pub-3539e3cd4e8b465c86355be1776c4056.r2.dev Open in urlscan Pro
2606:4700::6812:323 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Submission Tags: @phish_report
Submission: On June 12 via api (June 12th 2024, 6:34:58 pm UTC) from FI — Scanned from FI

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 10 HTTP transactions. The main IP is 2606:4700::6812:323, located in United States and belongs to CLOUDFLARENET, US. The main domain is pub-3539e3cd4e8b465c86355be1776c4056.r2.dev.
TLS certificate: Issued by E1 on June 3rd 2024. Valid for: 3 months.

This is the only time pub-3539e3cd4e8b465c86355be1776c4056.r2.dev was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700::68... 2606:4700::6812:323	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2600:9000:238... 2600:9000:238d:9600:15:c281:3500:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2a00:1450:400... 2a00:1450:4001:82f::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	142.250.181.225 142.250.181.225	15169 (GOOGLE) (GOOGLE)
1	162.19.58.159 162.19.58.159	16276 (OVH) (OVH)
10	6

1 2606:4700::6812:323 (United States)

ASN13335 (CLOUDFLARENET, US)

pub-3539e3cd4e8b465c86355be1776c4056.r2.dev	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:238d:9600:15:c281:3500:93a1 (United States)

ASN16509 (AMAZON-02, US)

ik.imagekit.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.181.225 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.58.159 (France)

ASN16276 (OVH, FR)
PTR: ns3096667.ip-162-19-58.eu

i.ibb.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 472	109 KB
3	imagekit.io ik.imagekit.io — Cisco Umbrella Rank: 23611	109 KB
1	ibb.co i.ibb.co — Cisco Umbrella Rank: 10139	60 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 77	1 KB
1	r2.dev pub-3539e3cd4e8b465c86355be1776c4056.r2.dev	9 KB
10	5

	Domain	Requested by
4	cdn.ampproject.org	pub-3539e3cd4e8b465c86355be1776c4056.r2.dev cdn.ampproject.org
3	ik.imagekit.io	pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
1	i.ibb.co
1	fonts.googleapis.com	pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
1	pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
10	5

This site contains links to these domains. Also see Links.

Domain
t.ly

Subject Issuer	Validity	Valid
*.r2.dev E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.imagekit.io Amazon RSA 2048 M02	`2024-01-23` - `2025-02-19`	a year	crt.sh
misc-sni.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
upload.video.google.com WR2	`2024-05-27` - `2024-08-19`	3 months	crt.sh
ibb.co R3	`2024-04-22` - `2024-07-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Frame ID: 56299B97E1C59AEBBD0346E046EFFACE
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DAFTAR AKUN VIP GRATIS SEKARANG JUGA

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Lightbox (JavaScript Libraries) Expand

Page Statistics

10
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

289 kB
Transfer

583 kB
Size

0
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://t.ly/mampir
Title: Daftar

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request pis.html Show response
pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/ 9 KB
9 KB 642ms
532ms Document
text/html 2606:4700::6812:323
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:323 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: aeeb3d795d2991e0db9c3a20b17c870f71326fb18ca2095bbd4ebc9e2325d027

Request headers

Accept-Language: fi-FI,fi;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
CF-RAY: 892befff6b098d6b-HEL
Connection: keep-alive
Content-Length: 9412
Content-Type: text/html
Date: Wed, 12 Jun 2024 18:34:53 GMT
ETag: "9f33d50c26840dd6af90b308674c5656"
Last-Modified: Sun, 09 Jun 2024 23:12:56 GMT
Server: cloudflare
Vary: Accept-Encoding

GET
H2 200 skystars.webp
ik.imagekit.io/slotters/xqwqos/ 15 KB
16 KB 313ms
157ms Image
image/webp 2600:9000:238d:9600:15:c281:3500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ik.imagekit.io/slotters/xqwqos/skystars.webp?updatedAt=1706597288426
Requested by: Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:9600:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 4913ac31f78014118e8a64d59d39bc4b51fbf89b6a6b54bd0e7759e86ab35392

