowblox.ml nowblox.ml
3 tpc.googlesyndication.com pagead2.googlesyndication.com
tpc.googlesyndication.com
2 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 www.google.com tpc.googlesyndication.com
1 adservice.google.com pagead2.googlesyndication.com
1 adservice.google.de pagead2.googlesyndication.com
1 partner.googleadservices.com pagead2.googlesyndication.com
20 8

This site contains links to these domains. Also see Links.

Domain
www.namecheap.com
Subject Issuer Validity Valid
*.nowblox.ml
GTS CA 1P5		 2023-03-26 -
2023-06-24		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.google.de
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
*.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-03-06 -
2023-05-29		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://nowblox.ml/
Frame ID: 42E1DAA3697719A5987AB2EEAF6532E9
Requests: 14 HTTP requests in this frame

Frame: https://nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679817600
Frame ID: 5B0C35449ABD30A88B1585A2B0B6E3DF
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
Frame ID: 2D699DC0FBC1EF7680AB68F91B413697
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1679831743&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679831742912&bpp=3&bdt=2310&idt=312&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=698812780399&frm=20&pv=2&ga_vid=1960935158.1679831743&ga_sid=1679831743&ga_hid=1618812704&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777876%2C44769661&oid=2&pvsid=1787285849576097&tmod=804501226&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=339
Frame ID: 0041549351F12ED79040ED01381EF21D
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 8FD2786BD791ED893FB66AAC6318C49D
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 31DE63F3760F5540C63732FB910AF8BC
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Website is being created…

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

20
Requests

100 %
HTTPS

100 %
IPv6

6
Domains

8
Subdomains

9
IPs

2
Countries

1027 kB
Transfer

1697 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
nowblox.ml/ 		889 KB
614 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33e47c733b4132b4344c72fd6ecfee8747a51cb85e33589b211b276286e8659b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7adf34b7d806b7ac-AMS
content-encoding
br
content-type
text/html
date
Sun, 26 Mar 2023 11:55:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtssOn5%2FFkk51LhvmBlX8bifL1sViYh8ioS6f7yXL8iQjqTydbvpNUIbOC2IyQLPoMvWDCTF0aUOE40yzmloAH%2FJktRlrNp4KulGzAa2qmWghQWaTKKVHD%2Bu5yqh%2FtZ5CBmeT%2BN5%2FD6X"}],"group":"cf-nel","max_age":604800}
server
cloudflare
BXBv9-Khw8ZZKK46JofdJQUfKek.js
nowblox.ml/cdn-cgi/apps/head/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/apps/head/BXBv9-Khw8ZZKK46JofdJQUfKek.js
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd77e3bde1fed5d91b058a3460b072a679f6f2adcbcb63b2b156103b83fe7d84

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:41 GMT
x-amz-version-id
Ma8ADZjWuOSn3U77nncPrpxzR2xHd779
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
BBGP0EDSJDM0DPES
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
GkqOunJxAXcs/tEjJy4AVMsNFlQHcK+yvhyFsJI5SZo1+tZJhhJB/34RBYLDY52kxxncAfeEueE=
last-modified
Sat, 13 Aug 2022 00:34:31 GMT
server
cloudflare
etag
W/"25425d2e5c873af5b80a5c489da08faa"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D82v3HhExD%2Ftea6R9M6HGAT%2Fj5GoIrkGBz5P4WPcF7C6bhNzDmxv6byurg%2FEK4hlGxgstc7l92UcLjvnq0OqVeB%2BFOZfWCra2cG2w4LoKvXaum3RkPr8FQJ8pKug5Mt5dAbGzIYLnL82"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
7adf34bbbc22b7ac-AMS
truncated
/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bd38e4e9426438f900fff9b392e0fdb731957a5db258e2ddf058d440674ab59

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
202af489c906640c6327214bfd8ddce5a8dfcaddbf3354a0356bc0b08c5fd50f

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6d0990f98c60fe79e88077224a65782a51038760013f94d2db98ecc4cc547291

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
truncated
/ 		44 KB
44 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4c820e03f6fde40a8ed5633b4973d4d69971284eed0a2eecc22f2477c8a8d82

Request headers

Referer
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Content-Type
application/font-woff2;charset=utf-8
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		140 KB
48 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/cdn-cgi/apps/head/BXBv9-Khw8ZZKK46JofdJQUfKek.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5891c37587539b27eba5adce0f7dc5db42109492518b9be1fe9b3507f69723a8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Origin
https://nowblox.ml
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:42 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48687
x-xss-protection
0
server
cafe
etag
17178406795540993220
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 26 Mar 2023 11:55:42 GMT
invisible.js
nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/alpha/ Frame 5B0C 		30 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679817600
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2c3ae112feed728533aa3c7de9345fe5c9bf56511244f5a6a537cd533415794c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:42 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5E2x9waERWzi5r4P9pgL0lt4pWnALUiKMTJ8Hh2kK9uoIc3QKQdAMg5IQG80JynK7edVjU5xJixhqiC%2BUvFPvJKmwnsr4DsUlCdlo%2FmCmRmXDCNRvCiVHDL05PRfCi6pjtZWF7dS%2BYXu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
7adf34c79e0eb8a9-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
pica.js
nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/ Frame 5B0C 		7 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/pica.js
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3211593c6284debe8430b2416036acf9039e9f16f22b7670a91a432729984efa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:42 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmfaDsC8MI4Pnm1KoV8yTLdSRBs3ZuYbt1EBC7vW7mi7FjmJmQ2G8jbOjTmjPSaemHTRrhAdo%2FvJLwpChp1w7QVojymYK8weWufw6AYX8mm%2Fre%2BjYuY0Qz8iWqO0zQCRWYVzNjHSOrrW"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
x-control-type-options
nosniff
cf-ray
7adf34c7ee90b8a9-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
7adf34b7d806b7ac
nowblox.ml/cdn-cgi/challenge-platform/h/b/cv/result/ Frame 5B0C 		2 B
650 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://nowblox.ml/cdn-cgi/challenge-platform/h/b/cv/result/7adf34b7d806b7ac
Requested by
Host: nowblox.ml
URL: https://nowblox.ml/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1679817600
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3030::ac43:937c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
Content-Type
application/json

Response headers

date
Sun, 26 Mar 2023 11:55:42 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7fPReGjVfwclBUUOqj2uIUS6zdu0Fc6ovJcGZzjGYWUasfzMu%2B3LplTfloPdguKn5qE8hl%2Fp9q1%2FZBxz0YhPHxTQSpIzQHhYXMHEHGOuxc3LW0FGucU0DCIwKa1MHKV%2FicKbLb%2FFvMb0"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
7adf34c91858b8a9-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
show_ads_impl_with_ama_fy2021.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/ 		350 KB
117 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a388169adf88a61b1b687574c19719eb14a6ad2118eab27ce2b7b0fab7973b4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:42 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119753
x-xss-protection
0
server
cafe
etag
2784413624144609283
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Sun, 26 Mar 2023 11:55:42 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/ Frame 2D69 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20230322/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-2979408575349000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
81573
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4549
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 25 Mar 2023 13:16:09 GMT
etag
2378337311435320485
expires
Sat, 08 Apr 2023 13:16:09 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cookie.js
partner.googleadservices.com/gampad/ 		387 B
601 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=nowblox.ml&callback=_gfp_s_&client=ca-pub-2979408575349000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f806effced4e455244b9db5c4060c475e2b1a449b209448b20defeea3bb61489
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
249
x-xss-protection
0
integrator.js
adservice.google.de/adsid/ 		107 B
531 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.de/adsid/integrator.js?domain=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/ 		107 B
456 B 		Script
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/adsid/integrator.js?domain=nowblox.ml
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100
x-xss-protection
0
ads
googleads.g.doubleclick.net/pagead/ Frame 0041 		603 B
218 B 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1679831743&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679831742912&bpp=3&bdt=2310&idt=312&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=698812780399&frm=20&pv=2&ga_vid=1960935158.1679831743&ga_sid=1679831743&ga_hid=1618812704&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777876%2C44769661&oid=2&pvsid=1787285849576097&tmod=804501226&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=339
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
br
content-length
46
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sun, 26 Mar 2023 11:55:43 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ 		14 KB
11 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230322&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
db63c5701991b894624be35ac8125eb2c2dd0d6d8ba06bfaf1930f51fdb8010c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11182
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202303210101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-2979408575349000&plah=nowblox.ml
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Sun, 26 Mar 2023 11:55:43 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 8FD2 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
54272
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sat, 25 Mar 2023 20:51:11 GMT
expires
Sun, 24 Mar 2024 20:51:11 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 31DE 		783 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
639e3eded76c6bc17649521593cb9effe40ae5156107e874a642daef3d6cd9c6
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-K1ikrH3CZL9XwjYJiN0Ivg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nowblox.ml/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-length
514
content-security-policy
script-src 'report-sample' 'nonce-K1ikrH3CZL9XwjYJiN0Ivg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sun, 26 Mar 2023 11:55:43 GMT
expires
Sun, 26 Mar 2023 11:55:43 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
5ZLoQB_z02QzB_hHqtk5fVBr8jKba2eTnMK3sia1eD8.js
pagead2.googlesyndication.com/bg/ Frame 8FD2 		36 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/5ZLoQB_z02QzB_hHqtk5fVBr8jKba2eTnMK3sia1eD8.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e592e8401ff3d3643307f847aad9397d506bf2329b6b67939cc2b7b226b5783f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sat, 25 Mar 2023 17:54:42 GMT
content-encoding
br
x-content-type-options
nosniff
age
64861
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14308
x-xss-protection
0
last-modified
Mon, 20 Mar 2023 09:28:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 24 Mar 2024 17:54:42 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 31DE 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230322&jk=1787285849576097&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers
generate_204
tpc.googlesyndication.com/ Frame 8FD2 		0
10 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tpc.googlesyndication.com/generate_204?fZHC5g
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:806::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

date
Sun, 26 Mar 2023 11:55:43 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
sodar
pagead2.googlesyndication.com/pagead/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230322&jk=1787285849576097&bg=!SUqlSh7NAAbO2UOH7tk7ADkAdvg8WqN_90Iargq7dCae2I8QSDk-APkanMIwcRrZ37oiwMeKXlKYbuEap4mdW4Km-mjEhJw9ExUCAAAAQlIAAAAGaAEHCgCBpEglFCWy6VKZUkUYio-dAwKG36sOKSVPZAPXBGOlu_GURINWgMzJQvSGVWlLKSqdEfqrCytSWEJZn_qiOK_WfUO4dhvI8fHMn5wkQQLF8SUBeJLwU-a_tGu5AZ0UrctN54_SfhIQbZfJL7hZY-uZwSBU1ocOnQLmsm7St1_-a81vmQKgyPcqy3VBYROZuLRkSvN1E7ZIjx9-IzqBVeNQtp5SBY2Lbuxro2SZddeKrOy4EQHMup3wugJ8STPtTBeqcuqkwZtmwRhwnBTu6VRkspcKOKqN8mso1RSv0IUchfDZbgI4R4atp5jV1LMBY15xVvwGb9aDckVZDUihrygAvs4hQC4nBTgiI6gvbxzNjYu_RozNYhi-Mc1pMDpbTkpqTncoDmGMWIS3Y3Acsinj2QgiNOcp82Uq53-IVWQk9Bv_EJ_vG_iEWEoN60A16g6JAmDdGFw3Qpm4irX7EzLAPgIXIu3eYeiZm8SWxt20iYUxnJzxbMH5nt47TLiK3e6A6CfbwVXO_Y1ZwsU6_C_H07QRv2MS0UqpXv_bmKyiaGAImJQ9bOA7q79Mer-zfSa7Ax0_chbgN5d5hXzxSgO6rPskOhxJLNBWTtwdD97J5Nda3hQWeb3mhSxdAKCum1R5LcR3NnjH02f2R1P3dq2KpRIuOcOQ79a6zlo6YX8Oxpa_Gspjhja6ugIAwWfGJ9l2l35ifQmcDMivE-e8JuYeEwdsTc4Z6c5JwICDFnzxtamCJJKVz48Z8D4ARPGA1uW54XD2w7_gRxB1nKufeTgQtgumxM1NWwrTz41dThni4x2q8-6vdpq57En4kWzpxk7XzOf3MLmPgbFuSse3mxdy_2iDovhp6FS6gqQJkHW8YpGOGIXVELgrOJDuBMJ7RrNlJYOZTbJxueynvy5Qb_j5PIu16Iu0mGYDrUjofYH6rS6n_4kfhM918tHBZbdtUVZuOM6m558rADx52-gJQhgWa3G6MCG3-3TC5zm6R9Cc9KSFnXb-8XJhSlQeNZoCpG8UDEZZShJ6aZE44Qxwo678mtNyetMhK1sSEoQH-FjOD-14_AOC
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://nowblox.ml/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36

Response headers

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 boolean| credentialless object| CloudflareApps object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac object| google_persistent_state_async boolean| google_measure_js_timing object| google_tag_data object| google_reactive_ads_global_state object| adsbygoogle boolean| _gfp_a_ object| google_sa_queue function| google_process_slots function| google_spfd number| google_unique_id object| google_sv_map number| google_rum_task_id_counter string| google_user_agent_client_hint function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ function| processGoogleToken number| google_global_correlator object| google_prev_clients object| gaGlobal object| ampInaboxIframes object| ampInaboxPendingMessages object| GoogleGcLKhOms object| google_image_requests

4 Cookies

Domain/Path Name / Value
.nowblox.ml/ Name: __cf_bm
Value: 1f8uqMtpyC1wjW3oMxj8HTReGWYg8jsDKOjvfs9Mm9c-1679831742-0-Adl86rJfT0IU8LW9yxdGuk7UW4lSYY3fgHXB/jcvNcOUyfmK8qaLV4w6pBXYt1bPe0QXVBwkgR5G8bVfk/r/JcQ5XyMqWDNMeg/xdhyjgFN2UxamQIGZvdLWlpksWRNxww==
.nowblox.ml/ Name: __gads
Value: ID=4b30ff6f3c73d6e7-2288dcf26edd00c8:T=1679831743:RT=1679831743:S=ALNI_MZnAIdvLb8zrv5KG3xALGciTGEitA
.nowblox.ml/ Name: __gpi
Value: UID=00000bcc989b9f49:T=1679831743:RT=1679831743:S=ALNI_MbXePjRhmHzwZ_ibGSijdpT6aM5MA
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission

2 Console Messages

Source Level URL
Text
network error URL: https://nowblox.ml/
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2979408575349000&output=html&adk=1812271804&adf=3025194257&lmt=1679831743&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=500x1080_l%7C500x1080_r&format=0x0&url=https%3A%2F%2Fnowblox.ml%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1679831742912&bpp=3&bdt=2310&idt=312&shv=r20230322&mjsv=m202303210101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=698812780399&frm=20&pv=2&ga_vid=1960935158.1679831743&ga_sid=1679831743&ga_hid=1618812704&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759842%2C44777876%2C44769661&oid=2&pvsid=1787285849576097&tmod=804501226&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=339
Message:
Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
googleads.g.doubleclick.net
nowblox.ml
pagead2.googlesyndication.com
partner.googleadservices.com
tpc.googlesyndication.com
www.google.com
2606:4700:3030::ac43:937c
2a00:1450:4001:806::2001
2a00:1450:4001:808::2002
2a00:1450:4001:80b::2004
2a00:1450:4001:810::2002
2a00:1450:4001:811::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
202af489c906640c6327214bfd8ddce5a8dfcaddbf3354a0356bc0b08c5fd50f
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2c3ae112feed728533aa3c7de9345fe5c9bf56511244f5a6a537cd533415794c
3211593c6284debe8430b2416036acf9039e9f16f22b7670a91a432729984efa
33e47c733b4132b4344c72fd6ecfee8747a51cb85e33589b211b276286e8659b
4bd38e4e9426438f900fff9b392e0fdb731957a5db258e2ddf058d440674ab59
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5891c37587539b27eba5adce0f7dc5db42109492518b9be1fe9b3507f69723a8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
639e3eded76c6bc17649521593cb9effe40ae5156107e874a642daef3d6cd9c6
6d0990f98c60fe79e88077224a65782a51038760013f94d2db98ecc4cc547291
9a388169adf88a61b1b687574c19719eb14a6ad2118eab27ce2b7b0fab7973b4
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4c820e03f6fde40a8ed5633b4973d4d69971284eed0a2eecc22f2477c8a8d82
ca070dfc7785775cbf5cce16064029ee534259de42c6d9de10e476e710000e93
cd77e3bde1fed5d91b058a3460b072a679f6f2adcbcb63b2b156103b83fe7d84
db63c5701991b894624be35ac8125eb2c2dd0d6d8ba06bfaf1930f51fdb8010c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e592e8401ff3d3643307f847aad9397d506bf2329b6b67939cc2b7b226b5783f
f806effced4e455244b9db5c4060c475e2b1a449b209448b20defeea3bb61489