Is desikahani2.net safe?

encoded payload

suspicious base64-like blobs detected in page content

malicious redirect

script/meta redirect patterns detected in page source

cloaking

Page checks user-agent for bot/crawler strings to serve different content

cloaking

Page conditionally redirects based on referrer or user-agent

cloaking

Page loads content in transparent or zero-size iframe overlay

js obfuscation

JavaScript uses Function constructor for runtime code generation

malicious redirect

Back-button hijacking script: pushes 10 history states and triggers location.replace() to 'https://backbutton.videobaba.xyz/back-button-script/public/getit.php?site=DK' when user presses back. This traps users and forces them to an external ad/redirect domain. (location: page.html:93-109)

hidden content

Element '#mhead' is set to 'display:none' in CSS (page.html:166) but is dynamically populated via JavaScript with an ad iframe from blazingserver.net. The iframe is injected invisibly into a hidden container, concealing third-party content from visible inspection. (location: page.html:166, page.html:1067-1078)

hidden content

Client-hint metadata delegation to 'tsyndicate.com' via 'delegate-ch' meta tag, sharing detailed browser/device fingerprinting data (sec-ch-ua, platform, architecture, model, full-version-list, mobile status) with a third-party domain without user awareness. (location: page.html:111)

malicious redirect

Navigation menu link labeled 'Indian Live Sex' routes through 'blazingserver.net/revive/www/admin/plugins/redirectAd/redirect.php?zoneid=329' — a third-party redirect ad server that obscures the true destination from users and AI agents browsing links. (location: page.html:317, page.html:333, page.html:359)

social engineering

Navigation menu item labeled 'AI Porn video' links to 'https://wumtel.online?union_id=MTg3' and another item 'AI Porn Video' links to 'https://www.cmonbae.com/?union_id=MTg3', both using 'AI' branding to entice AI-assisted browsing agents or users seeking AI-related content into clicking affiliate/adult links. (location: page.html:319, page.html:358)

obfuscated code

Custom inline base64 encode/decode functions (b2a, a2b, b64e, b64d) are defined and used throughout the page to obfuscate ad injection payloads. Ad content stored in 'data-code' attributes is base64-encoded and decoded at runtime before DOM insertion, hiding the actual ad payloads from static analysis. (location: page.html:1122-1125)

hidden content

Sidebar widget injects an iframe from 'https://a.videobaba.xyz/OX/DK/d-dk.php?spot=VDOA' — a third-party ad/tracking domain — embedded inline in the page without clear disclosure to users. (location: page.html:692)

hidden content

A script from 'https://js.streampsh.top/ps/ps.js?id=6FYyMMyMqESAdTqTmwQQxg' is loaded deferred at the bottom of the page. The domain 'streampsh.top' is an opaque third-party with no visible brand attribution on the page, consistent with covert tracking or push notification subscription scripts. (location: page.html:1062)

malicious redirect

Analytics/tracking script loaded from 'https://stats.indianpornempire.com/js/script.js' — a cross-site tracker embedded on the page that silently profiles visitors on behalf of a third-party network (IPE/Indian Porn Empire) without prominent disclosure. (location: page.html:85)

social engineering

Age verification gate (ageverif.com) is bypassed on error: 'window.ageverifError = loadAds' loads ads regardless of verification failure, meaning the age gate provides no real protection and is used solely as a pretext to delay ad loading rather than enforce age restrictions. (location: page.html:146-152)

hidden content

PHP source code fragment leaked in rendered HTML output (lines 1015-1027): '<?\n\n\t\techo $args[\'after_widget\'];\n\t}\n\n// Widget Backend...' — server-side template code exposed in the page source, revealing internal widget/plugin structure. (location: page.html:1015-1027)