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 10 Feb 2024 09:02:23 GMT
via: 1.1 081c7bef6b5d3c12829ac4c99182ccea.cloudfront.net (CloudFront), 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
age: 10661550
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 15676
x-request-id: af2038d9-39b5-477a-bf5b-e472e696cca0
etag: W/"3d3c-5owwUkjj95iRBjO2k8E4khOBgU0"
vary: Accept
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server: ImageKit.io
timing-allow-origin: *
access-control-allow-headers: *
x-amz-cf-id: o9XmSfGZ3r0pSNAofvWksX7BPhOTk6IND86VTn3jEg2diE_eFhkyvA==

GET
H2 200 top.webp
ik.imagekit.io/slotters/xqwqos/ 44 KB
45 KB 232ms
78ms Image
image/webp 2600:9000:238d:9600:15:c281:3500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ik.imagekit.io/slotters/xqwqos/top.webp?updatedAt=1706597459086
Requested by: Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:9600:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 9dd43e616c4b6074296e47cf7900f2fe743eb76a7e4fa5c88f2fa24cafe5bc29

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 10 Feb 2024 09:02:23 GMT
via: 1.1 68eb499493257a6d0620a0f6abdc78ca.cloudfront.net (CloudFront), 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
age: 10661550
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 45372
x-request-id: 93fc222a-e406-41a1-a4fe-a7b5c77ffb89
last-modified: Tue, 06 Feb 2024 18:58:32 GMT
etag: "3c6910e5c3d556eae914ba212b0e987d"
vary: Accept
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server: ImageKit.io
timing-allow-origin: *
access-control-allow-headers: *
x-amz-cf-id: al0m7u4twcarAYEq2J3VVgsH3QSr0CSIp3luVCbVbCGgn20iJDn-uw==

GET
H2 200 bottom.webp
ik.imagekit.io/slotters/xqwqos/ 48 KB
48 KB 312ms
168ms Image
image/webp 2600:9000:238d:9600:15:c281:3500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ik.imagekit.io/slotters/xqwqos/bottom.webp?updatedAt=1706597178927
Requested by: Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:238d:9600:15:c281:3500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: fba9c694933fa63a29ab8b8a9d8a6abb1c4d1779b4ffaa3cfcdd61c973a50e79

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 10 Feb 2024 09:02:23 GMT
via: 1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront), 1.1 29676c2ee539645954aa742bde1ce894.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS1-P1
age: 10661550
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 48924
x-request-id: 344fc5f5-5713-4af6-b516-38994934ad6c
last-modified: Tue, 30 Jan 2024 08:11:16 GMT
etag: "90d791855dca125ea51ae18e97f432c9"
vary: Accept
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate
x-server: ImageKit.io
timing-allow-origin: *
access-control-allow-headers: *
x-amz-cf-id: 5M_BVCn5LRhOtCxta4P9AYbkJyB6_m15wFhgURCDsD7x7pRKY5cm1w==

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
72 KB 313ms
87ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9d5e2003f798252335c0faf032c62d6cb9b2c6ef4756e301b868398a8346b236

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 12 Jun 2024 18:34:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73073
x-xss-protection: 0
server: sffe
etag: "a97eff4b207291bf"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Jun 2024 18:34:53 GMT

GET
H2 200 css2
fonts.googleapis.com/ 5 KB
1 KB 235ms
82ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Rubik:wght@400;700&display=swap

Requested by

Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e02824cb180b1ad247abe4fe74c0a1e0cc28e3efa6f383c3d163cc6bf3075902

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 12 Jun 2024 18:34:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 12 Jun 2024 16:45:27 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 12 Jun 2024 18:34:53 GMT

GET
H2 200 amp-anim-0.1.js Show response
cdn.ampproject.org/v0/ 6 KB
3 KB 385ms
171ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-anim-0.1.js

Requested by

Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aad4a38a6d4a642ec9ab4200dda2601baf8e481d45909f4a271d46597bb91019

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 12 Jun 2024 18:34:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2466
x-xss-protection: 0
server: sffe
etag: "c06b629613dcf06b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Jun 2024 18:34:53 GMT

GET
H2 200 amp-analytics-0.1.js Show response
cdn.ampproject.org/v0/ 110 KB
32 KB 410ms
195ms Script
text/javascript 2a00:1450:4001:82f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-analytics-0.1.js

Requested by

Host: pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
URL: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/pis.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfa65b26608906d60cc6dac3c832bd8b339f10482c2f8e91927f0675306157d7

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Wed, 12 Jun 2024 18:34:53 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32193
x-xss-protection: 0
server: sffe
etag: "b9e1abd953968548"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 12 Jun 2024 18:34:53 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012405300626000/v0/ 8 KB
3 KB 223ms
74ms Script
text/javascript 142.250.181.225
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012405300626000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.181.225 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f1.1e100.net

Software

sffe /

Resource Hash

74b2ab7f9b09d5a6f6ccd6e5f03f360b33f0f1f143f531b2b359a52954c8ee75

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Origin: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 11 Jun 2024 17:30:53 GMT
age: 90240
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2974
x-xss-protection: 0
server: sffe
etag: "d78510ac2b65c95f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 11 Jun 2025 17:30:53 GMT

GET
H2 200 slot-favicon.png
i.ibb.co/xq7kyc1/ 60 KB
60 KB 316ms
162ms Other
image/png 162.19.58.159
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://i.ibb.co/xq7kyc1/slot-favicon.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.58.159 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3096667.ip-162-19-58.eu
Software: nginx /
Resource Hash: 2a25b199cea43408916b00176ca31c4ea66f11ff4fb86f7f0a442a12f01e7685

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://pub-3539e3cd4e8b465c86355be1776c4056.r2.dev/
Accept-Language: fi-FI,fi;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 12 Jun 2024 18:34:53 GMT
last-modified: Sun, 09 Jun 2024 22:45:52 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 60979
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ampproject.org
fonts.googleapis.com
i.ibb.co
ik.imagekit.io
pub-3539e3cd4e8b465c86355be1776c4056.r2.dev
142.250.181.225
162.19.58.159
2600:9000:238d:9600:15:c281:3500:93a1
2606:4700::6812:323
2a00:1450:4001:813::200a
2a00:1450:4001:82f::2001
2a25b199cea43408916b00176ca31c4ea66f11ff4fb86f7f0a442a12f01e7685
4913ac31f78014118e8a64d59d39bc4b51fbf89b6a6b54bd0e7759e86ab35392
74b2ab7f9b09d5a6f6ccd6e5f03f360b33f0f1f143f531b2b359a52954c8ee75
9d5e2003f798252335c0faf032c62d6cb9b2c6ef4756e301b868398a8346b236
9dd43e616c4b6074296e47cf7900f2fe743eb76a7e4fa5c88f2fa24cafe5bc29
aad4a38a6d4a642ec9ab4200dda2601baf8e481d45909f4a271d46597bb91019
aeeb3d795d2991e0db9c3a20b17c870f71326fb18ca2095bbd4ebc9e2325d027
dfa65b26608906d60cc6dac3c832bd8b339f10482c2f8e91927f0675306157d7
e02824cb180b1ad247abe4fe74c0a1e0cc28e3efa6f383c3d163cc6bf3075902
fba9c694933fa63a29ab8b8a9d8a6abb1c4d1779b4ffaa3cfcdd61c973a50e79

pub-3539e3cd4e8b465c86355be1776c4056.r2.dev Open in urlscan Pro 2606:4700::6812:323 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

67 %IPv6

5 Domains

5 Subdomains

6 IPs

3 Countries

289 kBTransfer

583 kBSize

0 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

0 Cookies

Indicators

pub-3539e3cd4e8b465c86355be1776c4056.r2.dev Open in urlscan Pro
2606:4700::6812:323 Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

6
IPs

3
Countries

289 kB
Transfer

583 kB
Size

0
Cookies

10 HTTP transactions
0 data transactions