thum.polekel.biz.ua
Open in
urlscan Pro
2606:4700:3032::ac43:9c8d
Malicious Activity!
Public Scan
Submission Tags: @phish_report
Submission: On August 03 via api from FI — Scanned from FI
Summary
TLS certificate: Issued by WE1 on July 11th 2024. Valid for: 3 months.
This is the only time thum.polekel.biz.ua was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700:303... 2606:4700:3032::ac43:9c8d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
4 | 2a00:1450:400... 2a00:1450:4001:82b::2001 | 15169 (GOOGLE) (GOOGLE) | |
4 | 188.114.97.3 188.114.97.3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 162.19.88.69 162.19.88.69 | 16276 (OVH) (OVH) | |
2 | 142.250.186.161 142.250.186.161 | 15169 (GOOGLE) (GOOGLE) | |
18 | 6 |
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net
cdn.ampproject.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 382 |
119 KB |
6 |
biz.ua
1 redirects
thum.polekel.biz.ua — Cisco Umbrella Rank: 517208 |
12 KB |
4 |
kilat.digital
kilat.digital — Cisco Umbrella Rank: 84027 |
24 KB |
3 |
postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 18626 |
68 KB |
18 | 4 |
Domain | Requested by | |
---|---|---|
6 | cdn.ampproject.org |
thum.polekel.biz.ua
cdn.ampproject.org |
6 | thum.polekel.biz.ua |
1 redirects
thum.polekel.biz.ua
|
4 | kilat.digital |
thum.polekel.biz.ua
|
3 | i.postimg.cc |
thum.polekel.biz.ua
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
t.ly |
airputih.pages.dev |
Subject Issuer | Validity | Valid | |
---|---|---|---|
polekel.biz.ua WE1 |
2024-07-11 - 2024-10-09 |
3 months | crt.sh |
misc-sni.google.com WR2 |
2024-07-30 - 2024-10-22 |
3 months | crt.sh |
kilat.digital WE1 |
2024-07-26 - 2024-10-24 |
3 months | crt.sh |
postimg.cc R11 |
2024-06-21 - 2024-09-19 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Frame ID: 7C53CCF5A3E2B4CBBC2B88E74F55743B
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
toto12 alternatif: Sekolah Tonasa Dua Mengadakan Kegiatan SosialPage URL History Show full URLs
- https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
-
https://thum.polekel.biz.ua/cdn-cgi/phish-bypass?atok=dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-172267...
HTTP 301
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
Detected technologies
Lightbox (JavaScript Libraries) ExpandDetected patterns
- lightbox(?:-plus-jquery)?.{0,32}\.js
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: toto12 alternatif
Search URL Search Domain Scan URL
Title: LINK ALTERNATIF
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
-
https://thum.polekel.biz.ua/cdn-cgi/phish-bypass?atok=dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-1722677906-0.0.1.1-%2Ftonasa2%2F%3Fslot%3Dtoto12%2Balternatif
HTTP 301
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
thum.polekel.biz.ua/tonasa2/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
thum.polekel.biz.ua/cdn-cgi/styles/ |
23 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
thum.polekel.biz.ua/cdn-cgi/images/ |
452 B 540 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
thum.polekel.biz.ua/ |
1 KB 908 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
thum.polekel.biz.ua/tonasa2/ Redirect Chain
|
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v0.js
cdn.ampproject.org/ |
278 KB 72 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-carousel-0.1.js
cdn.ampproject.org/v0/ |
38 KB 11 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-list-0.1.js
cdn.ampproject.org/v0/ |
42 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
amp-mustache-0.2.js
cdn.ampproject.org/v0/ |
45 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6b2ffffc4e97bb30e6d922ced607f802.png
kilat.digital/images/2023/12/20/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bd350c38cdf02a19edcb5022f4d46f19.png
kilat.digital/images/2023/12/20/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
48a21fd032df88e31b412091b7975d8c.png
kilat.digital/images/2023/12/20/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ed94593b02796a81fe558659411b7562.png
kilat.digital/images/2023/12/20/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
83 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tartarseo-logo.png
i.postimg.cc/T2rs1cKB/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tseo-akses-slot.jpg
i.postimg.cc/QMMrCBTC/ |
36 KB 37 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amp-auto-lightbox-0.1.js
cdn.ampproject.org/rtv/012406131415000/v0/ |
8 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
amp-loader-0.1.js
cdn.ampproject.org/rtv/012406131415000/v0/ |
12 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tartarseo-fav.png
i.postimg.cc/kGFYHnr7/ |
13 KB 13 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| AMP object| AMP_CONFIG object| AMP_EXP object| __AMP_LOG function| HTMLElementOrig object| __AMP_ERRORS object| __AMP_MODE function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_URL_CACHE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.thum.polekel.biz.ua/ | Name: __cf_mw_byp Value: dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-1722677906-0.0.1.1-/tonasa2/?slot=toto12+alternatif |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdn.ampproject.org
i.postimg.cc
kilat.digital
thum.polekel.biz.ua
142.250.186.161
162.19.88.69
188.114.97.3
2606:4700:3032::ac43:9c8d
2a00:1450:4001:82b::2001
07afe241f59a16aefebc10c2fa6721c17ae71811a6ba05adfe0ced9be1749caf
08c034b981c8dbe7aace6c041f2b7dec193b2aff8d219ae8c3fc80f1aceda1de
189cf3af6a4190b252b7aeefa8e74fdc7be417f42ccc057e5c66f3d0bedec5f0
416484b2217e26d94420e4f75f62d3fbdb07a81058e6468042ce2542d016340d
548b7c30d635d00a6d3785491b9b35ed35fb4f1431f8a0c1cb8e499b172f25da
5a4edd02db8c4a0a4ab29fe5e7a5cc3982f1fa2d421305c67722aa42b463c056
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ec6f0235ba6f655b36996f96bc8c70d2e377994792fd5d5488ca849365f77cd
8f5ba1860018cc0ee070d8c28601d89ede577093eb7b5813691f2a4378a779fa
8fa3336a40a94aa993e77e58243ee944bcec9084f71f4ed34399c96224c4e2eb
94bfec52c757c42fbffa1d4b8fbcef0f63a148605871d8d9ffe1636009ed2f0e
9833a900314c35cff6af531289674924a73ae1b0857f2f85eddd494af3274754
a191ebfab47c1982b4ab1a41ac6e3636939395b6677a176a317a44d7dab5805e
e3f4dff445f8068c3dc03845ba8d99eeb42f6e9058bbdf8f2ce00bd6fd10c055
e4a0b30928c7d7d1d18cd4c7f43d23f2615cbcc92a0457a4e5bf04b9e3e73353
eda0b47e64bebe25ecdc7a33ca1fef3560c2478c4cc4baf776a6a17fc962b6ad
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f20137a313e820813eead523aebbb1b02545249e6dde069f5cf45b0f174cf284
f3482e3e3a37655b4b577c1d211ccf210a53633432e7506fcd3c2f39c1108588