urlscan.io logo urlscan.io
SecurityTrails logo

crimea-infokiosk-payments.2025-06-08.0.zip Open in urlscan Pro
99.83.235.117  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://crimea-infokiosk-payments.2025-06-08.0.zip/
Effective URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Submission Tags: @phish_report
Submission: On November 09 via api from FI — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 3 countries across 10 domains to perform 28 HTTP transactions. The main IP is 99.83.235.117, located in United States and belongs to AMAZON-02, US. The main domain is crimea-infokiosk-payments.2025-06-08.0.zip.
TLS certificate: Issued by R13 on November 9th 2025. Valid for: 3 months.
This is the only time crimea-infokiosk-payments.2025-06-08.0.zip was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 99.83.235.117 16509 (AMAZON-02)
1 172.66.41.21 13335 (CLOUDFLAR...)
1 108.158.20.31 16509 (AMAZON-02)
1 18.67.95.183 16509 (AMAZON-02)
1 142.250.76.100 15169 (GOOGLE)
3 3.248.162.96 16509 (AMAZON-02)
1 142.250.204.2 15169 (GOOGLE)
5 142.251.221.78 15169 (GOOGLE)
2 142.250.76.97 15169 (GOOGLE)
1 142.251.221.66 15169 (GOOGLE)
3 142.250.204.1 15169 (GOOGLE)
1 172.217.167.66 15169 (GOOGLE)
28 13
5    99.83.235.117 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad97f17ac43043829.awsglobalaccelerator.com
crimea-infokiosk-payments.2025-06-08.0.zip
1    172.66.41.21 (Ascension Island)

ASN13335 (CLOUDFLARENET, US)
www.sav.com
1    108.158.20.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-158-20-31.syd62.r.cloudfront.net
euob.youstarsbuilding.com
1    18.67.95.183 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-95-183.syd62.r.cloudfront.net
d38psrni17bvxu.cloudfront.net
1    142.250.76.100 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f4.1e100.net
www.google.com
3    3.248.162.96 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-162-96.eu-west-1.compute.amazonaws.com
obseu.youstarsbuilding.com
1    142.250.204.2 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f2.1e100.net
partner.googleadservices.com
5    142.251.221.78 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f14.1e100.net
syndicatedsearch.goog
2    142.250.76.97 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s24-in-f1.1e100.net
afs.googleusercontent.com
1    142.251.221.66 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f2.1e100.net
ep1.adtrafficquality.google
3    142.250.204.1 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f1.1e100.net
ep2.adtrafficquality.google
1    172.217.167.66 (United States)

ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f2.1e100.net
pagead2.googlesyndication.com
Apex Domain
Subdomains		 Transfer
5 syndicatedsearch.goog
syndicatedsearch.goog — Cisco Umbrella Rank: 3496
61 KB
5 0.zip
crimea-infokiosk-payments.2025-06-08.0.zip
7 KB
4 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 341
ep2.adtrafficquality.google — Cisco Umbrella Rank: 348
21 KB
4 youstarsbuilding.com
euob.youstarsbuilding.com — Cisco Umbrella Rank: 89922
obseu.youstarsbuilding.com — Cisco Umbrella Rank: 80658
45 KB
2 googleusercontent.com
afs.googleusercontent.com — Cisco Umbrella Rank: 15554
1 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 132
20 KB
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 6256
259 B
1 google.com
www.google.com — Cisco Umbrella Rank: 2
57 KB
1 cloudfront.net
d38psrni17bvxu.cloudfront.net
50 KB
1 sav.com
www.sav.com
9 KB
28 10
Domain Requested by
5 syndicatedsearch.goog www.google.com
syndicatedsearch.goog
5 crimea-infokiosk-payments.2025-06-08.0.zip crimea-infokiosk-payments.2025-06-08.0.zip
3 ep2.adtrafficquality.google www.google.com
ep2.adtrafficquality.google
3 obseu.youstarsbuilding.com euob.youstarsbuilding.com
crimea-infokiosk-payments.2025-06-08.0.zip
2 afs.googleusercontent.com crimea-infokiosk-payments.2025-06-08.0.zip
1 pagead2.googlesyndication.com ep2.adtrafficquality.google
1 ep1.adtrafficquality.google www.google.com
1 partner.googleadservices.com www.google.com
1 www.google.com crimea-infokiosk-payments.2025-06-08.0.zip
1 d38psrni17bvxu.cloudfront.net crimea-infokiosk-payments.2025-06-08.0.zip
1 euob.youstarsbuilding.com crimea-infokiosk-payments.2025-06-08.0.zip
1 www.sav.com crimea-infokiosk-payments.2025-06-08.0.zip
28 12

This site contains links to these domains. Also see Links.

Domain
www.sav.com
crimea-infokiosk-payments.2025-06-08.0.zip
Subject Issuer Validity Valid
crimea-infokiosk-payments.2025-06-08.0.zip
R13		 2025-11-09 -
2026-02-07		 3 months crt.sh
www.sav.com
E7		 2025-10-25 -
2026-01-23		 3 months crt.sh
*.youstarsbuilding.com
Amazon RSA 2048 M04		 2025-05-18 -
2026-06-16		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2025-05-05 -
2026-04-23		 a year crt.sh
*.google.com
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh
*.googleadservices.com
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh
syndicatedsearch.goog
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh
*.googleusercontent.com
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh
adtrafficquality.google
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh
*.g.doubleclick.net
WR2		 2025-10-13 -
2026-01-05		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Frame ID: 40927603F70B668D7423D276E506255F
Requests: 21 HTTP requests in this frame

