urlscan.io logo urlscan.io
SecurityTrails logo

amala-wav.com Open in urlscan Pro
52.200.240.59  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://1.rplnd63.com/
Effective URL: http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWidth=1600&browserHeigh...
Submission: On January 19 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 8 domains to perform 9 HTTP transactions. The main IP is 52.200.240.59, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is amala-wav.com. The Cisco Umbrella rank of the primary domain is 448184.
This is the only time amala-wav.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 64.225.91.73 14061 (DIGITALOC...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 4 64.190.63.136 47846 (SEDO-AS)
1 205.234.175.175 23352 (SERVERCEN...)
1 1 173.239.53.32 27257 (WEBAIR-IN...)
1 2 5.79.68.236 60781 (LEASEWEB-...)
2 52.200.240.59 14618 (AMAZON-AES)
1 1 23.88.66.44 ()
1 2 34.111.47.92 ()
9 7
1    64.225.91.73 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
1.rplnd63.com
1    2606:4700::6812:1b2d (United States)

ASN13335 (CLOUDFLARENET, US)
domaincntrol.com
4    64.190.63.136 (Germany)

ASN47846 (SEDO-AS, DE)
ww2.rplnd63.com
1    205.234.175.175 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: vip1.G-anycast1.cachefly.net
img.sedoparking.com
1    173.239.53.32 (United States)

ASN27257 (WEBAIR-INTERNET, US)
xml.sedodna.com
2    5.79.68.236 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
q1.quotes.com
2    52.200.240.59 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-240-59.compute-1.amazonaws.com
amala-wav.com
1    23.88.66.44 (None, )

ASN- ()
knezlt.xyz
2    34.111.47.92 (None, )

ASN- ()
totalav.com
www.totalav.com
Apex Domain
Subdomains		 Transfer
5 rplnd63.com
1.rplnd63.com
ww2.rplnd63.com
4 KB
2 totalav.com
totalav.com
www.totalav.com
155 B
2 amala-wav.com
amala-wav.com — Cisco Umbrella Rank: 448184
3 KB
2 quotes.com
q1.quotes.com — Cisco Umbrella Rank: 761934
704 B
1 knezlt.xyz
knezlt.xyz
528 B
1 sedodna.com
xml.sedodna.com — Cisco Umbrella Rank: 411554
159 B
1 sedoparking.com
img.sedoparking.com — Cisco Umbrella Rank: 56281
5 KB
1 domaincntrol.com
domaincntrol.com — Cisco Umbrella Rank: 274157
327 B
9 8
Domain Requested by
4 ww2.rplnd63.com 2 redirects 1.rplnd63.com
ww2.rplnd63.com
2 amala-wav.com amala-wav.com
2 q1.quotes.com 1 redirects ww2.rplnd63.com
1 www.totalav.com amala-wav.com
1 totalav.com 1 redirects
1 knezlt.xyz 1 redirects
1 xml.sedodna.com 1 redirects
1 img.sedoparking.com ww2.rplnd63.com
1 domaincntrol.com 1.rplnd63.com
1 1.rplnd63.com
9 10

This site contains no links.

Subject Issuer Validity Valid
rplnd63.com
R3		 2024-01-19 -
2024-04-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-03-01 -
2024-02-28		 a year crt.sh
*.totalav.com
Sectigo RSA Domain Validation Secure Server CA		 2023-11-28 -
2024-12-28		 a year crt.sh

This page contains 1 frames:

Frame: https://www.totalav.com/
Frame ID: A142103FB03FF95258763031D9004585
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://1.rplnd63.com/ Page URL
  2. http://ww2.rplnd63.com/ Page URL
  3. http://ww2.rplnd63.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs... HTTP 302
    http://ww2.rplnd63.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs... HTTP 302
    http://xml.sedodna.com/click?i=BvX4cCQanNs_0 HTTP 302
    http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d Page URL
  4. http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d?hr=1 HTTP 302
    http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51e... Page URL
  5. http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWid... Page URL

Page Statistics

9
Requests

33 %
HTTPS

11 %
IPv6

8
Domains

10
Subdomains

7
IPs

3
Countries

12 kB
Transfer

9 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://1.rplnd63.com/ Page URL
  2. http://ww2.rplnd63.com/ Page URL
  3. http://ww2.rplnd63.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0Mjc0Ngl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzUxOC44MzczMjk5OAkxNzA1NzAzOTMxCWFkXzYzXzA%3D&l=OAk4ZjI2ZDIxM2ZkODVmM2JhOGY5ZjcyMDgzNTU2YTdlMwkwCTEzCTAJMWE4MjA3NmE1NTBiZGNkNjZmNWYxMzE5OThhNDc3YzAJNTM0NzgwNDgxCXJwbG5kNjMJMAk2Mwk1CTU5CTE3MDU3MDM5MzEJMC4wMDIyOTYJTgkwCTEJMTgwNQkxMjA1CTUyMjY4MDM4OAkyMDYuNjYuOTYuODIJMA%253D%253D HTTP 302
    http://ww2.rplnd63.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0Mjc0Ngl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzUxOC44MzczMjk5OAkxNzA1NzAzOTMxCWFkXzYzXzA%3D&l=OAk4ZjI2ZDIxM2ZkODVmM2JhOGY5ZjcyMDgzNTU2YTdlMwkwCTEzCTAJMWE4MjA3NmE1NTBiZGNkNjZmNWYxMzE5OThhNDc3YzAJNTM0NzgwNDgxCXJwbG5kNjMJMAk2Mwk1CTU5CTE3MDU3MDM5MzEJMC4wMDIyOTYJTgkwCTEJMTgwNQkxMjA1CTUyMjY4MDM4OAkyMDYuNjYuOTYuODIJMA%253D%253D HTTP 302
    http://xml.sedodna.com/click?i=BvX4cCQanNs_0 HTTP 302
    http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d Page URL
  4. http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d?hr=1 HTTP 302
    http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7 Page URL
  5. http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&usingEventListener=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5
  • http://ww2.rplnd63.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0Mjc0Ngl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzUxOC44MzczMjk5OAkxNzA1NzAzOTMxCWFkXzYzXzA%3D&l=OAk4ZjI2ZDIxM2ZkODVmM2JhOGY5ZjcyMDgzNTU2YTdlMwkwCTEzCTAJMWE4MjA3NmE1NTBiZGNkNjZmNWYxMzE5OThhNDc3YzAJNTM0NzgwNDgxCXJwbG5kNjMJMAk2Mwk1CTU5CTE3MDU3MDM5MzEJMC4wMDIyOTYJTgkwCTEJMTgwNQkxMjA1CTUyMjY4MDM4OAkyMDYuNjYuOTYuODIJMA%253D%253D HTTP 302
  • http://ww2.rplnd63.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0Mjc0Ngl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzUxOC44MzczMjk5OAkxNzA1NzAzOTMxCWFkXzYzXzA%3D&l=OAk4ZjI2ZDIxM2ZkODVmM2JhOGY5ZjcyMDgzNTU2YTdlMwkwCTEzCTAJMWE4MjA3NmE1NTBiZGNkNjZmNWYxMzE5OThhNDc3YzAJNTM0NzgwNDgxCXJwbG5kNjMJMAk2Mwk1CTU5CTE3MDU3MDM5MzEJMC4wMDIyOTYJTgkwCTEJMTgwNQkxMjA1CTUyMjY4MDM4OAkyMDYuNjYuOTYuODIJMA%253D%253D HTTP 302
  • http://xml.sedodna.com/click?i=BvX4cCQanNs_0 HTTP 302
  • http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d
Request Chain 6
  • http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d?hr=1 HTTP 302
  • http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
Request Chain 7
  • https://knezlt.xyz/run.php?cum=uu1xwm8codwjd&ext=zr840eb363b71b11ee866412f322c13df1fab41a353cf74af4b2bb9ecbebdee11c079342a78300150984&c=0.138500&s1=badious-buzzard&s2=yankee-sob-1lmyqej63x&s3=rplnd63%2Crplnd63.com&s4=unknown&s5=NON-ADULT&s6=&s7=Chrome&s8=Windows&s9=0&s10= HTTP 302
  • https://totalav.com/ HTTP 307
  • https://www.totalav.com/

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
1.rplnd63.com/ 		593 B
606 B 		Document
General
Check archive.org
Download Go to
Full URL
https://1.rplnd63.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
64.225.91.73 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 19 Jan 2024 22:38:49 GMT
ETag
W/"63f68860-251"
Last-Modified
Wed, 22 Feb 2023 21:25:52 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked
/
domaincntrol.com/ 		24 B
327 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://domaincntrol.com/?orighost=https://1.rplnd63.com/
Requested by
Host: 1.rplnd63.com
URL: https://1.rplnd63.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1b2d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
https://1.rplnd63.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x_details
{"destination":"sedo","orighost":"rplnd63.com","type":"org","finalurl":"http://ww2.rplnd63.com","browser":"chrome","os":"windows","country":"US","device":"desktop","isbot":false,"botscore":99}
date
Fri, 19 Jan 2024 22:38:49 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cf-ray
848291f61c14c341-EWR
content-length
24
/
ww2.rplnd63.com/ 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww2.rplnd63.com/
Requested by
Host: 1.rplnd63.com
URL: https://1.rplnd63.com/
Protocol
HTTP/1.1
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS, DE),
Reverse DNS
Software
NginX / PHP/8.1.17
Resource Hash
cd4a44ac4eb3c99e7e1fef753aa1dbb2dbebe6fec341af1484234d75abb1cbf0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 22:38:51 GMT
expires
Mon, 26 Jul 1997 05:00:00 GMT
last-modified
Fri, 19 Jan 2024 22:38:49 GMT
pragma
no-cache
server
NginX
transfer-encoding
chunked
vary
Accept-Encoding
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_d/pqke05Ef9CwRtZhYy+9p+SbM/d334cIQO/INkCrGNAcUymX2Rp5O/KduefHoTa2UDyrrPc7nkm2lLz8gv86g==
x-cache-miss-from
parking-6bdf4777f8-qhzl9
x-powered-by
PHP/8.1.17
js_preloader.gif
img.sedoparking.com/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://img.sedoparking.com/images/js_preloader.gif
Requested by
Host: ww2.rplnd63.com
URL: http://ww2.rplnd63.com/
Protocol
HTTP/1.1
Server
205.234.175.175 , United States, ASN23352 (SERVERCENTRAL, US),
Reverse DNS
vip1.G-anycast1.cachefly.net
Software
CFS 0215 /
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww2.rplnd63.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Fri, 19 Jan 2024 22:38:51 GMT
x-cf-tsc
1697893914
X-CF3
H
CF4ttl
31536000.000
X-CF1
11696:fD.ewr1:cf:cacheN.ewr1-01:H
X-CF-ReqID
fa00b6c7c4e7b845ecbf12feddecb2ce
Connection
keep-alive
Content-Length
4254
X-CF2
H
Last-Modified
Fri, 15 Mar 2019 12:24:07 GMT
Server
CFS 0215
X-CFF
B
Content-Type
image/gif
Access-Control-Allow-Origin
*
X-CFHash
"90c93102a88c2ab94bff1575b7a6e86e"
Cache-Control
max-age=604800
CF4Age
0
Accept-Ranges
bytes
Expires
Fri, 26 Jan 2024 22:38:51 GMT
tsc.php
ww2.rplnd63.com/search/ 		0
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
http://ww2.rplnd63.com/search/tsc.php?200=NTM0NzgwNDgx&21=MjA2LjY2Ljk2Ljgy&681=MTcwNTcwMzkzMTFlZGI3NDc3YTVmYmVhNjc0ZDQ5MWZkNTUzODM4YjVk&crc=fe249db35f6c63ca22efdc850946a20932540266&cv=1
Requested by
Host: ww2.rplnd63.com
URL: http://ww2.rplnd63.com/
Protocol
HTTP/1.1
Server
64.190.63.136 , Germany, ASN47846 (SEDO-AS, DE),
Reverse DNS
Software
NginX / PHP/8.1.17
Resource Hash

Request headers

accept-language
en-US,en;q=0.9
Referer
http://ww2.rplnd63.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 19 Jan 2024 22:38:51 GMT
x-cache-miss-from
parking-6bdf4777f8-qhzl9
server
NginX
x-powered-by
PHP/8.1.17
content-length
0
content-type
text/html; charset=UTF-8
83fde738-b71b-11ee-8869-8666f634c93d
q1.quotes.com/
Redirect Chain
  • http://ww2.rplnd63.com/search/redirect.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0M...
  • http://ww2.rplnd63.com/search/tcerider.php?f=http%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DBvX4cCQanNs_0&v=YjAzMjAwZmJhMTFiMmVkZjFlMTEwZGQ3ZGUxZDgyM2MJMQl3dzIucnBsbmQ2My5jb202NWFhZjlmOWVkMzBjNC44MDk0M...
  • http://xml.sedodna.com/click?i=BvX4cCQanNs_0
  • http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d
170 B
373 B 		Document
General
Check archive.org
Download Go to
Full URL
http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d
Requested by
Host: ww2.rplnd63.com
URL: http://ww2.rplnd63.com/
Protocol
HTTP/1.1
Server
5.79.68.236 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
http://ww2.rplnd63.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
170
content-type
text/html; charset=utf-8
date
Fri, 19 Jan 2024 22:38:51 GMT
server
nginx

