thum.polekel.biz.ua Open in urlscan Pro
2606:4700:3032::ac43:9c8d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Submission Tags: @phish_report
Submission: On August 03 via api (August 3rd 2024, 9:38:38 am UTC) from FI — Scanned from FI

Summary HTTP 18 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3032::ac43:9c8d, located in United States and belongs to CLOUDFLARENET, US. The main domain is thum.polekel.biz.ua. The Cisco Umbrella rank of the primary domain is 517208.
TLS certificate: Issued by WE1 on July 11th 2024. Valid for: 3 months.

This is the only time thum.polekel.biz.ua was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Cloudflare (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	2606:4700:303... 2606:4700:3032::ac43:9c8d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
4	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	162.19.88.69 162.19.88.69	16276 (OVH) (OVH)
2	142.250.186.161 142.250.186.161	15169 (GOOGLE) (GOOGLE)
18	6

6 2606:4700:3032::ac43:9c8d (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

thum.polekel.biz.ua	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

kilat.digital	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.19.88.69 (France)

ASN16276 (OVH, FR)
PTR: ns3221384.ip-162-19-88.eu

i.postimg.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 382	119 KB
6	biz.ua 1 redirects thum.polekel.biz.ua — Cisco Umbrella Rank: 517208	12 KB
4	kilat.digital kilat.digital — Cisco Umbrella Rank: 84027	24 KB
3	postimg.cc i.postimg.cc — Cisco Umbrella Rank: 18626	68 KB
18	4

	Domain	Requested by
6	cdn.ampproject.org	thum.polekel.biz.ua cdn.ampproject.org
6	thum.polekel.biz.ua	1 redirects thum.polekel.biz.ua
4	kilat.digital	thum.polekel.biz.ua
3	i.postimg.cc	thum.polekel.biz.ua
18	4

This site contains links to these domains. Also see Links.

Domain
t.ly
airputih.pages.dev

Subject Issuer	Validity	Valid
polekel.biz.ua WE1	`2024-07-11` - `2024-10-09`	3 months	crt.sh
misc-sni.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
kilat.digital WE1	`2024-07-26` - `2024-10-24`	3 months	crt.sh
postimg.cc R11	`2024-06-21` - `2024-09-19`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Frame ID: 7C53CCF5A3E2B4CBBC2B88E74F55743B
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

toto12 alternatif: Sekolah Tonasa Dua Mengadakan Kegiatan Sosial

Page URL History Show full URLs

https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
https://thum.polekel.biz.ua/cdn-cgi/phish-bypass?atok=dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-172267... HTTP 301
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL

Detected technologies

Lightbox (JavaScript Libraries) Expand

Page Statistics

18
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

4
Subdomains

6
IPs

4
Countries

222 kB
Transfer

552 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://t.ly/njx3Y
Title: toto12 alternatif

Search URL Search Domain Scan URL

URL: https://airputih.pages.dev/labuan/
Title: LINK ALTERNATIF

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL
https://thum.polekel.biz.ua/cdn-cgi/phish-bypass?atok=dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-1722677906-0.0.1.1-%2Ftonasa2%2F%3Fslot%3Dtoto12%2Balternatif HTTP 301
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
thum.polekel.biz.ua/tonasa2/ 4 KB
2 KB 209ms
62ms Document
text/html 2606:4700:3032::ac43:9c8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:9c8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9833a900314c35cff6af531289674924a73ae1b0857f2f85eddd494af3274754

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cf-ray: 8ad555b2c97e56c6-OSL
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sat, 03 Aug 2024 09:38:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwJJAt8UiwjwW2MtrrksjHt3A6%2BBp2fHHZSkghFd3cZmsDy2ku5Os33ePxlMPQegmr0IWd6LBSN6KoYWDHQVlNNVtmuRXZe3dfNV0hoqW7CI13YqRVCZSwQ%2BpPg0lYSKlxQgXfmr%2F5e25LVUgXlnzFQS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN

GET
H2 200 cf.errors.css
thum.polekel.biz.ua/cdn-cgi/styles/ 23 KB
5 KB 59ms
58ms Stylesheet
text/css 2606:4700:3032::ac43:9c8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thum.polekel.biz.ua/cdn-cgi/styles/cf.errors.css

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:9c8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 30 Jul 2024 21:55:42 GMT
server: cloudflare
etag: W/"66a9615e-5df3"
x-frame-options: DENY
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=7200, public
cf-ray: 8ad555b339ea56c6-OSL
expires: Sat, 03 Aug 2024 11:38:26 GMT

GET
H2 200 icon-exclamation.png
thum.polekel.biz.ua/cdn-cgi/images/ 452 B
540 B 58ms
58ms Image
image/png 2606:4700:3032::ac43:9c8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://thum.polekel.biz.ua/cdn-cgi/images/icon-exclamation.png?1376755637

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/cdn-cgi/styles/cf.errors.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:9c8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://thum.polekel.biz.ua/cdn-cgi/styles/cf.errors.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:26 GMT
x-content-type-options: nosniff
last-modified: Tue, 30 Jul 2024 21:55:42 GMT
server: cloudflare
etag: "66a9615e-1c4"
x-frame-options: DENY
vary: Accept-Encoding
content-type: image/png
cache-control: max-age=7200, public
accept-ranges: bytes
cf-ray: 8ad555b3aa5a56c6-OSL
content-length: 452
expires: Sat, 03 Aug 2024 11:38:26 GMT

GET
H2 404 favicon.ico
thum.polekel.biz.ua/ 1 KB
908 B 1812ms
1812ms Other
text/html 2606:4700:3032::ac43:9c8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://thum.polekel.biz.ua/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3032::ac43:9c8d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8ec6f0235ba6f655b36996f96bc8c70d2e377994792fd5d5488ca849365f77cd

Request headers

Referer: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:28 GMT
content-encoding: br
cf-cache-status: MISS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ch%2BJGwsTlxC1cW6NeiUpPAGQcp4f91y6tzZ33Ljm3JhmR6c2ENaTQeRABHijEIp3mz065tCPO8AT676mQNbwpe7XiDiGW4bVn325isJsYhITVkkChum%2FXe%2BLi%2BEhztG40qQvFz%2F2JS65hyD7EP%2FXH9Wk"}],"group":"cf-nel","max_age":604800}
content-type: text/html
cache-control: max-age=14400
cf-ray: 8ad555b41afa56c6-OSL
alt-svc: h3=":443"; ma=86400

GET
H2

200

Primary Request / Show response
thum.polekel.biz.ua/tonasa2/
Redirect Chain

https://thum.polekel.biz.ua/cdn-cgi/phish-bypass?atok=dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-1722677906-0.0.1.1-%2Ftonasa2%2F%3Fslot%3Dtoto12%2Balternatif
https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

10 KB
3 KB

1856ms
1856ms

Document
text/html

2606:4700:3032::ac43:9c8d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::ac43:9c8d , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548b7c30d635d00a6d3785491b9b35ed35fb4f1431f8a0c1cb8e499b172f25da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ad555d29c3f56c6-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Sat, 03 Aug 2024 09:38:33 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RgbKOWHiY2a8peMWKo%2BzErySWFIKSw3NiWVe9Ro84L5Iq0bS1OzUXjc4q1oNjNpzpkulFh6x8e8BWCI3pgNeBIU8vyckrrH8O92cEfEZCI0P9FuAd4XkYqJ9JiZIblClFlwIzhbp8u0vNtrivykl%2FddS"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: private, no-cache
cf-ray: 8ad555d23bc156c6-OSL
content-length: 167
content-type: text/html
date: Sat, 03 Aug 2024 09:38:31 GMT
location: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
server: cloudflare
x-content-type-options: nosniff
x-frame-options: DENY

GET
H2 200 v0.js Show response
cdn.ampproject.org/ 278 KB
72 KB 434ms
179ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0.js

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416484b2217e26d94420e4f75f62d3fbdb07a81058e6468042ce2542d016340d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 03 Aug 2024 09:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 73122
x-xss-protection: 0
server: sffe
etag: "2af4af216080b72b"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3000, stale-while-revalidate=1206600
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 03 Aug 2024 09:38:33 GMT

GET
H2 200 amp-carousel-0.1.js Show response
cdn.ampproject.org/v0/ 38 KB
11 KB 419ms
164ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-carousel-0.1.js

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a4edd02db8c4a0a4ab29fe5e7a5cc3982f1fa2d421305c67722aa42b463c056

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 03 Aug 2024 09:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11527
x-xss-protection: 0
server: sffe
etag: "aef697926ee2e511"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 03 Aug 2024 09:38:33 GMT

GET
H2 200 amp-list-0.1.js Show response
cdn.ampproject.org/v0/ 42 KB
13 KB 343ms
102ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-list-0.1.js

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

07afe241f59a16aefebc10c2fa6721c17ae71811a6ba05adfe0ced9be1749caf

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 03 Aug 2024 09:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13005
x-xss-protection: 0
server: sffe
etag: "cedf7960566c5049"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 03 Aug 2024 09:38:33 GMT

GET
H2 200 amp-mustache-0.2.js Show response
cdn.ampproject.org/v0/ 45 KB
16 KB 324ms
83ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-mustache-0.2.js

Requested by

Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8fa3336a40a94aa993e77e58243ee944bcec9084f71f4ed34399c96224c4e2eb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Sat, 03 Aug 2024 09:38:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15359
x-xss-protection: 0
server: sffe
etag: "878b797225258d2a"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sat, 03 Aug 2024 09:38:33 GMT

GET
H3 200 6b2ffffc4e97bb30e6d922ced607f802.png
kilat.digital/images/2023/12/20/ 5 KB
5 KB 150ms
70ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kilat.digital/images/2023/12/20/6b2ffffc4e97bb30e6d922ced607f802.png
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: eda0b47e64bebe25ecdc7a33ca1fef3560c2478c4cc4baf776a6a17fc962b6ad

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:33 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 11:38:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6140
etag: "1305-60cef6aa8054c"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Z%2FNl%2F%2B5wFvBIWfuUwIh%2FLNsaRcehGiCBT8JZOGrY1lYXQs3CiH81KCgu%2Bz7w0GMDy3nXMzp1POF7y5oloosNy65fU0PMPUcJr3e6XKKMqtnqoZhrjHZEWXxHkiXIkaJ"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ad555debb1c56ab-OSL
alt-svc: h3=":443"; ma=86400
content-length: 4869

GET
H3 200 bd350c38cdf02a19edcb5022f4d46f19.png
kilat.digital/images/2023/12/20/ 4 KB
5 KB 149ms
69ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kilat.digital/images/2023/12/20/bd350c38cdf02a19edcb5022f4d46f19.png
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 94bfec52c757c42fbffa1d4b8fbcef0f63a148605871d8d9ffe1636009ed2f0e

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:33 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 11:38:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6140
etag: "1159-60cef6aa2c58a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vri5I0Xhsca6Qx5xFmPFg1MuM592WZDs0HkosOuQ3p8sq1xHqDYw4sPifDOwLJKPwWTswdMkOuW9NO79vUlYMx25iabqVQUHBeRhZY4CU%2B5MFwTuWnUkM2UwtzhgUNsI"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ad555debb1d56ab-OSL
alt-svc: h3=":443"; ma=86400
content-length: 4441

GET
H3 200 48a21fd032df88e31b412091b7975d8c.png
kilat.digital/images/2023/12/20/ 8 KB
8 KB 138ms
72ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kilat.digital/images/2023/12/20/48a21fd032df88e31b412091b7975d8c.png
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f3482e3e3a37655b4b577c1d211ccf210a53633432e7506fcd3c2f39c1108588

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:33 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 11:38:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6140
etag: "1fe5-60cef6aa6ec0b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rjLT7oK6HQPVOxQ7fyLbSD05gmrNnTG1m%2BxEXRJwWmQI95kstJeEUvN3f%2B1CNmBEYbverslzF1swTdfLdTI7rbBpklg1FY2K3eu6VSoFS2WpaUsZGgD95bhsMA%2BtN3t5"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ad555debb1f56ab-OSL
alt-svc: h3=":443"; ma=86400
content-length: 8165

GET
H3 200 ed94593b02796a81fe558659411b7562.png
kilat.digital/images/2023/12/20/ 5 KB
6 KB 188ms
122ms Image
image/png 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://kilat.digital/images/2023/12/20/ed94593b02796a81fe558659411b7562.png
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a191ebfab47c1982b4ab1a41ac6e3636939395b6677a176a317a44d7dab5805e

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:33 GMT
cf-cache-status: HIT
last-modified: Wed, 20 Dec 2023 11:38:06 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 6140
etag: "149e-60cef6aa41d4b"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P6iuSR2Bq74CEpOvwqvzf9bcAJuoukFfrBmNmyVA6JqxFtuACmaBJ3tqTZXwoRactlBJ5nXjZG6nVoT3oiHE14EWYk81FNXTHnEgFMqazz5b5kRbl3uCKO%2B7gkfgwxYA"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 8ad555debb2256ab-OSL
alt-svc: h3=":443"; ma=86400
content-length: 5278

GET
DATA 200
OK truncated
/ 83 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3f4dff445f8068c3dc03845ba8d99eeb42f6e9058bbdf8f2ce00bd6fd10c055

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 tartarseo-logo.png
i.postimg.cc/T2rs1cKB/ 18 KB
18 KB 363ms
189ms Image
image/png 162.19.88.69
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.postimg.cc/T2rs1cKB/tartarseo-logo.png
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.88.69 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3221384.ip-162-19-88.eu
Software: nginx /
Resource Hash: 8f5ba1860018cc0ee070d8c28601d89ede577093eb7b5813691f2a4378a779fa

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:34 GMT
last-modified: Thu, 13 Jun 2024 17:50:34 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 18612
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 tseo-akses-slot.jpg
i.postimg.cc/QMMrCBTC/ 36 KB
37 KB 255ms
81ms Image
image/jpeg 162.19.88.69
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.postimg.cc/QMMrCBTC/tseo-akses-slot.jpg
Requested by: Host: thum.polekel.biz.ua
URL: https://thum.polekel.biz.ua/tonasa2/?slot=toto12+alternatif
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.88.69 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3221384.ip-162-19-88.eu
Software: nginx /
Resource Hash: f20137a313e820813eead523aebbb1b02545249e6dde069f5cf45b0f174cf284

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:34 GMT
last-modified: Thu, 04 Jul 2024 08:25:23 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 37200
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 amp-auto-lightbox-0.1.js Show response
cdn.ampproject.org/rtv/012406131415000/v0/ 8 KB
3 KB 227ms
77ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406131415000/v0/amp-auto-lightbox-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

08c034b981c8dbe7aace6c041f2b7dec193b2aff8d219ae8c3fc80f1aceda1de

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
Origin: https://thum.polekel.biz.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 15:06:09 GMT
age: 325945
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2974
x-xss-protection: 0
server: sffe
etag: "3bb766b5672b9f2f"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Jul 2025 15:06:09 GMT

GET
H3 200 amp-loader-0.1.js Show response
cdn.ampproject.org/rtv/012406131415000/v0/ 12 KB
4 KB 222ms
81ms Script
text/javascript 142.250.186.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406131415000/v0/amp-loader-0.1.js