Frame: https://syndicatedsearch.goog/afs/ads?sjk=s2GPwKfCQJiOx4BGOk%2FANw%3D%3D&adtest=off&psid=8721831397&pcsa=false&channel=bucket007%2Cbucket009%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6hCE_SC25OdiD8UAeVv1Sgiy5bmdL-O-eoKE4MDWdOp0_hclib8jRQ.xRHP3EIiQSSspDeETHmuxw.rdgjGZuMDmeKo7NmHv-VSqh3T2Qovzxbf_Rav6TzshcUqBsf3k1-wRfDDuAUwOFxmk0MilMMtY6lU_Nn8ozW_tOyhgytB10zoremx4BuaKyfZmvX_piQB07423EL81KClzKC2tAcDVVYXhyXpUI0NjbQxl7gmSQS7lIPsoAY3lTC4lwQz-inzWomt0qCssq_ugOwad3QCUXx_9RxYtW-RvkyHl3DXQnB_haVkapkH7GZ8fAFSVfC7b4m4FtZ3Y1v0FHhWJnK7_jSS9-KZGPxJ8eruJXvBWDTmEgvVV9WXOvjOhgvLQ-Qp-tJnckdsm9MIsOW2ZkcEao4Wavy90SmP5eW3YjrW8RoTWzwLu0bsRUysNBLnDHfnDRKIwDd0UtsPha86_IwP1aEWa-aUxGxKXEyud9t820JMqzfTH2Rkb5nq0G5efbyWuEHVC6jksAkdhewyHUSW5GzlXPci0lg1B-Z4vIVPheXRUR9mPbwtjfwF3elFTiUVxljgRc30Lzyq8fcmwkkYy_xsZKKZu5S2_Uj1UnK_dUuM56glPZ_L4q-2NzDb05CAeZaoii1mJiIysi8eZ4LecHC9CarUUekrlUEH7qmOfES1jNpkw59-1g.mhZJRyHQoeWd3i7Y1leIAg&type=3&swp=as-drid-2311698938577907&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110182%2C17301559&format=r3&nocache=8291762662341768&num=0&output=afd_ads&domain_name=crimea-infokiosk-payments.2025-06-08.0.zip&v=3&bsl=8&pac=2&u_his=2&u_tz=480&dt=1762662341769&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1019&frm=0&uio=-&cont=tc&drt=0&jsid=caf&jsv=827603366&rurl=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F
Frame ID: 8AD13807FC33E518C70256C620AC4F4C
Requests: 4 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Frame ID: FDDF1E0D353D3100888D13F3DF20DA50
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

0.zip

Page URL History Show full URLs

  1. http://crimea-infokiosk-payments.2025-06-08.0.zip/ HTTP 307
    https://crimea-infokiosk-payments.2025-06-08.0.zip/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Page Statistics

28
Requests

89 %
HTTPS

0 %
IPv6

10
Domains

12
Subdomains

13
IPs

3
Countries

272 kB
Transfer

617 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://crimea-infokiosk-payments.2025-06-08.0.zip/ HTTP 307
    https://crimea-infokiosk-payments.2025-06-08.0.zip/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
crimea-infokiosk-payments.2025-06-08.0.zip/
Redirect Chain
  • http://crimea-infokiosk-payments.2025-06-08.0.zip/
  • https://crimea-infokiosk-payments.2025-06-08.0.zip/
17 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.235.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad97f17ac43043829.awsglobalaccelerator.com
Software
nginx /
Resource Hash
499c289672c234e9adffffcc9e4de20c9d6aaeda58d802f5d0d5de0e9436c63a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ch
viewport-width dpr device-memory rtt downlink ect ua ua-full-version ua-platform ua-platform-version ua-arch ua-model ua-mobile
accept-ch-lifetime
30
alt-svc
h3=":50560"; ma=2592000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Sun, 09 Nov 2025 04:25:40 GMT
server
nginx
vary
Accept-Encoding
via
1.1 Caddy 0.0 Caddy
x-adblock-key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Tzurjuupjs4WR8hnglJ0DUuJBQs/pM7qa17XYpI6TcIUv30SzlH6CTLFIG1xxy+ebL/uPw7sh2o1QMZfQrxc4Q==
x-domain
0.zip
x-pcrew-blocked-reason
x-pcrew-ip-organization
ProtonVPN
x-subdomain
crimea-infokiosk-payments.2025-06-08

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://crimea-infokiosk-payments.2025-06-08.0.zip/
Non-Authoritative-Reason
HSTS
New_Logo_Color.png
www.sav.com/images/logo/2x/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sav.com/images/logo/2x/New_Logo_Color.png
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.66.41.21 , Ascension Island, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c007a67bdbb14c6dc017d4177be36da998d438e9b13ffb4cddbef1f29259a1f

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

vary
accept-encoding
access-control-max-age
1000
cf-cache-status
BYPASS
etag
"229f-5e54866c5d86b"
access-control-allow-methods
POST, GET, OPTIONS, DELETE, PUT
cf-ray
99ba8c309d972670-ADL
accept-ranges
bytes
access-control-allow-origin
*, *
content-length
8863
date
Sun, 09 Nov 2025 04:25:41 GMT
content-type
image/png
last-modified
Tue, 02 Aug 2022 21:00:08 GMT
server
cloudflare
access-control-allow-headers
x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-sessionid
224f85302aa2b6ec30aac9a85da2cbf9.js
euob.youstarsbuilding.com/sxp/i/ 		116 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://euob.youstarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.20.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-20-31.syd62.r.cloudfront.net
Software
Caddy /
Resource Hash
09829b331cf859dcbdc8d9dcf6db93279647409125bb586180e1d7579c7ef53b

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

cache-control
max-age=43200
content-encoding
gzip
etag
"1d093-NoRLWtwOm3Su8EAtOhuym53/SBM"
age
16880
via
1.1 ece2a231e09716eb97b51099bf5928fe.cloudfront.net (CloudFront)
expires
Sun, 09 Nov 2025 11:44:21 GMT
x-cache
Hit from cloudfront
content-length
43914
x-amz-cf-id
kw5RWUhZXsdenY2NrlnY6ILABn4SCuGZqZJOXARScTHC4GNlEoZ2Qw==
date
Sat, 08 Nov 2025 23:44:21 GMT
content-type
text/javascript; charset=utf-8
vary
accept-encoding
server
Caddy
x-amz-cf-pop
SYD62-P3
browserjs
crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/tr/ 		0
79 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/tr/browserjs?domain=0.zip&toggle=browserjs&uid=MTc2MjY2MjM0MC45NDYyOjM5NTQxYTk5NWNhMWMwNGU4NTcwZDcwZGQ3Yjk4NmQzOWM4YjliNWE0OWRiODZiOTM5NjA3ZDI0YTIyYWQzZDE6NjkxMDE3YzRlNmZmYg%3D%3D
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.235.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad97f17ac43043829.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
rtt
50
downlink
10

Response headers

accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
via
1.1 Caddy, 0.0 Caddy
accept-ch-lifetime
30
x-custom-track
browserjs
access-control-allow-origin
*
alt-svc
h3=":50560"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:41 GMT
content-type
text/html; charset=UTF-8
server
nginx
bg-inv.jpg
d38psrni17bvxu.cloudfront.net/themes/MobileCleanBlack_e01968e1/ 		50 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d38psrni17bvxu.cloudfront.net/themes/MobileCleanBlack_e01968e1/bg-inv.jpg
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.95.183 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-95-183.syd62.r.cloudfront.net
Software
nginx /
Resource Hash
60f9d0b211b890f184b2d86b56e31b8e2b5196e8906f2da10983c7e928e6027b