Redirect headers

Cache-Control
no-store
Connection
keep-alive
Content-Length
0
Location
http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d
72092e88-2c53-401c-b988-51ef43ce1034
amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/
Redirect Chain
  • http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d?hr=1
  • http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
Protocol
HTTP/1.1
Server
52.200.240.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-240-59.compute-1.amazonaws.com
Software
CYNtacTH /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
http://q1.quotes.com/83fde738-b71b-11ee-8869-8666f634c93d
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Fri, 19 Jan 2024 22:38:52 GMT
Server
CYNtacTH
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

cache-control
max-age=0, private, must-revalidate
connection
close
content-length
11
date
Fri, 19 Jan 2024 22:38:51 GMT
location
http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
server
nginx
Primary Request zclkredirect
amala-wav.com/ 		726 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&usingEventListener=true
Requested by
Host: amala-wav.com
URL: http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
Protocol
HTTP/1.1
Server
52.200.240.59 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-200-240-59.compute-1.amazonaws.com
Software
vHqOJGzD /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
http://amala-wav.com/zclkvisitor/840eb363-b71b-11ee-8664-12f322c13df1/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=2973d4f0-a38c-11ee-857f-123f4a2b6bb7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Access-Control-Allow-Methods
GET,POST,OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, pre-check=0, post-check=0
Connection
keep-alive
Content-Type
text/html;charset=UTF-8
Date
Fri, 19 Jan 2024 22:38:52 GMT
Server
vHqOJGzD
Transfer-Encoding
chunked
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline'
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
redirected
JS
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
/
www.totalav.com/
Redirect Chain
  • https://knezlt.xyz/run.php?cum=uu1xwm8codwjd&ext=zr840eb363b71b11ee866412f322c13df1fab41a353cf74af4b2bb9ecbebdee11c079342a78300150984&c=0.138500&s1=badious-buzzard&s2=yankee-sob-1lmyqej63x&s3=rplnd...
  • https://totalav.com/
  • https://www.totalav.com/
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.totalav.com/
Requested by
Host: amala-wav.com
URL: http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&usingEventListener=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.47.92 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalav.com https://award.totalav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalav.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalav.com http://url.totalav.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalav.com https://www.google.com/; connect-src 'self' https://my.totalav.com https://ajax.totalav.com https://login.totalav.com https://signup.totalav.com https://my.totalav.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalav.com; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://amala-wav.com/zclkredirect?visitid=840eb363-b71b-11ee-8664-12f322c13df1&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected=false&usingEventListener=true
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, private
content-encoding
gzip
content-security-policy
default-src 'self'; media-src 'self' 'unsafe-inline' https://chat.fortifi.io/ https://bat.bing.com/ https://player.vimeo.com/ https://vod-progressive.akamaized.net/; img-src 'self' 'unsafe-inline' https://i.ytimg.com/ https://chat.fortifi.io/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://bat.bing.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.facebook.com/ https://connect.facebook.net/ data: https://storage.googleapis.com/ https://haveibeenpwned.com/ https://resources.totalav.com/ https://assets.totalav.com/ https://logs-01.loggly.com/ https://stats.totalav.com https://award.totalav.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://chat.fortifi.io/; font-src 'self' https://fonts.gstatic.com https://chat.fortifi.io/; script-src 'self' 'unsafe-inline' https://stats.totalav.com https://googletagmanager.com/ https://googleadservices.com/ https://www.googletagmanager.com/ https://www.googleadservices.com/ https://googleads.g.doubleclick.net/ https://bat.bing.com/ https://www.google.com/ https://www.google.co.uk/ https://www.google.pl/ https://widget.trustpilot.com/ https://chat.fortifi.io/ https://cfgchat.fortifi.io/ https://www.facebook.com/ https://connect.facebook.net/ https://url.totalav.com http://url.totalav.com/px/init/fortifi.js https://www.gstatic.com/ https://utt.impactcdn.com; frame-src 'self' blob: https://chat.fortifi.io/ https://player.vimeo.com https://www.youtube.com/ https://www.facebook.com/ https://widget.trustpilot.com/ https://vod-progressive.akamaized.net/ https://my.totalav.com https://www.google.com/; connect-src 'self' https://my.totalav.com https://ajax.totalav.com https://login.totalav.com https://signup.totalav.com https://my.totalav.com https://bat.bing.com/ wss://chat.fortifi.io/ https://stats.totalav.com; frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 22:38:53 GMT
feature-policy
accelerometer 'none';camera 'none';geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';payment 'none';usb 'none'
referrer-policy
strict-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, private
content-type
text/html; charset=UTF-8
date
Fri, 19 Jan 2024 22:38:53 GMT
location
https://www.totalav.com/
server
nginx
via
1.1 google

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies