Submitted URL: http://ambanioffers.online/
Effective URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Submission: On March 16 via api from IN — Scanned from DE

Summary

This website contacted 12 IPs in 4 countries across 14 domains to perform 35 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is kingadblocker.com.
TLS certificate: Issued by E1 on February 29th 2024. Valid for: 3 months.
This is the only time kingadblocker.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 9 2a02:4780:11:... 47583 (AS-HOSTINGER)
1 139.45.197.252 9002 (RETN-AS)
3 139.45.197.250 9002 (RETN-AS)
9 139.45.197.251 9002 (RETN-AS)
3 139.45.195.8 9002 (RETN-AS)
1 3 139.45.197.244 9002 (RETN-AS)
1 37.48.68.71 60781 (LEASEWEB-...)
1 23.219.78.204 20940 (AKAMAI-ASN1)
3 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
35 12
Apex Domain
Subdomains
Transfer
9 jouteetu.net
jouteetu.net — Cisco Umbrella Rank: 35620
9 ambanioffers.online
ambanioffers.online
35 KB
3 inrotomr.com
inrotomr.com — Cisco Umbrella Rank: 664873
16 KB
3 rtmark.net
my.rtmark.net — Cisco Umbrella Rank: 14304
2 KB
3 beevakum.net
beevakum.net — Cisco Umbrella Rank: 243683
15 KB
2 kingadblock.com
kingadblock.com
5 KB
1 tururu.info
tururu.info
1 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 346
29 KB
1 kingadblocker.com
kingadblocker.com
3 KB
1 ocoaksib.com
ak.ocoaksib.com — Cisco Umbrella Rank: 157174
2 KB
1 datatechone.com
datatechone.com — Cisco Umbrella Rank: 41356
465 B
1 desenteir.com
desenteir.com — Cisco Umbrella Rank: 719046
0 Failed
function sub() { [native code] }. Failed
0 tdsjsext3.com Failed
tdsjsext3.com Failed
35 14
Domain Requested by
9 jouteetu.net beevakum.net
9 ambanioffers.online 1 redirects beevakum.net
ambanioffers.online
3 inrotomr.com 1 redirects ambanioffers.online
inrotomr.com
3 my.rtmark.net beevakum.net
inrotomr.com
ak.ocoaksib.com
3 beevakum.net ambanioffers.online
beevakum.net
2 kingadblock.com kingadblocker.com
1 tururu.info kingadblocker.com
1 cdn.jsdelivr.net kingadblocker.com
1 kingadblocker.com ak.ocoaksib.com
1 ak.ocoaksib.com
1 datatechone.com inrotomr.com
1 desenteir.com ambanioffers.online
0 flcjnflecolckmhfcmhhkichjhajjnlb Failed kingadblocker.com
0 tdsjsext3.com Failed ambanioffers.online
35 14

This site contains links to these domains. Also see Links.

Domain
kingadblock.com
Subject Issuer Validity Valid
ambanioffers.online
R3
2024-03-16 -
2024-06-14
3 months crt.sh
desenteir.com
R3
2024-02-11 -
2024-05-11
3 months crt.sh
beevakum.net
R3
2024-03-13 -
2024-06-11
3 months crt.sh
jouteetu.net
R3
2024-03-13 -
2024-06-11
3 months crt.sh
rtmark.net
R3
2024-03-02 -
2024-05-31
3 months crt.sh
inrotomr.com
R3
2024-03-01 -
2024-05-30
3 months crt.sh
datatechone.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-10 -
2024-12-23
a year crt.sh
ak.hetaruwg.com
R3
2024-03-13 -
2024-06-11
3 months crt.sh
kingadblocker.com
E1
2024-02-29 -
2024-05-29
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-02 -
2024-05-01
a year crt.sh
kingadblock.com
GTS CA 1P5
2024-02-11 -
2024-05-11
3 months crt.sh
tururu.info
GTS CA 1P5
2024-01-18 -
2024-04-17
3 months crt.sh

This page contains 3 frames:

Primary Page: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Frame ID: CFD790C36C4812EEB5CF22D2DEF6E5A5
Requests: 33 HTTP requests in this frame

