urlscan.io logo urlscan.io
SecurityTrails logo

1d788qd3vwfg56o733.dkeie.co.in Open in urlscan Pro
104.21.65.22  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ebookrs.ch/
Effective URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&...
Submission: On October 17 via api from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 10 domains to perform 15 HTTP transactions. The main IP is 104.21.65.22, located in and belongs to CLOUDFLARENET, US. The main domain is 1d788qd3vwfg56o733.dkeie.co.in.
TLS certificate: Issued by GTS CA 1P5 on September 20th 2023. Valid for: 3 months.
This is the only time 1d788qd3vwfg56o733.dkeie.co.in was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 185.53.177.20 61969 (TEAMINTER...)
1 18.66.121.138 16509 (AMAZON-02)
2 3.94.15.8 14618 (AMAZON-AES)
1 1 23.88.66.44 24940 (HETZNER-AS)
2 104.21.65.22 13335 (CLOUDFLAR...)
1 151.101.130.137 54113 (FASTLY)
1 104.16.85.20 13335 (CLOUDFLAR...)
1 104.21.233.164 13335 (CLOUDFLAR...)
1 142.250.185.202 15169 (GOOGLE)
1 142.250.185.163 15169 (GOOGLE)
1 142.250.186.99 15169 (GOOGLE)
15 11
4    185.53.177.20 (Germany)

ASN61969 (TEAMINTERNET-AS, DE)
ebookrs.ch
1    18.66.121.138 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-121-138.fra60.r.cloudfront.net
d38psrni17bvxu.cloudfront.net
2    3.94.15.8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-15-8.compute-1.amazonaws.com
amala-wav.com
1    23.88.66.44 (Gunzenhausen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.44.66.88.23.clients.your-server.de
knezlt.xyz
2    104.21.65.22 (None, )

ASN13335 (CLOUDFLARENET, US)
1d788qd3vwfg56o733.dkeie.co.in
1    151.101.130.137 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    104.16.85.20 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    104.21.233.164 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.pushflow.net
1    142.250.185.202 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f10.1e100.net
fonts.googleapis.com
1    142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
www.gstatic.com
1    142.250.186.99 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f3.1e100.net
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
4 ebookrs.ch
ebookrs.ch
4 KB
2 gstatic.com
www.gstatic.com
fonts.gstatic.com
19 KB
2 dkeie.co.in
1d788qd3vwfg56o733.dkeie.co.in
38 KB
2 amala-wav.com
amala-wav.com
3 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 49
1 KB
1 pushflow.net
cdn.pushflow.net — Cisco Umbrella Rank: 174765
186 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 373
15 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 925
30 KB
1 knezlt.xyz
knezlt.xyz — Cisco Umbrella Rank: 828807
820 B
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
1 KB
15 10
Domain Requested by
4 ebookrs.ch d38psrni17bvxu.cloudfront.net
ebookrs.ch
2 1d788qd3vwfg56o733.dkeie.co.in amala-wav.com
1d788qd3vwfg56o733.dkeie.co.in
2 amala-wav.com ebookrs.ch
amala-wav.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.gstatic.com
1 fonts.googleapis.com client
1 cdn.pushflow.net 1d788qd3vwfg56o733.dkeie.co.in
1 cdn.jsdelivr.net 1d788qd3vwfg56o733.dkeie.co.in
1 code.jquery.com 1d788qd3vwfg56o733.dkeie.co.in
1 knezlt.xyz 1 redirects
1 d38psrni17bvxu.cloudfront.net ebookrs.ch
15 11

This site contains no links.

Subject Issuer Validity Valid
*.parkingcrew.net
Thawte TLS RSA CA G1		 2020-07-20 -
2022-09-18		 2 years crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2022-12-08 -
2023-12-07		 a year crt.sh
dkeie.co.in
GTS CA 1P5		 2023-09-20 -
2023-12-19		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
pushflow.net
GTS CA 1P5		 2023-08-30 -
2023-11-28		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Frame ID: D130676E175DFD5E439E752045A91909
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sicherheitskontrolle

Page URL History Show full URLs

  1. https://ebookrs.ch/ Page URL
  2. http://amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/85aefdc2-9ed0-48aa-922d-60f... Page URL
  3. http://amala-wav.com/zclkredirect?visitid=2f73fb94-6cd8-11ee-bfcb-12c4a22a2067&type=js&browserWid... Page URL
  4. https://knezlt.xyz/run.php?cum=oe7lvm2c9bliq&c=0.017500&s1=lateritious-falcon&s2=whiskey-rom-1o... HTTP 302
    https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