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

etag
"dce8vhonodoo138d"
age
58325
via
1.1 a8d63eee2fd456f0e1e6772e38461220.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
50845
x-amz-cf-id
VTXlo7sN0GlPv7uqquC1V60df1_-GKS7VQf_7KXBUWBRxD-AkaufIg==
date
Sat, 08 Nov 2025 12:13:36 GMT
content-type
image/jpeg
last-modified
Thu, 28 Aug 2025 17:42:07 GMT
server
nginx
x-amz-cf-pop
SYD62-P1
vary
Accept-Encoding
ls
crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/ 		0
80 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/ls?t=691017c4&token=a887ad4ccd2f71951afe902f012bff6d9b3645a1
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.235.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad97f17ac43043829.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
rtt
50
downlink
10

Response headers

access-control-max-age
86400
access-control-allow-methods
GET, POST, OPTIONS
via
1.1 Caddy
access-control-allow-origin
*
alt-svc
h3=":50560"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:41 GMT
server
nginx
caf.js
www.google.com/adsense/domains/ 		155 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.76.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s24-in-f4.1e100.net
Software
sffe /
Resource Hash
c71af24f6acafb3cce2d5d6a47746e775adeabba56f4ce0a4cfe994328248d5d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

content-encoding
gzip
etag
"477166381093069492"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Sun, 09 Nov 2025 04:25:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 09 Nov 2025 04:25:41 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
x-xss-protection
0
server
sffe
ct
obseu.youstarsbuilding.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obseu.youstarsbuilding.com/ct?id=80705&url=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F&sf=0&tpi=&ch=AdsDeli%20-%20domain%20-%20landingpage&uvid=a887ad4ccd2f71951afe902f012bff6d9b3645a1&tsf=0&tsfmi=&tsfu=&cb=1762662341540&hl=2&op=0&ag=4063400018&rand=930069191210290621118621221625750878824910602294796688206221237222895506505686956602190100&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDU0N10sWyJhYm5jaCIsMjBdLFsxMiwie1wiY3R4XCI6XCJ3ZWJnbFwiLFwidlwiOlwiaW50ZWwgaW5jLlwiLFwiclwiOlwiaW50ZWwgaXJpcyBvcGVuZ2wgZW5naW5lXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wIChvcGVuZ2wgZXMgZ2xzbCBlcyAxLjAgY2hyb21pdW0pXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjAgKG9wZW5nbCBlcyAyLjAgY2hyb21pdW0pXCIsXCJndmVuXCI6XCJ3ZWJraXRcIixcImJlblwiOjksXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTE2LCIwIl0sWy0yMCwiLSJdLFstMjEsIi0iXSxbLTIyLCJbXCJuXCIsXCJuXCJdIl0sWy01MSwiLSJdLFstNTQsIntcImhcIjpbXCIzMjk5NzI4NDUyXCIsXCI4MjI4MjMxMTlcIixcIl8zXCIsXCIyODcyODk5MzIwXCJdLFwiZFwiOltdLFwiYlwiOltcIl8wXCIsXCIyNjQ2MDM4ODJcIl0sXCJzXCI6MX0iXSxbLTU1LCIwIl0sWy02MSwie1wid2dzbFwiOlwiNDtwYWNrZWRfNHg4X2ludGVnZXJfZG90X3Byb2R1Y3Q7dW5yZXN0cmljdGVkX3BvaW50ZXJfcGFyYW1ldGVycztwb2ludGVyX2NvbXBvc2l0ZV9hY2Nlc3M7cmVhZG9ubHlfYW5kX3JlYWR3cml0ZV9zdG9yYWdlX3RleHR1cmVzO1wiLFwicGNmXCI6XCJiZ3JhOHVub3JtXCJ9Il0sWy02MiwiODAiXSxbLTYsIntcIndcIjpbXCIxXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstMTIsIm51bGwiXSxbLTM0LCItIl0sWy0zOSwiW1wiMjAwMzAxMDdcIiwyLFwiR2Vja29cIixcIk5ldHNjYXBlXCIsXCJNb3ppbGxhXCIsbnVsbCxudWxsLHRydWUsOCxmYWxzZSxudWxsLDUsdHJ1ZSx0cnVlLG51bGwsMCx0cnVlLHRydWUsZmFsc2UsdHJ1ZV0iXSxbLTY0LCJbMCxcIlwiLFtdXSJdLFstNjgsIi0iXSxbLTcwLCItIl0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltdfSJdLFstMzEsImZhbHNlIl0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRb0pBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkVVhCa1JVVTFOU1VvREZoWmNURlpiRjBCV1RFcE5XRXRLVzB4UVZWMVFWMTRYV2xaVUZrcEJTUlpRRmdzTERWOEJEQW9KQzFoWUMxc1BYRm9LQ1ZoWVdnQllBUXhkV0F0YVcxOEFGMU5LQXdnREFRa0pEd2dRRlZoTkdVc1pFVkZOVFVsS0F4WVdYRXhXV3hkQVZreEtUVmhMU2x0TVVGVmRVRmRlRjFwV1ZCWktRVWtXVUJZTEN3MWZBUXdLQ1F0WVdBdGJEMXhhQ2dsWVdGb0FXQT09Il0sWy03MywiRWhRPSJdLFstMTMsIi0iXSxbLTE3LCIzMiJdLFstMjUsIi0iXSxbLTI2LCJ7XCJ0amhzXCI6MTAwMDAwMDAsXCJ1amhzXCI6MTAwMDAwMDAsXCJqaHNsXCI6Mzc2MDAwMDAwMH0iXSxbLTI4LCJlbi1VUyxlbiJdLFstNTksImRlZmF1bHQiXSxbLTcyLCJFeFU9Il0sWy03LCItIl0sWy0xNSwiLSJdLFstMjcsIls1MCwxMCwwLFwiNGdcIixudWxsXSJdLFstMzgsImksLTEsLTEsMSwwLDEsMCwzNzYsNTEwLDMyMiwtMSwwLCwsMTU4NiwxNTg2Il0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTY2LCJnZW9sb2NhdGlvbixjaHVhZnVsbHZlcnNpb25saXN0LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsc2NyZWVud2FrZWxvY2ssb25kZXZpY2VzcGVlY2hyZWNvZ25pdGlvbix0cmFuc2xhdG9yLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LHNoYXJlZHN0b3JhZ2VzZWxlY3R1cmwsY2h1YWFyY2gsY29tcHV0ZXByZXNzdXJlLGNocHJlZmVyc3JlZHVjZWR0cmFuc3BhcmVuY3ksZGVmZXJyZWRmZXRjaCx1c2IsY2hzYXZlZGF0YSxwdWJsaWNrZXljcmVkZW50aWFsc2NyZWF0ZSxzaGFyZWRzdG9yYWdlLGRlZmVycmVkZmV0Y2htaW5pbWFsLHJ1bmFkYXVjdGlvbixjaGRvd25saW5rLGNodWFmb3JtZmFjdG9ycyxvdHBjcmVkZW50aWFscyxwYXltZW50LGNodWEsY2h1YW1vZGVsLGNoZWN0LGF1dG9wbGF5LGNhbWVyYSxsYW5ndWFnZWRldGVjdG9yLHByaXZhdGVzdGF0ZXRva2VuaXNzdWFuY2UsZGlnaXRhbGNyZWRlbnRpYWxzZ2V0LGFjY2VsZXJvbWV0ZXIsY2h1YXBsYXRmb3JtdmVyc2lvbixpZGxlZGV0ZWN0aW9uLHByaXZhdGVhZ2dyZWdhdGlvbixpbnRlcmVzdGNvaG9ydCxjaHZpZXdwb3J0aGVpZ2h0LGNhcHR1cmVkc3VyZmFjZWNvbnRyb2wsbG9jYWxmb250cyxjaHVhcGxhdGZvcm0sbWlkaSxjaHVhZnVsbHZlcnNpb24seHJzcGF0aWFsdHJhY2tpbmcsY2xpcGJvYXJkcmVhZCxnYW1lcGFkLGRpc3BsYXljYXB0dXJlLGtleWJvYXJkbWFwLGpvaW5hZGludGVyZXN0Z3JvdXAsYXJpYW5vdGlmeSxjaHdpZHRoLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24sYnJvd3Npbmd0b3BpY3MsZW5jcnlwdGVkbWVkaWEsbG9jYWxuZXR3b3JrYWNjZXNzLGd5cm9zY29wZSxzZXJpYWwsY2hydHQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LHVubG9hZCxjaGRwcixjaHByZWZlcnNjb2xvcnNjaGVtZSxjaHVhd293NjQsYXR0cmlidXRpb25yZXBvcnRpbmcsZnVsbHNjcmVlbixpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LHByaXZhdGVzdGF0ZXRva2VucmVkZW1wdGlvbixoaWQsc3VtbWFyaXplcixjaHVhYml0bmVzcyxzdG9yYWdlYWNjZXNzLHN5bmN4aHIsY2hkZXZpY2VtZW1vcnksY2h2aWV3cG9ydHdpZHRoLHBpY3R1cmVpbnBpY3R1cmUsbWFnbmV0b21ldGVyLGNsaXBib2FyZHdyaXRlLG1pY3JvcGhvbmUiXSxbLTc0LCIwLDAiXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTQsIi0iXSxbLTUsIi0iXSxbLTksIisiXSxbLTE5LCJbMTAsMTAsMTAsMTAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwLDBdIl0sWy0yNCwiW10iXSxbLTMzLCItIl0sWy00OSwiLSJdLFstNTIsIi0iXSxbLTY3LCItIl0sWy04LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy0zNiwiW1wiNC8zXCIsXCI0LzNcIl0iXSxbLTU4LCItIl0sWy0xOCwiWzAsMCwwLDFdIl0sWy0yMywiKyJdLFstMzIsIi0iXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMTEwMTEwMTAwMDAwMTAxMSJdLFstNDUsIjYyMCw2NzcsMCwwLDAsNTYyLDAsMCw2NDgsMCwwLDAsMCwwLDAsMCwwLDAsMCw2ODQsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAiXSxbLTUwLCItIl0sWy02OSwiTGludXggeDg2XzY0fEdvb2dsZSBJbmMufDh8MzJ8fDAiXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTExMTEwMTAwMDAxMCJdLFstMTQsIi0iXSxbLTI5LCItIl0sWy0zNSwiWzE3NjI2NjIzNDE1MDcsLThdIl0sWy00MSwiLSJdLFstNTMsIjAwMSJdLFstNjUsIi0iXSxbLTIsIjgsTklTQUlKaEE0SkhSVUVRY0dDQlFzMmJGeXhlMFZVRUN6WThJcWlYQ3NpRnhWRnhRS2lWMEdRb2lpaUtMMG1vUk1nUU1xVDVHbW56TXh1LzkrYWM4NlRreEJBL056Mzg5NzNQNSJdLFstMTAsIi0iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTQyLCI4ODMzOTkwMTYiXSxbLTYwLDIwOF0sWy02MywiMCJdLFsiYm5jaCIsNzldLFstMSwiLSJdLFstNDAsIjMzIl0sWy00NCwiMCwwLDAsNSJdLFstNDYsIjAiXSxbLTQ3LCJBdXN0cmFsaWEvUGVydGgsZW4tR0IsbGF0bixncmVnb3J5Il0sWyJkZGIiLCIwLDksMSwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwxLDAsMCwwLDAsMCwwLDEsNywxLDYsMCwxLDAsMCwwLDAsMCwwLDAsMSwxLDAsNiwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDEsNCwwLDAsMTEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCw3LDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=&cri=vxOablAf21&pto=1637&ver=65&gac=-&mei=&ap=&fe=1&duid=1.1762662341.pW3Ak1Gx2hHfKRsp&suid=1.1762662341.qQyPj7muuGc6yiXS&tuid=1.1762662341.MfkNMxCa0iRyJhLK&fbc=-&gtm=-&it=5%2C1232%2C223&fbcl=-&gacl=-&gacsd=-&rtic=-&rtict=-&bgc=-&spa=1&urid=0&ab=&sck=-&io=aGA2Og%3D%3D
Requested by
Host: euob.youstarsbuilding.com
URL: https://euob.youstarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
3.248.162.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-162-96.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
51f988f184a7a1f28c49b56ade3ab32c108dc0d4c430b84c5526f7e22bcd169d