Frame: https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjpa3mkS14z&r=pa&cid=792803712455418566&z=6118780&v=13&dr=&inw=1600&inh=1200
Frame ID: 67B780B56DC3FC6CCDF5574B1426D75E
Requests: 1 HTTP requests in this frame

Frame: https://kingadblock.com/clear.php
Frame ID: 1DA86E4377613DF4BAB020F5C8A66E7B
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Up - Ad Blocker

Page URL History Show full URLs

  1. http://ambanioffers.online/ HTTP 301
    https://ambanioffers.online/ Page URL
  2. https://inrotomr.com/4/6903777 Page URL
  3. https://inrotomr.com/?z=6903777&syncedCookie=true&rhd=false HTTP 302
    https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60 Page URL
  4. https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

35
Requests

94 %
HTTPS

36 %
IPv6

14
Domains

14
Subdomains

12
IPs

4
Countries

106 kB
Transfer

350 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://ambanioffers.online/ HTTP 301
    https://ambanioffers.online/ Page URL
  2. https://inrotomr.com/4/6903777 Page URL
  3. https://inrotomr.com/?z=6903777&syncedCookie=true&rhd=false HTTP 302
    https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60 Page URL
  4. https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://ambanioffers.online/ HTTP 301
  • https://ambanioffers.online/
Request Chain 27
  • https://inrotomr.com/?z=6903777&syncedCookie=true&rhd=false HTTP 302
  • https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60

35 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
ambanioffers.online/
Redirect Chain
  • http://ambanioffers.online/
  • https://ambanioffers.online/
64 KB
21 KB
Document
General
Full URL
https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed / PHP/8.1.27
Resource Hash
f5bc70d7014dde2e59dcb85ac69c814511bdb38f9cbb2a76c2541124423e97d5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
20814
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sat, 16 Mar 2024 09:50:52 GMT
platform
hostinger
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/8.1.27

Redirect headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
content-length
707
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Sat, 16 Mar 2024 09:50:51 GMT
location
https://ambanioffers.online/
platform
hostinger
server
LiteSpeed
reverse.min.js
desenteir.com/tb1/
0
0
Script
General
Full URL
https://desenteir.com/tb1/reverse.min.js?sf=1
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.252 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ambanioffers.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

micro.tag.min.js
beevakum.net/pfe/current/
35 KB
14 KB
Script
General
Full URL
https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
ac659687f647d5e86d31f6d9e4be3cd6a5534d01532d1310e8ced114919e0afb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ambanioffers.online/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Mar 2024 09:50:52 GMT
content-encoding
gzip
last-modified
Tue, 12 Mar 2024 08:40:28 GMT
server
nginx
etag
W/"65f014fc-8a1a"
content-type
application/javascript
cache-control
no-cache
access-control-allow-credentials
true
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

sw-check-permissions-07c73.js
ambanioffers.online/
0
0
Other
General
Full URL
https://ambanioffers.online/sw-check-permissions-07c73.js?zoneId=6903771
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-encoding
br
content-security-policy
upgrade-insecure-requests
last-modified
Fri, 04 Feb 2022 00:13:11 GMT
server
LiteSpeed
etag
"999-61fc6f97-647700370505972e;br"
vary
Accept-Encoding
content-type
text/html
accept-ranges
bytes
platform
hostinger
content-length
912
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

zone
beevakum.net/
0
260 B
Ping
General
Full URL
https://beevakum.net/zone?&pub=0&zone_id=6903771&is_mobile=false&domain=ambanioffers.online&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=6237daab-8d64-4d59-b58b-bbd4644a60c6&action=prerequest&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-trace-id
9d9745c3b0ca0349d5fb72870c37260f
date
Sat, 16 Mar 2024 09:50:52 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-origin
https://ambanioffers.online
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
0
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

gid.js
my.rtmark.net/
65 B
546 B
Fetch
General
Full URL
https://my.rtmark.net/gid.js?pub=0&userId=&zoneId=6903771&checkDuplicate=true&ymid=&var=
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
b408c7cce4fb831f68e2e7ad292a5b4f5d6cc79cc441ef8bc6b72517a0d35595
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ambanioffers.online
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
65
custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