15
Requests

60 %
HTTPS

0 %
IPv6

10
Domains

11
Subdomains

11
IPs

3
Countries

298 kB
Transfer

815 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ebookrs.ch/ Page URL
  2. http://amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c9fc4540-0a2e-11ed-af35-0a918cbcbb97 Page URL
  3. http://amala-wav.com/zclkredirect?visitid=2f73fb94-6cd8-11ee-bfcb-12c4a22a2067&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false Page URL
  4. https://knezlt.xyz/run.php?cum=oe7lvm2c9bliq&c=0.017500&s1=lateritious-falcon&s2=whiskey-rom-1ozqje3mr7&s3=ebook%2Cebookers&s4=unknown&s5=NON-ADULT&s6=&s7=Chrome&s8=Windows&s9= HTTP 302
    https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
ebookrs.ch/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ebookrs.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.20 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
95e579a86e0f651f8ddb274ca3ca6a55d6835257344f86a3e5ed9e7bef1a6126

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.ch/

Response headers

Accept-Ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
Accept-Ch-Lifetime
30
Content-Encoding
gzip
Content-Length
1355
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 Oct 2023 10:30:26 GMT
Server
nginx
Vary
Accept-Encoding
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_EIjMtWPJnLXn814oW46hmVR9p0jXiNJT+wwtMSADM4FAfHm5d/R9WGU+Tkikc5Uf+Dc69y6/jH+eR7ZsO2sNcw==
X-Buckets
bucket011,bucket077
X-Domain
ebookrs.ch
X-Language
german
X-Redirect
zeropark_zeroclick
X-Subdomain
X-Template
tpl_CleanPeppermintBlack_twoclick
js3.js
d38psrni17bvxu.cloudfront.net/scripts/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Requested by
Host: ebookrs.ch
URL: https://ebookrs.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.121.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-121-138.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
036c94653e84e6078c087abeb3ac8804491d27b27938839ae3df42b31e2238d9

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 04:30:56 GMT
via
1.1 0121ceb2efadb6db52d122a8b6b52f90.cloudfront.net (CloudFront)
last-modified
Mon, 23 Jan 2023 11:12:07 GMT
server
nginx
x-amz-cf-pop
FRA60-P2
age
21570
etag
"63ce6b87-448"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
1096
x-amz-cf-id
4vs1jUXtEsQfpVXebaG4v3Ruin3WU1e85YkZYLaUNH24OicOHdjXjg==
track.php
ebookrs.ch/ 		0
565 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ebookrs.ch/track.php?domain=ebookrs.ch&toggle=browserjs&uid=MTY5NzUzODYyNS44MzA5OjBiNWUwMDc2OTUyYzcyNDI0MWY1ZjQzZDJkYWY5ODc4MzVlZDAxYmFhZTNkZmQ0ZmJlZWQyZjZlN2Y3OTllMGM6NjUyZTYyNDFjYWRhOA%3D%3D
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.20 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

device-memory
8
Referer
https://www.google.ch/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
viewport-width
1600

Response headers

Date
Tue, 17 Oct 2023 10:30:26 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
X-Custom-Track
browserjs
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
Content-Length
20
ls.php
ebookrs.ch/ 		16 B
863 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ebookrs.ch/ls.php?t=652e6242&token=72de35b729ea4ed26a778c9e34be27a4a02f2cc7
Requested by
Host: ebookrs.ch
URL: https://ebookrs.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.20 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

device-memory
8
Referer
https://www.google.ch/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
viewport-width
1600

Response headers

Date
Tue, 17 Oct 2023 10:30:26 GMT
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
POST, OPTIONS
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
Accept-Ch-Lifetime
30
Charset
utf-8
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_F2cwXzD7iWxuX1UNNE2fY21K9m9JkfltQd28sVVjne2B0PXGfopwUtgxvbJCXLjj4oq7rKfRI9Zvtr011PZFtg==
X-Log-Success
652e6242dc72556e8a3c9b10
Content-Length
16
track.php
ebookrs.ch/ 		0
558 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ebookrs.ch/track.php?click=be040c2a9818d4929be142d49a673c3cd7644887&domain=ebookrs.ch&uid=MTY5NzUzODYyNS44MzA5OjBiNWUwMDc2OTUyYzcyNDI0MWY1ZjQzZDJkYWY5ODc4MzVlZDAxYmFhZTNkZmQ0ZmJlZWQyZjZlN2Y3OTllMGM6NjUyZTYyNDFjYWRhOA%3D%3D&ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTEsYnVja2V0MDc3fHx8fHx8NjUyZTYyNDFjYWQ2Y3x8fDE2OTc1Mzg2MjYuMTUwNHwxOTMwMjI4ZDE0NTAzNDNmZjM2MmRhOTJmNGJjMzQ5ODcwYWE3NWE2fHx8fHwxfHwwfDB8fHx8MXx8fHx8MHwwfHx8fHx8fHx8fDB8MHx8MHx8fDB8MHxXMTA9fHwxfFcxMD18NzJkZTM1YjcyOWVhNGVkMjZhNzc4YzllMzRiZTI3YTRhMDJmMmNjN3wwfHwwfDB8&kw=&search=&pcat=&bucket=&clientID=&adtest=off
Requested by
Host: d38psrni17bvxu.cloudfront.net
URL: https://d38psrni17bvxu.cloudfront.net/scripts/js3.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.53.177.20 , Germany, ASN61969 (TEAMINTERNET-AS, DE),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