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
https://crimea-infokiosk-payments.2025-06-08.0.zip
content-encoding
gzip
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
content-length
1245
date
Sun, 09 Nov 2025 04:25:42 GMT
content-type
text/javascript
cookie.js
partner.googleadservices.com/gampad/ 		364 B
259 B 		Script
General
Check archive.org
Download Go to
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=crimea-infokiosk-payments.2025-06-08.0.zip&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie&cookie_types=v1%2Cv2
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.204.2 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f2.1e100.net
Software
cafe /
Resource Hash
97346a9bde7b88fab2fa96dbdbe328b22a69816415c44a1ad02f28cd07e26614
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
238
date
Sun, 09 Nov 2025 04:25:41 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
syndicatedsearch.goog/afs/ Frame 8AD1 		16 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/afs/ads?sjk=s2GPwKfCQJiOx4BGOk%2FANw%3D%3D&adtest=off&psid=8721831397&pcsa=false&channel=bucket007%2Cbucket009%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6hCE_SC25OdiD8UAeVv1Sgiy5bmdL-O-eoKE4MDWdOp0_hclib8jRQ.xRHP3EIiQSSspDeETHmuxw.rdgjGZuMDmeKo7NmHv-VSqh3T2Qovzxbf_Rav6TzshcUqBsf3k1-wRfDDuAUwOFxmk0MilMMtY6lU_Nn8ozW_tOyhgytB10zoremx4BuaKyfZmvX_piQB07423EL81KClzKC2tAcDVVYXhyXpUI0NjbQxl7gmSQS7lIPsoAY3lTC4lwQz-inzWomt0qCssq_ugOwad3QCUXx_9RxYtW-RvkyHl3DXQnB_haVkapkH7GZ8fAFSVfC7b4m4FtZ3Y1v0FHhWJnK7_jSS9-KZGPxJ8eruJXvBWDTmEgvVV9WXOvjOhgvLQ-Qp-tJnckdsm9MIsOW2ZkcEao4Wavy90SmP5eW3YjrW8RoTWzwLu0bsRUysNBLnDHfnDRKIwDd0UtsPha86_IwP1aEWa-aUxGxKXEyud9t820JMqzfTH2Rkb5nq0G5efbyWuEHVC6jksAkdhewyHUSW5GzlXPci0lg1B-Z4vIVPheXRUR9mPbwtjfwF3elFTiUVxljgRc30Lzyq8fcmwkkYy_xsZKKZu5S2_Uj1UnK_dUuM56glPZ_L4q-2NzDb05CAeZaoii1mJiIysi8eZ4LecHC9CarUUekrlUEH7qmOfES1jNpkw59-1g.mhZJRyHQoeWd3i7Y1leIAg&type=3&swp=as-drid-2311698938577907&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110182%2C17301559&format=r3&nocache=8291762662341768&num=0&output=afd_ads&domain_name=crimea-infokiosk-payments.2025-06-08.0.zip&v=3&bsl=8&pac=2&u_his=2&u_tz=480&dt=1762662341769&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1019&frm=0&uio=-&cont=tc&drt=0&jsid=caf&jsv=827603366&rurl=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
gws /
Resource Hash
55cbfa9afdb097a27825486d8d3ddb9ca9f0f92bc07146aa999a1febae3c15ce
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-DO4Idh5QSK-2auBotZFziA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Xss-Protection 0

Request headers

Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-disposition
inline
content-encoding
br
content-length
3279
content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-DO4Idh5QSK-2auBotZFziA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
content-type
text/html; charset=UTF-8
date
Sun, 09 Nov 2025 04:25:42 GMT
expires
Sun, 09 Nov 2025 04:25:42 GMT
server
gws
x-xss-protection
0
caf.js
syndicatedsearch.goog/adsense/domains/ Frame 8AD1 		155 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://syndicatedsearch.goog/adsense/domains/caf.js
Requested by
Host: syndicatedsearch.goog
URL: https://syndicatedsearch.goog/afs/ads?sjk=s2GPwKfCQJiOx4BGOk%2FANw%3D%3D&adtest=off&psid=8721831397&pcsa=false&channel=bucket007%2Cbucket009%2Cbucket077&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F%3Fts%3DeyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.6hCE_SC25OdiD8UAeVv1Sgiy5bmdL-O-eoKE4MDWdOp0_hclib8jRQ.xRHP3EIiQSSspDeETHmuxw.rdgjGZuMDmeKo7NmHv-VSqh3T2Qovzxbf_Rav6TzshcUqBsf3k1-wRfDDuAUwOFxmk0MilMMtY6lU_Nn8ozW_tOyhgytB10zoremx4BuaKyfZmvX_piQB07423EL81KClzKC2tAcDVVYXhyXpUI0NjbQxl7gmSQS7lIPsoAY3lTC4lwQz-inzWomt0qCssq_ugOwad3QCUXx_9RxYtW-RvkyHl3DXQnB_haVkapkH7GZ8fAFSVfC7b4m4FtZ3Y1v0FHhWJnK7_jSS9-KZGPxJ8eruJXvBWDTmEgvVV9WXOvjOhgvLQ-Qp-tJnckdsm9MIsOW2ZkcEao4Wavy90SmP5eW3YjrW8RoTWzwLu0bsRUysNBLnDHfnDRKIwDd0UtsPha86_IwP1aEWa-aUxGxKXEyud9t820JMqzfTH2Rkb5nq0G5efbyWuEHVC6jksAkdhewyHUSW5GzlXPci0lg1B-Z4vIVPheXRUR9mPbwtjfwF3elFTiUVxljgRc30Lzyq8fcmwkkYy_xsZKKZu5S2_Uj1UnK_dUuM56glPZ_L4q-2NzDb05CAeZaoii1mJiIysi8eZ4LecHC9CarUUekrlUEH7qmOfES1jNpkw59-1g.mhZJRyHQoeWd3i7Y1leIAg&type=3&swp=as-drid-2311698938577907&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301548%2C17301266%2C72717108%2C73110182%2C17301559&format=r3&nocache=8291762662341768&num=0&output=afd_ads&domain_name=crimea-infokiosk-payments.2025-06-08.0.zip&v=3&bsl=8&pac=2&u_his=2&u_tz=480&dt=1762662341769&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1600&psh=1019&frm=0&uio=-&cont=tc&drt=0&jsid=caf&jsv=827603366&rurl=https%3A%2F%2Fcrimea-infokiosk-payments.2025-06-08.0.zip%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
sffe /
Resource Hash
75cb42de8136462af5b87f2783ff4b2d4be312818a91466d94eb6786db04b7d2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://syndicatedsearch.goog/