zone
beevakum.net/
803 B
1 KB
Fetch
General
Full URL
https://beevakum.net/zone?&pub=0&zone_id=6903771&is_mobile=false&domain=ambanioffers.online&var=&ymid=&var_3=&var_4=&dsig=&tg=1&sw=3.1.496&trace_id=6237daab-8d64-4d59-b58b-bbd4644a60c6&action=settings&ch=eyJhcmNoaXRlY3R1cmUiOiIiLCJiaXRuZXNzIjoiIiwiYnJhbmRzIjpbXSwiZnVsbFZlcnNpb25MaXN0IjpbXSwibW9iaWxlIjpmYWxzZSwibW9kZWwiOiIiLCJwbGF0Zm9ybSI6IiIsInBsYXRmb3JtVmVyc2lvbiI6IiIsIndvdzY0IjpmYWxzZX0=
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.250 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
86e3f73481ad46c4a45700d7748de3d3f91905c704bb6bee706a0751cd70aa7a
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-trace-id
ebc39aee48d62e4eebd20b29b4f60c01
date
Sat, 16 Mar 2024 09:50:52 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
content-type
application/json; charset=utf-8
access-control-allow-origin
https://ambanioffers.online
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, X-Oaid, Content-Type, Accept
content-length
803
mivscsk.jpg
ambanioffers.online/img/
922 B
0
Image
General
Full URL
https://ambanioffers.online/img/mivscsk.jpg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 07:45:06 GMT
server
LiteSpeed
etag
"26976-65f54e02-730132e6f172de39;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
158070
expires
Sat, 23 Mar 2024 09:50:52 GMT
ny1.jpg
ambanioffers.online/img/b/R29vZ2xl/
6 KB
6 KB
Image
General
Full URL
https://ambanioffers.online/img/b/R29vZ2xl/ny1.jpg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 06:15:50 GMT
server
LiteSpeed
etag
"191d-65f53916-e94810306b6ba1af;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
6429
expires
Sat, 23 Mar 2024 09:50:52 GMT
uT2As9Sb.jpg
ambanioffers.online/img/b/R29vZ2xl/
0
0
Image
General
Full URL
https://ambanioffers.online/img/b/R29vZ2xl/uT2As9Sb.jpg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 06:15:50 GMT
server
LiteSpeed
etag
"15c9-65f53916-4d4c707aa4467909;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
5577
expires
Sat, 23 Mar 2024 09:50:52 GMT
nc13hrwb.jpg
ambanioffers.online/img/b/R29vZ2xl/
0
0
Image
General
Full URL
https://ambanioffers.online/img/b/R29vZ2xl/nc13hrwb.jpg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 06:15:50 GMT
server
LiteSpeed
etag
"164f-65f53916-44655f10057136c1;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
5711
expires
Sat, 23 Mar 2024 09:50:52 GMT
IMG_20230518_082156.jpg
ambanioffers.online/img/b/R29vZ2xl/
3 KB
3 KB
Image
General
Full URL
https://ambanioffers.online/img/b/R29vZ2xl/IMG_20230518_082156.jpg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 06:15:50 GMT
server
LiteSpeed
etag
"cc6-65f53916-ef6e5bc13070466f;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
3270
expires
Sat, 23 Mar 2024 09:50:52 GMT
images%20%287%29.jpeg
ambanioffers.online/img/b/R29vZ2xl/
4 KB
4 KB
Image
General
Full URL
https://ambanioffers.online/img/b/R29vZ2xl/images%20%287%29.jpeg
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:11:785:0:2ff5:6ad3:8 Mumbai, India, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:52 GMT
content-security-policy
upgrade-insecure-requests
last-modified
Sat, 16 Mar 2024 06:15:50 GMT
server
LiteSpeed
etag
"10b9-65f53916-67baebf4bec6a0b1;;;"
content-type
image/jpeg
cache-control
public, max-age=604800
accept-ranges
bytes
platform
hostinger
content-length
4281
expires
Sat, 23 Mar 2024 09:50:52 GMT
getextparams
tdsjsext3.com/ExtService.svc/
0
0