device-memory
8
Referer
https://www.google.ch/
dpr
1
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
viewport-width
1600

Response headers

Date
Tue, 17 Oct 2023 10:30:26 GMT
Content-Encoding
gzip
Accept-Ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Server
nginx
Vary
Accept-Encoding
Accept-Ch-Lifetime
30
Content-Type
text/html; charset=UTF-8
Access-Control-Allow-Origin
*
X-View-Match
true
Content-Length
20
85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d
amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c9fc4540-0a2e-11ed-af35-0a918cbcbb97
Requested by
Host: ebookrs.ch
URL: https://ebookrs.ch/
Protocol
HTTP/1.1
Server
3.94.15.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-15-8.compute-1.amazonaws.com
Software
kgfAhQFM /
Resource Hash
5d3446d4a6935e5f11028a0a6b43de218f052eb5b20dab9f2ce51a11d498f3a9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.ch/

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Tue, 17 Oct 2023 10:30:27 GMT
Server
kgfAhQFM
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
zclkredirect
amala-wav.com/ 		534 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://amala-wav.com/zclkredirect?visitid=2f73fb94-6cd8-11ee-bfcb-12c4a22a2067&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Requested by
Host: amala-wav.com
URL: http://amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c9fc4540-0a2e-11ed-af35-0a918cbcbb97
Protocol
HTTP/1.1
Server
3.94.15.8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-94-15-8.compute-1.amazonaws.com
Software
EtRxyrXn /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
http://amala-wav.com/zclkvisitor/2f73fb94-6cd8-11ee-bfcb-12c4a22a2067/85aefdc2-9ed0-48aa-922d-60f9f9fc0f2d?campaignid=c9fc4540-0a2e-11ed-af35-0a918cbcbb97
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.ch/

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Tue, 17 Oct 2023 10:30:27 GMT
Server
EtRxyrXn
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
Primary Request index.php
1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/
Redirect Chain
  • https://knezlt.xyz/run.php?cum=oe7lvm2c9bliq&c=0.017500&s1=lateritious-falcon&s2=whiskey-rom-1ozqje3mr7&s3=ebook%2Cebookers&s4=unknown&s5=NON-ADULT&s6=&s7=Chrome&s8=Windows&s9=
  • https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788q...
67 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Requested by
Host: amala-wav.com
URL: http://amala-wav.com/zclkredirect?visitid=2f73fb94-6cd8-11ee-bfcb-12c4a22a2067&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.65.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c64e5a7545deb5076ba11420a6c6b3e64b095c418acd9772ee57e66d8aa42c2

Request headers

Referer
http://amala-wav.com/zclkredirect?visitid=2f73fb94-6cd8-11ee-bfcb-12c4a22a2067&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language
de-CH,de;q=0.9
referer
https://www.google.ch/

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8177ddca8bfc2bb6-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 17 Oct 2023 10:30:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXlkog0QlX5VpNEjbrm5D4Ikqh7IC07GoAMl8VNfsqUhgicPUZ0DFgNa6Kkr%2F2earT6219ripH2ROibEiLUgsGt59iSQasXpzJrbihQ7olhpVM763YObMRssf%2BU5wuASC06t0jXF5%2F%2FNBLPBna%2BRMXA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 Oct 2023 10:30:27 GMT
Location
https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Server
nginx/1.20.1
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: 1d788qd3vwfg56o733.dkeie.co.in
URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.130.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 10:30:28 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
2300529
x-cache
HIT, HIT
content-length
30875
x-served-by
cache-lga21931-LGA, cache-mxp6972-MXP
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1697538629.726626,VS0,VE0
etag
W/"28feccc0-15d9d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
13, 689360
jBox.all.min.js
cdn.jsdelivr.net/gh/StephanWagner/jBox@v1.3.3/dist/ 		54 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/gh/StephanWagner/jBox@v1.3.3/dist/jBox.all.min.js
Requested by
Host: 1d788qd3vwfg56o733.dkeie.co.in
URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bcc1f34f46f7acd480e57791beff008a00ad85766f2b0d07076f82d571041874
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 10:30:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
2483917
x-jsd-version
1.3.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230061-FRA, cache-yyz4532-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"d763-3k9IIExUySw/kvIDnHJn5mghCss"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vn8FA5yV%2FzBF43TrPjMz3A2ViCaINT7u05DIK59XTu5dSxepJ%2FD8gEYAFue7e8iUEm0BX8juO3L5Bn7W8JiR%2F3OoqfLBFgU8MeXp0zO3AqhXsDc2nnqFUj7yD5c4pUd511c%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8177ddcd8dfe2397-ZRH
continue.css
1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/continue.css
Requested by
Host: 1d788qd3vwfg56o733.dkeie.co.in
URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.65.22 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a10daa18c35f605c114c246e437634fbb23203d59bf3f7c85cb1629b2706f37

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 10:30:28 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Wed, 11 May 2022 15:20:18 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"627bd432-8b3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvUv3J4IG0SCwIjcQc8nLs9Yrp4BbV2wtZR8nvHoaU28fykTq7nmB1uCd0JYvJL3LZOuxYh0Ppmk405ktdKKJhALXMQ9WP7vLMgTq%2Fb3BBvGJNdLghd%2FM5FLWrcVB%2BaKqlKcN1I%2BbqAj1zphf%2F%2BtlCU%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=43200
cf-ray
8177ddcb2cc12bb6-FRA
alt-svc
h3=":443"; ma=86400
expires
Tue, 17 Oct 2023 22:30:28 GMT
pushflowSDK.js
cdn.pushflow.net/scripts/current/sdk/ 		547 KB
186 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pushflow.net/scripts/current/sdk/pushflowSDK.js
Requested by
Host: 1d788qd3vwfg56o733.dkeie.co.in
URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.233.164 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36d10de82188f5db85332b1781524a5267adfb21dc99539932565e38e2d54937

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Tue, 17 Oct 2023 10:30:29 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 02 Oct 2023 07:01:11 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
age
13724
etag
W/"651a6ab7-88ca1"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SCzJy4auSLMeigh4xR7krZFC%2Fg4bdZLIkIRRMsXys%2B61gRA4B76oDsJmwjKs9CtYNeHGvAMaQoeIRoARmCh7NSY22VnowqzMUHreu7h0KMxTWfwaxA7w08FineIs56dcEip2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=86400
cf-ray
8177ddd0cf3b30f4-FRA
alt-svc
h3=":443"; ma=86400
truncated
/ 		31 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d082f651cc325a55b5fbde3f751ccdd855f255d1d240ece576928206654a2f93

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type
image/png
css2
fonts.googleapis.com/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.202 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f10.1e100.net
Software
ESF /
Resource Hash
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 17 Oct 2023 10:30:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 17 Oct 2023 09:08:06 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 17 Oct 2023 10:30:31 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.163 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f3.1e100.net
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.google.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Fri, 13 Oct 2023 00:18:29 GMT
x-content-type-options
nosniff
age
382322
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Fri, 20 Oct 2023 00:18:29 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f3.1e100.net
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.ch/
Origin
https://1d788qd3vwfg56o733.dkeie.co.in
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 16:12:51 GMT
x-content-type-options
nosniff
age
411461
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 11 Oct 2024 16:12:51 GMT

Verdicts & Comments Add Verdict or Comment

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| jBoxWrapper function| jBoxConfirmWrapper function| jBoxImageWrapper function| jBoxNoticeWrapper function| jBox function| getUrlParameter string| lddomain string| pbid number| tp string| lndnm string| tm1 string| tm2 string| tm3 string| tm4 string| offerUrl boolean| isLeftPage function| toOffer object| recaptchaModal string| recaptchaModal_content function| recaptcha object| PushflowSDK object| unscrollStore

2 Cookies

Domain/Path Name / Value
knezlt.xyz/ Name: uclick
Value: qd3vwfg56o
knezlt.xyz/ Name: uclickhash
Value: qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20

1 Console Messages

Source Level URL
Text
other error URL: https://1d788qd3vwfg56o733.dkeie.co.in/l2/chrs/index.php?lpkey=16fb9706530d891827&lddomain=dkeie.co.in&pbid=3419&t1=ALL&t2=chrs&t3=832&t4=lateritious-falcon&t5=whiskey-rom-1ozqje3mr7&clickid=1d788qd3vwfg56o733&language=de-CH&uclick=qd3vwfg56o&uclickhash=qd3vwfg56o-qd3vwfg56o-m7i4-usdz-h9qn-e2a0-b7qq-3b7d20
Message:
Chrome currently does not support the Push API in incognito mode (https://crbug.com/401439). There is deliberately no way to feature-detect this, since incognito mode needs to be undetectable by websites.