Response headers

content-encoding
gzip
etag
"16556859438304596889"
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
x-content-type-options
nosniff
expires
Sun, 09 Nov 2025 04:25:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 09 Nov 2025 04:25:42 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
link
<https://syndicatedsearch.goog>; rel="preconnect"
cache-control
private, max-age=3600
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
x-xss-protection
0
server
sffe
yes
crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/tr/answercheck/ 		0
66 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://crimea-infokiosk-payments.2025-06-08.0.zip/munin/a/tr/answercheck/yes?domain=0.zip&caf=1&toggle=answercheck&answer=yes&uid=MTc2MjY2MjM0MC45NDYyOjM5NTQxYTk5NWNhMWMwNGU4NTcwZDcwZGQ3Yjk4NmQzOWM4YjliNWE0OWRiODZiOTM5NjA3ZDI0YTIyYWQzZDE6NjkxMDE3YzRlNmZmYg%3D%3D
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.235.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad97f17ac43043829.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
rtt
50
downlink
10

Response headers

accept-ch
viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
via
1.1 Caddy, 0.0 Caddy
accept-ch-lifetime
30
x-custom-track
answercheck
access-control-allow-origin
*
alt-svc
h3=":50560"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:42 GMT
content-type
text/html; charset=UTF-8
server
nginx
search.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 8AD1 		391 B
795 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.76.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s24-in-f1.1e100.net
Software
sffe /
Resource Hash
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://syndicatedsearch.goog/

Response headers

content-encoding
gzip
age
29853
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
x-content-type-options
nosniff
expires
Sun, 09 Nov 2025 19:08:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 08 Nov 2025 20:08:10 GMT
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
content-type
image/svg+xml
vary
Accept-Encoding
content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cache-control
public, max-age=82800
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
accept-ranges
bytes
content-length
270
x-xss-protection
0
server
sffe
call_to_action_arrow.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 8AD1 		444 B
393 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/call_to_action_arrow.svg?c=%23ffffff
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.76.97 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s24-in-f1.1e100.net
Software
sffe /
Resource Hash
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://syndicatedsearch.goog/

Response headers

content-encoding
gzip
age
22457
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
x-content-type-options
nosniff
expires
Sun, 09 Nov 2025 21:11:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 08 Nov 2025 22:11:26 GMT
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
content-type
image/svg+xml
vary
Accept-Encoding
content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
cache-control
public, max-age=82800
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
accept-ranges
bytes
content-length
278
x-xss-protection
0
server
sffe
50d57fcb-077d-46b0-8128-340435c72409
https://crimea-infokiosk-payments.2025-06-08.0.zip/ 		0
0
tc_imp.gif
obseu.youstarsbuilding.com/tracker/ 		43 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obseu.youstarsbuilding.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126cecc133e8448e9f9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f674084828f0129371aad7d2504826ddb60ce0c385370c25154583d520a93ba3a1c77be26bb25cb43e2923bf34c6dad09337811c452ec47ec8bc59a7ee46a56a82b9eec47679c796e092818c5871d61eb72bffe8f831510e31c84a74a8844ca32a408da5b75be5266e915406b29a4483efa86e7a177922cbe16a370e3266863c89777256e1d0cd71ed0d906f60430e692af23486a3aadfe4a5df79c4c42731f24177cf2dd773f6417c2af0b3ad5f4ab3191e645770d51f4f4fcc8cd68bfd8ab5bef5e8c3b6f349caac3aaf03494c2e3798b214c84b8db260a43f26667a095106dbf89a9708652fb13e4d21b94199dcf2995383c91cf2edb6482cefaaddafde91a2df72cbea7e86c1368aed971c8f006f3064c1ec80e18dc8d84cb8ef78934c523db93a48137fc7f603b83743d85d8c11c7787a721ff4eb5c901c43bb7765006148276b90a9c9ffe31f8973fc40dea839c8336df020a2dfc1e4c135d7e3e89ec63f41d8082c733a6de3da8de6cca85edf96d9fb7f71f3e3ec8a71e45d1f7511a21f2fdc433f8638af74cbbbf73e325fe218843884589fc65994d67b5f9c774232d3e526c520b46eeb8d332c008a51b5c5f3bafe53c83c14d52bac18ba8b67edffff8eed0aadcad121a62bf3ed2a4537c9e517909953f4f7b07f578a66a1ac3e8dd608868cb248bab2ccda40c997b0c263c037c139fc8f8da3c7b509a044489cedabcb9d64e029fb5a16091ce7067c5d5133875e499d95621da3b970bda43b72d9100dad612ffbc30e49d8ad19c467caf873812d977d1c5b2f36eca1756554586745113f4fa0b9de606cb879acf52cf8181310d3346a07cca4cca0fb5dc2cd34510270863151cf3469cc5760ced7dcab5f42bd8c84b8e7275ad12782d8195875124933986df108365787a12c0403e9ebd95289d4534f1e80fb39d99a69248da41477644b626590dcfc14805e56285ab9674d08dfe045f60b03e754a16c51453ef85fc584cc1707bd28b95019481f8dd5321b939a7152a0b8e5c297fc9c25b02d887f1dce3ae01be79f53b9737cb8c01cdf1ea7474bcc452c89ea2a09da583df3e4390f47416893593099b5be4e337ba8d898c37a08c8bbda71a6786b8a58703b308d7014d3b4c3fd89a6f678026bf10&cri=vxOablAf21&ts=1324&cb=1762662342864
Requested by
Host: crimea-infokiosk-payments.2025-06-08.0.zip
URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
3.248.162.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-162-96.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
date
Sun, 09 Nov 2025 04:25:43 GMT
pragma
no-cache
content-type
image/gif
82587bd8-27c6-4737-b7cd-78cc1d4573c3
https://crimea-infokiosk-payments.2025-06-08.0.zip/ 		0
0
sodar
ep1.adtrafficquality.google/getconfig/ 		10 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=afs&tv=1234567890&st=env&sjk=s2GPwKfCQJiOx4BGOk/ANw==&sde=1
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.221.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f2.1e100.net
Software
cafe /
Resource Hash
c53dc658dcf74a0062e25b2152c8927259599d5e9fc2376a0f3b2db0836903da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
8007
date
Sun, 09 Nov 2025 04:25:43 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
favicon.ico
crimea-infokiosk-payments.2025-06-08.0.zip/ 		0
92 B 		Other
General
Check archive.org
Download Go to
Full URL
https://crimea-infokiosk-payments.2025-06-08.0.zip/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.83.235.117 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad97f17ac43043829.awsglobalaccelerator.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

viewport-width
1600
ect
4g
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
device-memory
8
dpr
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
rtt
50
downlink
10

Response headers

etag
"66e18132-0"
via
1.1 Caddy
accept-ranges
bytes
alt-svc
h3=":50560"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:43 GMT
content-type
image/x-icon
last-modified
Wed, 11 Sep 2024 11:38:26 GMT
server
nginx
sodar2.js
ep2.adtrafficquality.google/sodar/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.1 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f1.1e100.net
Software
sffe /
Resource Hash
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

content-encoding
gzip
etag
"1747411493688989"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Sun, 09 Nov 2025 04:25:43 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 09 Nov 2025 04:25:43 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
7188
x-xss-protection
0
server
sffe
gen_204
syndicatedsearch.goog/afs/ 		0
333 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=9n3z4d108mar&cd_fexp=72717108%2C73110182%2C17301559&aqid=xhcQabv1BvnWmsMPxbrrcQ&psid=8721831397&pbt=ri&emsg=sodar_latency&rt=302&ea=9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-vfLo88r2gK94QqQDrArfnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-vfLo88r2gK94QqQDrArfnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:44 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
mon
obseu.youstarsbuilding.com/ 		0
167 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obseu.youstarsbuilding.com/mon
Requested by
Host: euob.youstarsbuilding.com
URL: https://euob.youstarsbuilding.com/sxp/i/224f85302aa2b6ec30aac9a85da2cbf9.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
3.248.162.96 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-248-162-96.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Content-Type
application/x-www-form-urlencoded
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

access-control-allow-origin
https://crimea-infokiosk-payments.2025-06-08.0.zip
content-length
0
date
Sun, 09 Nov 2025 04:25:44 GMT
content-type
application/json
access-control-allow-credentials
true
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
runner.html
ep2.adtrafficquality.google/sodar/sodar2/237/ Frame FDDF 		13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.1 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f1.1e100.net
Software
sffe /
Resource Hash
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1

Response headers

accept-ranges
bytes
age
1562
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5044
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Sun, 09 Nov 2025 03:59:42 GMT
expires
Sun, 09 Nov 2025 04:49:42 GMT
last-modified
Tue, 13 May 2025 23:17:50 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
gen_204
syndicatedsearch.goog/afs/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=48bdd0s0j7pj&cd_fexp=72717108%2C73110182%2C17301559&aqid=xhcQabv1BvnWmsMPxbrrcQ&psid=8721831397&pbt=bs&adbx=467&adby=305&adbh=453&adbw=666&adbah=145%2C145%2C145&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=827603366&csala=3%7C0%7C530%7C200%7C300&lle=0&ifv=1&hpt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-jC93ApNfr-NYGonNxO0jzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-jC93ApNfr-NYGonNxO0jzw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:44 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
gen_204
syndicatedsearch.goog/afs/ 		0
209 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://syndicatedsearch.goog/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=bj777t7utyvj&cd_fexp=72717108%2C73110182%2C17301559&aqid=xhcQabv1BvnWmsMPxbrrcQ&psid=8721831397&pbt=bv&adbx=467&adby=305&adbh=453&adbw=666&adbah=145%2C145%2C145&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=827603366&csala=3%7C0%7C530%7C200%7C300&lle=0&ifv=1&hpt=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.221.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s31-in-f14.1e100.net
Software
gws /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy object-src 'none';base-uri 'self';script-src 'nonce-3fZ65VtpcTkPTnJJsFUk7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://crimea-infokiosk-payments.2025-06-08.0.zip/

Response headers

content-security-policy
object-src 'none';base-uri 'self';script-src 'nonce-3fZ65VtpcTkPTnJJsFUk7Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:44 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
gws
x-frame-options
SAMEORIGIN
TOCvFO5frGAUu_dYJQMz6Rf6wi7NrrHIMK70wbLAQEo.js
pagead2.googlesyndication.com/bg/ Frame FDDF 		52 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/bg/TOCvFO5frGAUu_dYJQMz6Rf6wi7NrrHIMK70wbLAQEo.js
Requested by
Host: ep2.adtrafficquality.google
URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.167.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd15s06-in-f2.1e100.net
Software
sffe /
Resource Hash
4ce0af14ee5fac6014bbf758250333e917fac22ecdaeb1c830aef4c1b2c0404a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://ep2.adtrafficquality.google/

Response headers

content-encoding
br
age
112878
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options
nosniff
expires
Sat, 07 Nov 2026 21:04:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 07 Nov 2025 21:04:26 GMT
last-modified
Mon, 03 Nov 2025 09:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=31536000
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges
bytes
content-length
20351
x-xss-protection
0
server
sffe
generate_204
ep2.adtrafficquality.google/ Frame FDDF 		0
41 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ep2.adtrafficquality.google/generate_204?Sg1BfQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.204.1 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f1.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 16_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Mobile/15E148 Safari/604.1
Referer
https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sun, 09 Nov 2025 04:25:44 GMT
cross-origin-resource-policy
cross-origin
sodar
ep1.adtrafficquality.google/pagead/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
crimea-infokiosk-payments.2025-06-08.0.zip
URL
blob:https://crimea-infokiosk-payments.2025-06-08.0.zip/50d57fcb-077d-46b0-8128-340435c72409
Domain
crimea-infokiosk-payments.2025-06-08.0.zip
URL
blob:https://crimea-infokiosk-payments.2025-06-08.0.zip/82587bd8-27c6-4737-b7cd-78cc1d4573c3
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=237&t=2&li=afs_1234567890&jk=s2GPwKfCQJiOx4BGOk%2FANw%3D%3D&bg=!np2lndLNAAaIPp6FqD47ADQBe5WfOC5ND2TCJoYgDYfJ9bbDO_-U_CFOZ9YgMLozf7rZyjoeHt7E2AOMrwerBiKUA0sNAgAAADNSAAAAAmgBB34AG8S4HMCRX9Qmq09ynsgIfkOVlmqfLQ4QrtDFcwoA8InC0pfkn7myBUHdiCRnWwII4bohieC5an5L1MI-sDZp6o2zAahzAv3zXK5zEcMi0wqGHq2RhiWB9yutLhjrbuAFgTnoao1JI-Tfi8QS0n-mMM5kpq8AgPerYsx5E9ruHDr7H45bCUQquFX6GfxGBfXS_EqFvVoJFixbTEUs01qD7ThJRaS97Ii0ImRixJusZ0c8XdQVYVWmygFgkiWjhvJbXGGfAobZmWGiPdRA9WJmSvvYdX-AaS1Y-n62dcQBDMjVOnUz4wNapLERpXfPRncTVKCDnF1TRQMSJUX3H1VOAXYyvYtapoaYR9jL8AW4ZpkB03U8KmgxZi6CdE1cJ5YNVY3f4AQHzr-ciAdvF-ihk8j2v8gkV-qsA-6Sm797xsX03SSt2FpxUzYJw1PKrZ3tNeNXOBWPQ1vwCWW4pPdCV7Yc1Nck23o55-I29MwPMjDrYvw61zbitxgc-WqlV7UXv9tTsiL9pK5PtUICTx56j7C6hoFcRRplJOeu9X41qO8kQ7NM5Lb2KxDtGedZvPjN3QENIJsGyY8Ddtf4DxPxlLuPWHHD9O80jH71HWXSJXf91Z1ujQFgCtFnm8yPkFWW-AQTA_uTGrdgBixRBomrm_KJNYW98UwQre1uo9nAr2kSLoonExUVFOQaJ-R_Fu30a67C0tg5CEG-8z0sibgkpxG6sh8Ddim9dBmis8JIrInTrlRaXOPsi82pBqPse4yv2aYK1Z370-opZSjxxsuITnm5GqfVG8mqhAqZSg14J2oPC4R2Bdbv-mh_2ixEZc69vrV7PjHrmFLxASy2rYwqjdUbyN3K4M3u2z-DNLfPvnOTgKEjrF0k8ITy0YubOhY11qVRMTvvzwHDgic20NN_dYXYwLpAg_og1IIKOT8_EZr00f_wPqb32Le-HC6XWRPrZ6ZdPDUvVPsdwD5AxMRJKPwfHaAh

Verdicts & Comments Add Verdict or Comment

19 JavaScript Window variables

These are the non-standard variables defined on the window object. These include var declarations and global functions and can be helpful in identifying possible client-side frameworks and code.

object| 0 object| tcblock function| getXMLhttp function| fallbackRedirect function| ajaxQuery function| ajaxBackfill function| loadFeed object| xmlHttp function| ls function| getLoadFeedArguments function| __ctcg_ct_80705_exec number| googleNDT_ number| googleAltLoader string| GoogleD3KJLP9Z object| google function| __sasCookie object| _cq object| GoogleGcLKhOms object| google_image_requests

5 Cookies

Domain/Path Name / Value
www.sav.com/ Name: AWSALBCORS
Value: Cb57JOP8MQ9SbItoMqpTtLfhhIzeMtIWUvOhER2g51hhWmjWQih4sDtQ1nJISpXarOTK1DTyf+gdIBFRc+AF3ufwIVsSDn74E/d6GZSeFiWQXk/t7weLakV/9Jgc
crimea-infokiosk-payments.2025-06-08.0.zip/ Name: _cq_duid
Value: 1.1762662341.pW3Ak1Gx2hHfKRsp
crimea-infokiosk-payments.2025-06-08.0.zip/ Name: _cq_suid
Value: 1.1762662341.qQyPj7muuGc6yiXS
.0.zip/ Name: __gsas
Value: ID=8807b10734b6e197:T=1762662341:RT=1762662341:S=ALNI_MaGJ_bLm20RwpWEcsuDcq-ZIrLkzg
obseu.youstarsbuilding.com/ Name: cg_uuid
Value: 96166581c5b05f42988fca3d78fee4ac

3 Console Messages

Source Level URL
Text
rendering warning URL: https://crimea-infokiosk-payments.2025-06-08.0.zip/
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A020ED02D4120000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.
worker verbose URL: blob:https://crimea-infokiosk-payments.2025-06-08.0.zip/50d57fcb-077d-46b0-8128-340435c72409(Line 1)
Message:
Error
rendering warning URL: https://ep2.adtrafficquality.google/sodar/sodar2/237/runner.html
Message:
[GroupMarkerNotSet(crbug.com/242999)!:A0609E02D4120000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader (about:flags#enable-unsafe-swiftshader) flag to opt in to lower security guarantees for trusted content.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

afs.googleusercontent.com
crimea-infokiosk-payments.2025-06-08.0.zip
d38psrni17bvxu.cloudfront.net
ep1.adtrafficquality.google
ep2.adtrafficquality.google
euob.youstarsbuilding.com
obseu.youstarsbuilding.com
pagead2.googlesyndication.com
partner.googleadservices.com
syndicatedsearch.goog
www.google.com
www.sav.com
crimea-infokiosk-payments.2025-06-08.0.zip
ep1.adtrafficquality.google
108.158.20.31
142.250.204.1
142.250.204.2
142.250.76.100
142.250.76.97
142.251.221.66
142.251.221.78
172.217.167.66
172.66.41.21
18.67.95.183
3.248.162.96
99.83.235.117
09829b331cf859dcbdc8d9dcf6db93279647409125bb586180e1d7579c7ef53b
14b660a511e14a9a481c6fe43c576f36c61b656cfd379728c54f1128e1855966
17c7a89bf169c2ee400e31b042cea68513f06b9cd7d1e8990dbec800f0d771c7
1c007a67bdbb14c6dc017d4177be36da998d438e9b13ffb4cddbef1f29259a1f
499c289672c234e9adffffcc9e4de20c9d6aaeda58d802f5d0d5de0e9436c63a
4ce0af14ee5fac6014bbf758250333e917fac22ecdaeb1c830aef4c1b2c0404a
51f988f184a7a1f28c49b56ade3ab32c108dc0d4c430b84c5526f7e22bcd169d
5455d8d4b8ae5150039ff7a83a6679d4338a435945985fa9f8d0ecbea9ae2f6e
55cbfa9afdb097a27825486d8d3ddb9ca9f0f92bc07146aa999a1febae3c15ce
60f9d0b211b890f184b2d86b56e31b8e2b5196e8906f2da10983c7e928e6027b
75cb42de8136462af5b87f2783ff4b2d4be312818a91466d94eb6786db04b7d2
97346a9bde7b88fab2fa96dbdbe328b22a69816415c44a1ad02f28cd07e26614
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
a7f65c0446b6cac3175458f6388304d0c23e70d11fa0db20920a619f1bc18623
c53dc658dcf74a0062e25b2152c8927259599d5e9fc2376a0f3b2db0836903da
c71af24f6acafb3cce2d5d6a47746e775adeabba56f4ce0a4cfe994328248d5d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855