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

custom
jouteetu.net/
0
0
Ping
General
Full URL
https://jouteetu.net/custom
Requested by
Host: beevakum.net
URL: https://beevakum.net/pfe/current/micro.tag.min.js?z=6903771&sw=/sw-check-permissions-07c73.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
139.45.197.251 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

6903777
inrotomr.com/4/
33 KB
14 KB
Document
General
Full URL
https://inrotomr.com/4/6903777
Requested by
Host: ambanioffers.online
URL: https://ambanioffers.online/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
f82cb0dc44ea988256e1c996785211da06e6b1d49ef855936df57c4733bd5507

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0 no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-type
text/html; charset=utf8
date
Sat, 16 Mar 2024 09:50:52 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT Mon, 26 Jul 1997 05:00:00 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
pragma
no-cache no-cache
server
nginx
timing-allow-origin
*
x-trace-id
0a540a732fe34be5a62da60f0596d990
sftouch
inrotomr.com/
2 B
608 B
Ping
General
Full URL
https://inrotomr.com/sftouch?userId=00802103718b44d3e31e7a95dd12c789&z=6903777&p_rid=fe376fdf-626a-4f02-b7c5-f4d0ac551deb&p_src=sf&branchId=400701&rb=xScfD_mmeLfSfXM8MOVoMR8YstHBFZcTJHeAtWkpyoyEgpYUlxpDkyjh_z_qxIlikhpWglAsp4O2qyuAp2FQimIIhcx-MmcPQCYmtMuxo2XH3435Xcs-skTjle7vVv18G5RpWKtcxa8tCMG89_S7pzbcHCjWSATRIM-cLnKlLh_vxNLxIjOAgJChOsXb1y4pi8ewRa0eS2m0TyQtqtl24019UcnZMJ6F9-03LrzYUPmHFJXt4wxcKTkDwQAWFQ6ma7-XAPFju5YV1lAbYIZXb1DdqfJ0NI4E1S6MBHu5FaMkIElAzeVTFA==
Requested by
Host: inrotomr.com
URL: https://inrotomr.com/4/6903777
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.197.244 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://inrotomr.com/4/6903777
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:53 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
content-length
2
x-trace-id
9fedf6bf8d7c1b7bf302b11e33f6082e
pragma
no-cache
server
nginx
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/plain
access-control-allow-origin
https://inrotomr.com
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
expires
Tue, 11 Jan 1994 10:00:00 GMT
img.gif
my.rtmark.net/
43 B
490 B
Image
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=00802103718b44d3e31e7a95dd12c789&z=6903777&p_rid=fe376fdf-626a-4f02-b7c5-f4d0ac551deb&p_src=sf
Requested by
Host: inrotomr.com
URL: https://inrotomr.com/4/6903777
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://inrotomr.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:53 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
*
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
add
datatechone.com/log/
2 B
465 B
XHR
General
Full URL
https://datatechone.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=fe376fdf-626a-4f02-b7c5-f4d0ac551deb
Requested by
Host: inrotomr.com
URL: https://inrotomr.com/4/6903777
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.48.68.71 Amsterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
Software
nginx/1.19.10 /
Resource Hash

Request headers

Referer
https://inrotomr.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 16 Mar 2024 09:50:53 GMT
Server
nginx/1.19.10
Access-Control-Allow-Methods
POST, GET, OPTIONS, PUT, DELETE
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://inrotomr.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Content-Length
2
/
ak.ocoaksib.com/4/6118780/
Redirect Chain
  • https://inrotomr.com/?z=6903777&syncedCookie=true&rhd=false
  • https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60
1 KB
2 KB
Document
General
Full URL
https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.219.78.204 Seattle, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-219-78-204.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://inrotomr.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace Accept, Content-Type, Content-Length, Accept-Encoding, favicon
access-control-allow-methods
GET, POST, OPTIONS POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
* *
access-control-max-age
86400
cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
content-length
659
content-type
text/html; charset=utf8
date
Sat, 16 Mar 2024 09:50:54 GMT
expires
Sat, 16 Mar 2024 09:50:54 GMT
link
<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch" <https://kingadblocker.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
pragma
no-cache
timing-allow-origin
*
vary
Accept-Encoding
x-trace-id
60d04b49bd409b58df36da6cde1b35b4

Redirect headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://inrotomr.com
access-control-max-age
86400
cache-control
no-transform, no-store, no-cache, must-revalidate, max-age=0
content-length
0
date
Sat, 16 Mar 2024 09:50:53 GMT
expires
Tue, 11 Jan 1994 10:00:00 GMT
link
<https://ak.ocoaksib.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
location
https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60
pragma
no-cache
referrer-policy
no-referrer
server
nginx
strict-transport-security
max-age=1
timing-allow-origin
* *
x-content-type-options
nosniff
x-trace-id
691f30367f5adc0b92294e143fe5c999
img.gif
my.rtmark.net/
43 B
506 B
Ping
General
Full URL
https://my.rtmark.net/img.gif?f=merge&userId=008021ea7ad44f0fe420ab60947fa823
Requested by
Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=1
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:54 GMT
strict-transport-security
max-age=1
x-content-type-options
nosniff
server
nginx
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
content-type
image/gif
access-control-allow-origin
https://ak.ocoaksib.com
access-control-expose-headers
Authorization
access-control-allow-credentials
true
timing-allow-origin
*, *
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length
43
Primary Request extension.php
kingadblocker.com/
8 KB
3 KB
Document
General
Full URL
https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Requested by
Host: ak.ocoaksib.com
URL: https://ak.ocoaksib.com/4/6118780/?var=6903777&btz=Europe/Berlin&bto=-60
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f62f747318a5e8d46d99f8a73d7bae6f06ce4e78beba5ff15acdf7563025613

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8653d7755a5837f1-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 16 Mar 2024 09:50:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ciKj8MmavfdNdNi6Ki0OrnluLOGEudP77nr6wyzK0kd0HYQLUwzW2e4EkjMvt3QdziZCwiLIE1L2zddQ4Z1cCsf%2B%2BMTZAS2aTfXzfuDELedgfiqw9qU%2BU%2FfOuYamSxDHBZnRMq1iqUcx%2BJSVo%2Fyo3A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/
190 KB
29 KB
Stylesheet
General
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kingadblocker.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
238677
x-jsd-version
5.2.3
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230122-FRA, cache-lga21962-LGA
x-jsd-version-type
version
server
cloudflare
etag
W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gHgk7te%2F2daAFk9cAejcJRlEEGqYT6f0Rgmel5p92EZMWN4enfV3CMP%2BVeIKQZp5zAGr7ZHKA%2BJWy%2B59yO2ZpLX7guCapdJzd0ZNuvlaCr56qEDlsRjVp9WmrpSbjpg4cm%2BPqq3DLZaL%2B%2FriZ0E%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
8653d7768afe381b-FRA
icon.png
kingadblock.com/images/
4 KB
5 KB
Image
General
Full URL
https://kingadblock.com/images/icon.png
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
091483d5419eb9e98f0edd49563409fad2eb24f1d10bc161b9716e0f0ee86b35

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://kingadblocker.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sat, 16 Mar 2024 09:50:54 GMT
cf-cache-status
DYNAMIC
last-modified
Wed, 16 Aug 2023 09:40:57 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"64dc99a9-1121"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zm625v1lfM4xksTFIUQpUMR4YT%2FMwGRuMDGGRJBfp6eBSH%2FlmY%2FFKmjEsRu3ORQ6uJWITDMRS84Z0fKjZtu97WCsEdTu2%2FG0qUjxh6dRdCcLjNIaLx27yHG9MVILScj2%2F9%2FJXIV6cEN8wn%2BFF0s%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
accept-ranges
bytes
cf-ray
8653d776a834bbcb-FRA
alt-svc
h3=":443"; ma=86400
content-length
4385
icon.png
flcjnflecolckmhfcmhhkichjhajjnlb/
0
0

a.php
tururu.info/ Frame 67B7
96 B
1 KB
Document
General
Full URL
https://tururu.info/a.php?id=0083&e=VPGCNBK0FG&c=cjpa3mkS14z&r=pa&cid=792803712455418566&z=6118780&v=13&dr=&inw=1600&inh=1200
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:3b73 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d5f7d977f9b96d4f7abe30653ea52b3406938d5175ebb743bf839beab7f59f6

Request headers

Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8653d7773b8e3600-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 16 Mar 2024 09:50:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6hlsr7x8W98WBLtxIayMov%2B568oUcqNFZWClFgU6PHXFVuN5NQWBWdC%2BTD3qh7djgLz7mnPuPyih8pX1xiV9tn8IF%2BvbK8FbSECCgLTFZj8UANbyy3wSTYncz2s1a0GVfi%2F%2FmIj%2FNnNn6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
clear.php
kingadblock.com/ Frame 1DA8
0
398 B
Document
General
Full URL
https://kingadblock.com/clear.php
Requested by
Host: kingadblocker.com
URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://kingadblocker.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8653d776d85ebbcb-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 16 Mar 2024 09:50:54 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ol3%2BksHJUvLZFwBxMnFSUzIvdmn9PRR9u9gRyjvgtCVWQJKIMi6alNAzel0dVav59QlrFsgOuPHUjNDGcI9lazLLjsJ4HcsWtV9SrXY1GsRgWUKX%2FBIoON2i7LSDtCJcvYU8TWr89YMKpb41KTQ%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
tdsjsext3.com
URL
https://tdsjsext3.com/ExtService.svc/getextparams
Domain
flcjnflecolckmhfcmhhkichjhajjnlb
URL
chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| req_existing_user object| landing_iframe function| openNewWindow function| openNewTab function| openSameTab function| listenInstallCompleted function| openInstructions object| windowObjectReference

12 Cookies

Domain/Path Name / Value
my.rtmark.net/ Name: ID
Value: 82251d21cac041de9a2298fea2fe28b4
inrotomr.com/ Name: oaidts
Value: 1710582652
inrotomr.com/ Name: OAID
Value: 82251d21cac041de9a2298fea2fe28b4
inrotomr.com/ Name: syncedCookie
Value: true
ak.ocoaksib.com/ Name: OAID
Value: 008021ea7ad44f0fe420ab60947fa823
ak.ocoaksib.com/ Name: oaidts
Value: 1710582653
.tururu.info/ Name: c0083
Value: cjpa3mkS14z
.tururu.info/ Name: r0083
Value: pa
.tururu.info/ Name: cid0083
Value: 792803712455418566
.tururu.info/ Name: z0083
Value: 6118780
.tururu.info/ Name: e0083
Value: VPGCNBK0FG
.tururu.info/ Name: _asd
Value: 17105826548650658

18 Console Messages

Source Level URL
Text
network error URL: https://desenteir.com/tb1/reverse.min.js?sf=1
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://ambanioffers.online/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript error URL: https://ambanioffers.online/
Message:
Access to XMLHttpRequest at 'https://tdsjsext3.com/ExtService.svc/getextparams' from origin 'https://ambanioffers.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://tdsjsext3.com/ExtService.svc/getextparams
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://ambanioffers.online/sw-check-permissions-07c73.js?zoneId=6903771
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://inrotomr.com/4/6903777
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://inrotomr.com/4/6903777
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ak.ocoaksib.com/partitial/5117854/?var=6118780&ab2r=0&prfrev=false&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://ak.ocoaksib.com/partitial/5117854/?var=6118780&ab2r=0&prfrev=false&rhd=false&sf=1
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
javascript error URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa(Line 42)
Message:
Access to XMLHttpRequest at 'chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png' from origin 'https://kingadblocker.com' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, https, chrome-untrusted.
network error URL: chrome-extension://flcjnflecolckmhfcmhhkichjhajjnlb/icon.png
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://kingadblocker.com/extension.php?jn=cjpa3mkS14z&_d=2&ju=6118780&jq=792803712455418566&jp=pa
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests