urlscan.io logo urlscan.io
SecurityTrails logo

ekuk.xyz Open in urlscan Pro
136.243.176.154  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://multi365payments.com/
Effective URL: https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e07...
Submission: On February 21 via api from GB — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 7 domains to perform 9 HTTP transactions. The main IP is 136.243.176.154, located in Eitensheim, Germany and belongs to HETZNER-AS, DE. The main domain is ekuk.xyz.
TLS certificate: Issued by R3 on January 4th 2024. Valid for: 3 months.
This is the only time ekuk.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 185.155.184.32 6898 (AS-6898 C...)
1 2 185.155.186.25 203639 (TEKNOLOGY)
1 67.212.184.147 32475 (SINGLEHOP...)
1 1 162.55.4.52 24940 (HETZNER-AS)
2 136.243.176.154 24940 (HETZNER-AS)
9 6
1    2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)
multi365payments.com
3    2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)
multi365payments.com
1    2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    185.155.184.32 (Switzerland)

ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH)
mybigwinningzone.life
2    185.155.186.25 (Switzerland)

ASN203639 (TEKNOLOGY, CH)
a06khqp.theydayssay.live
1    67.212.184.147 (United States)

ASN32475 (SINGLEHOP-LLC, US)
PTR: server04.com-2.mobi
take.betdealfor4.com
1    162.55.4.52 (Bergen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.52.4.55.162.clients.your-server.de
v112323.pi6p.com
2    136.243.176.154 (Eitensheim, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.154.176.243.136.clients.your-server.de
ekuk.xyz
Apex Domain
Subdomains		 Transfer
4 multi365payments.com
multi365payments.com
11 KB
2 ekuk.xyz
ekuk.xyz
39 KB
2 theydayssay.live
a06khqp.theydayssay.live
4 KB
1 pi6p.com
v112323.pi6p.com
822 B
1 betdealfor4.com
take.betdealfor4.com
3 KB
1 mybigwinningzone.life
mybigwinningzone.life
60 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48
1 KB
9 7
Domain Requested by
4 multi365payments.com 1 redirects multi365payments.com
2 ekuk.xyz take.betdealfor4.com
ekuk.xyz
2 a06khqp.theydayssay.live 1 redirects mybigwinningzone.life
1 v112323.pi6p.com 1 redirects
1 take.betdealfor4.com a06khqp.theydayssay.live
1 mybigwinningzone.life multi365payments.com
1 fonts.googleapis.com multi365payments.com
9 7

This site contains links to these domains. Also see Links.

Domain
v112323.pi6p.com
Subject Issuer Validity Valid
multi365payments.com
GTS CA 1P5		 2024-02-21 -
2024-05-21		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-02-05 -
2024-04-29		 3 months crt.sh
mybigwinningzone.life
R3		 2024-02-04 -
2024-05-04		 3 months crt.sh
theydayssay.live
R3		 2024-02-20 -
2024-05-20		 3 months crt.sh
take.betdealfor4.com
R3		 2024-02-14 -
2024-05-14		 3 months crt.sh
ekuk.xyz
R3		 2024-01-04 -
2024-04-03		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc
Frame ID: 02EEA65B4DC4AB4C7D5EEDE155704E2A
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online Survey(1) Are you 21 years old or older?

Page URL History Show full URLs

  1. http://multi365payments.com/ HTTP 301
    https://multi365payments.com/ Page URL
  2. https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
  3. https://a06khqp.theydayssay.live/rreuprvf/?u=pqhk60a&o=3awgwfu&f=1&sid=t8~jkonnzuhipmjr1guttz1uqwt&fp=v9h8hH%... Page URL
  4. https://a06khqp.theydayssay.live/web/?sid=t8~jkonnzuhipmjr1guttz1uqwt HTTP 302
    https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=4558... Page URL
  5. https://v112323.pi6p.com/go.php?ad=ocgtcj3bzo889m83kud1&sid=M7337867778881224738&pub=1314&pid=1314-5e... HTTP 302
    https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

9
Requests

100 %
HTTPS

38 %
IPv6

7
Domains

7
Subdomains

6
IPs

3
Countries

117 kB
Transfer

150 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://multi365payments.com/ HTTP 301
    https://multi365payments.com/ Page URL
  2. https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu Page URL
  3. https://a06khqp.theydayssay.live/rreuprvf/?u=pqhk60a&o=3awgwfu&f=1&sid=t8~jkonnzuhipmjr1guttz1uqwt&fp=v9h8hH%2BKLPuoXYvnkfnsOg%3D%3D Page URL
  4. https://a06khqp.theydayssay.live/web/?sid=t8~jkonnzuhipmjr1guttz1uqwt HTTP 302
    https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b Page URL
  5. https://v112323.pi6p.com/go.php?ad=ocgtcj3bzo889m83kud1&sid=M7337867778881224738&pub=1314&pid=1314-5ecd6faz&c=0&app=unknown&br=Chrome+Mobile&os=[[os]]&d=Samsung+SM-A205U&ca=NL+WiFi&a=0 HTTP 302
    https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://multi365payments.com/ HTTP 301
  • https://multi365payments.com/
Request Chain 6
  • https://a06khqp.theydayssay.live/web/?sid=t8~jkonnzuhipmjr1guttz1uqwt HTTP 302
  • https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
multi365payments.com/
Redirect Chain
  • http://multi365payments.com/
  • https://multi365payments.com/
22 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://multi365payments.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
884a77c6352be0bf89dec1134193e2cc589718e42c518b97f3354d9a9734225d
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
858b5cc35cef0df5-AMS
content-encoding
br
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Wed, 21 Feb 2024 01:54:36 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2F5tJs1YJle5eJ8%2B4ET5nMRcIMaSTJBK0V6BB31Vv54nmt1Geiv52aARGd85XGXv94bAT%2FnXVtO8eSh4Ag%2FJjk%2FyTy5ZRTi3mvOaLSjZR71pe%2BBu3zknhkw7%2F32JVEcnTqFsy%2Fw0KbshA7J%2FoJMZKbOYqSQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

CF-RAY
858b5cc2ea2e0b7b-AMS
Cache-Control
max-age=3600
Connection
keep-alive
Date
Wed, 21 Feb 2024 01:54:36 GMT
Expires
Wed, 21 Feb 2024 02:54:36 GMT
Location
https://multi365payments.com/
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FZuzRPGfgPfrjL5rEn%2B6Bfn2DAqb3%2FfSIsqu5pudQOPc99myLUgYuJ4SDMYjWNPs1923Sx9Y5J5RlHBMHpG%2B6vEn04u69O2hGiUKosVIySY2V4dh3IQGzH%2F4CPuTjwzsYEJsaviiBwG2xa3xXtQ6haAsdw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
css
fonts.googleapis.com/ 		11 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
Requested by
Host: multi365payments.com
URL: https://multi365payments.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f803cc0359d25884471d2c82bf5d46a3ef25044e15a53b80d3e449141e461aa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

strict-transport-security
max-age=31536000
date
Wed, 21 Feb 2024 01:54:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 21 Feb 2024 00:59:10 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 21 Feb 2024 01:54:36 GMT
polyfill.min.js
multi365payments.com/ 		1 KB
1013 B 		Script
General
Check archive.org
Download Go to
Full URL
https://multi365payments.com/polyfill.min.js
Requested by
Host: multi365payments.com
URL: https://multi365payments.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
10e779c5452a5aa0af0e68709b0c44a3b1e03dd97302af94ed245f2f52d5227b
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://multi365payments.com/
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Wed, 21 Feb 2024 01:54:36 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
x-cache
MISS
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GdbYwGMLlojDrtE6XiyprCO95J7zEe%2BEcj2SR8OiZZJq0hdIBYkGyd1bxJgY4PI6hBdEAyBF3hGK3Jd%2FQHXXTB3b4ig%2Fcv0Riz78QBzIC33Z%2BvHoGiRIisIgkPf1VWHgTAAB1hXk3p0aQaNWJgycntjupQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
private
cf-ray
858b5cc3dd5a0df5-AMS
polyfill.min.js
multi365payments.com/ 		225 B
771 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://multi365payments.com/polyfill.min.js?_11471883499723240
Requested by
Host: multi365payments.com
URL: https://multi365payments.com/polyfill.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://multi365payments.com/
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
Content-Type
application/json

Response headers

date
Wed, 21 Feb 2024 01:54:36 GMT
content-security-policy
default-src 'self' http: https: data: blob: 'unsafe-inline'
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
same-origin
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uyQVoAcROVQ3y8i29jveOihai%2BKL51e6PiYRuLKmAXtKURPLJUhpmYgZudOY9wLqqRQus1CXsSLB%2FVclgL3%2FlZSlRmbazGgADZ%2FIwQNOZCFFBM2gXwYw5CHcNbohaivYUUPIIvMGW6ENxSDc13QcO%2BYWNA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
private
cf-ray
858b5cc44f490bae-AMS
/
mybigwinningzone.life/ 		60 KB
60 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu
Requested by
Host: multi365payments.com
URL: https://multi365payments.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.155.184.32 , Switzerland, ASN6898 (AS-6898 C41.CH SAGL - LUGANO Data Center, CH),
Reverse DNS
Software
nginx /
Resource Hash
2c983bdfdb5a8ed91c19f573675ec6518cfd552c6c21cfbc18eb5137f3fc171b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
nl-NL,nl;q=0.9

Response headers

Cache-Control
no-transform
Connection
keep-alive
Content-Length
61515
Content-Type
text/html
Date
Wed, 21 Feb 2024 01:54:37 GMT
Server
nginx
cache-control
private
/
a06khqp.theydayssay.live/rreuprvf/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a06khqp.theydayssay.live/rreuprvf/?u=pqhk60a&o=3awgwfu&f=1&sid=t8~jkonnzuhipmjr1guttz1uqwt&fp=v9h8hH%2BKLPuoXYvnkfnsOg%3D%3D
Requested by
Host: mybigwinningzone.life
URL: https://mybigwinningzone.life/?u=pqhk60a&o=3awgwfu
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305
Server
185.155.186.25 , Switzerland, ASN203639 (TEKNOLOGY, CH),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
https://mybigwinningzone.life/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
nl-NL,nl;q=0.9

Response headers

Connection
keep-alive
Content-Length
3421
Content-Type
text/html
Date
Wed, 21 Feb 2024 01:54:37 GMT
Server
openresty
cache-control
private
/
take.betdealfor4.com/
Redirect Chain
  • https://a06khqp.theydayssay.live/web/?sid=t8~jkonnzuhipmjr1guttz1uqwt
  • https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b
Requested by
Host: a06khqp.theydayssay.live
URL: https://a06khqp.theydayssay.live/rreuprvf/?u=pqhk60a&o=3awgwfu&f=1&sid=t8~jkonnzuhipmjr1guttz1uqwt&fp=v9h8hH%2BKLPuoXYvnkfnsOg%3D%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
67.212.184.147 , United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
server04.com-2.mobi
Software
nginx /
Resource Hash
ab8e9e8c4243418d10ba838d19a931ac08fb71a822714d21cca7bdcfb7aabb0e

Request headers

Referer
https://a06khqp.theydayssay.live/rreuprvf/?u=pqhk60a&o=3awgwfu&f=1&sid=t8~jkonnzuhipmjr1guttz1uqwt&fp=v9h8hH%2BKLPuoXYvnkfnsOg%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
nl-NL,nl;q=0.9

Response headers

accept-ch
Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 21 Feb 2024 01:54:38 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
server
nginx
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Length
262
Content-Type
text/html; charset=utf-8
Date
Wed, 21 Feb 2024 01:54:38 GMT
Server
openresty
cache-control
private
location
https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b
referrer-policy
no-referrer
Primary Request /
ekuk.xyz/
Redirect Chain
  • https://v112323.pi6p.com/go.php?ad=ocgtcj3bzo889m83kud1&sid=M7337867778881224738&pub=1314&pid=1314-5ecd6faz&c=0&app=unknown&br=Chrome+Mobile&os=[[os]]&d=Samsung+SM-A205U&ca=NL+WiFi&a=0
  • https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&...
12 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc
Requested by
Host: take.betdealfor4.com
URL: https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.176.154 Eitensheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.154.176.243.136.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
6d776e4af60b537328333746ce30e0fbd0d09ba69f39a65e487b55bc28b0b3af

Request headers

Referer
https://take.betdealfor4.com/?utm_medium=7c546697f77c362f087bd230a385a22a47b9f7ab&utm_campaign=m&cid=455875d1-bafe-4faa-9386-962c745e3f1b#0
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.
accept-language
nl-NL,nl;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 21 Feb 2024 01:54:38 GMT
server
nginx/1.18.0
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 21 Feb 2024 01:54:38 GMT
Location
https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc
Referrer-Policy
no-referrer
Server
nginx/1.24.0
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
loading2.gif
ekuk.xyz/age/21years/files/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ekuk.xyz/age/21years/files/loading2.gif
Requested by
Host: ekuk.xyz
URL: https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
136.243.176.154 Eitensheim, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.154.176.243.136.clients.your-server.de
Software
nginx/1.18.0 /
Resource Hash
3dfebea695e74f95113339686c6167ecd8e05afb20d69e3fd74d2acc8689e39b

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://ekuk.xyz/?l=age-21years&v=1&brand=Samsung&model=Galaxy%20A20&domain=v112323.pi6p.com&lpkey=17fa08cc487e073f78&clickid=71047pmuo8p37fe4dc&var=65&browser_name=Chrome%20Mobile&country_code=NL&uclick=pmuo8p37fe&uclickhash=pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc
User-Agent
Mozilla/5.0 (Linux; Android 10; SM-A205U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.114 Mobile Safari/537.36.

Response headers

date
Wed, 21 Feb 2024 01:54:39 GMT
last-modified
Tue, 13 Jun 2023 13:41:50 GMT
server
nginx/1.18.0
accept-ranges
bytes
etag
"6488721e-9091"
content-length
37009
content-type
image/gif

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| getURLParameter string| cta string| curr_hr string| under string| back

8 Cookies

Domain/Path Name / Value
multi365payments.com/ Name: smdtm
Value: S3J5ZHJldCUyMEp1bGVrYWdlJTIwTWVkJTIwRGFkbGVyJTIwT2clMjBWYWxuJUMzJUI4ZGRlcg==
mybigwinningzone.life/ Name: sid
Value: t8~jkonnzuhipmjr1guttz1uqwt
mybigwinningzone.life/ Name: p1
Value: https://theydayssay.live/rreuprvf/
mybigwinningzone.life/ Name: s1
Value: mv8m8qvtbwlqj6z2
a06khqp.theydayssay.live/ Name: IsNotUniqueMainNew
Value: true
a06khqp.theydayssay.live/ Name: cookie1
Value: true
v112323.pi6p.com/ Name: uclick
Value: pmuo8p37fe
v112323.pi6p.com/ Name: uclickhash
Value: pmuo8p37fe-pmuo8p37fe-zw-qex9-9r15-ci2t6o-ciktwj-148ccc

1 Console Messages

Source Level URL
Text
network error URL: https://multi365payments.com/polyfill.min.js?_11471883499723240
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' http: https: data: blob: 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block