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f1.1e100.net

Software

sffe /

Resource Hash

e4a0b30928c7d7d1d18cd4c7f43d23f2615cbcc92a0457a4e5bf04b9e3e73353

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://thum.polekel.biz.ua/
Origin: https://thum.polekel.biz.ua
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Tue, 30 Jul 2024 17:03:57 GMT
age: 318877
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3935
x-xss-protection: 0
server: sffe
etag: "db107aa2d6068f23"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Wed, 30 Jul 2025 17:03:57 GMT

GET
H2 200 tartarseo-fav.png
i.postimg.cc/kGFYHnr7/ 13 KB
13 KB 85ms
82ms Other
image/png 162.19.88.69
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://i.postimg.cc/kGFYHnr7/tartarseo-fav.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 162.19.88.69 , France, ASN16276 (OVH, FR),
Reverse DNS: ns3221384.ip-162-19-88.eu
Software: nginx /
Resource Hash: 189cf3af6a4190b252b7aeefa8e74fdc7be417f42ccc057e5c66f3d0bedec5f0

Request headers

Referer: https://thum.polekel.biz.ua/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sat, 03 Aug 2024 09:38:34 GMT
last-modified: Thu, 13 Jun 2024 17:50:34 GMT
server: nginx
access-control-allow-methods: GET, OPTIONS
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 12944
expires: Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Cloudflare (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.thum.polekel.biz.ua/	1970-01-20 22:32:44	Name: __cf_mw_byp Value: dKdjkXGHbUsTKeAlsDRTmWF9RXueD9E1VmFcueT36SU-1722677906-0.0.1.1-/tonasa2/?slot=toto12+alternatif

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://thum.polekel.biz.ua/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.ampproject.org
i.postimg.cc
kilat.digital
thum.polekel.biz.ua
142.250.186.161
162.19.88.69
188.114.97.3
2606:4700:3032::ac43:9c8d
2a00:1450:4001:82b::2001
07afe241f59a16aefebc10c2fa6721c17ae71811a6ba05adfe0ced9be1749caf
08c034b981c8dbe7aace6c041f2b7dec193b2aff8d219ae8c3fc80f1aceda1de
189cf3af6a4190b252b7aeefa8e74fdc7be417f42ccc057e5c66f3d0bedec5f0
416484b2217e26d94420e4f75f62d3fbdb07a81058e6468042ce2542d016340d
548b7c30d635d00a6d3785491b9b35ed35fb4f1431f8a0c1cb8e499b172f25da
5a4edd02db8c4a0a4ab29fe5e7a5cc3982f1fa2d421305c67722aa42b463c056
84e3c77025ace5af143972b4a40fc834dcdfd4e449d4b36a57e62326f16b3091
8ec6f0235ba6f655b36996f96bc8c70d2e377994792fd5d5488ca849365f77cd
8f5ba1860018cc0ee070d8c28601d89ede577093eb7b5813691f2a4378a779fa
8fa3336a40a94aa993e77e58243ee944bcec9084f71f4ed34399c96224c4e2eb
94bfec52c757c42fbffa1d4b8fbcef0f63a148605871d8d9ffe1636009ed2f0e
9833a900314c35cff6af531289674924a73ae1b0857f2f85eddd494af3274754
a191ebfab47c1982b4ab1a41ac6e3636939395b6677a176a317a44d7dab5805e
e3f4dff445f8068c3dc03845ba8d99eeb42f6e9058bbdf8f2ce00bd6fd10c055
e4a0b30928c7d7d1d18cd4c7f43d23f2615cbcc92a0457a4e5bf04b9e3e73353
eda0b47e64bebe25ecdc7a33ca1fef3560c2478c4cc4baf776a6a17fc962b6ad
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016
f20137a313e820813eead523aebbb1b02545249e6dde069f5cf45b0f174cf284
f3482e3e3a37655b4b577c1d211ccf210a53633432e7506fcd3c2f39c1108588

thum.polekel.biz.ua Open in urlscan Pro 2606:4700:3032::ac43:9c8d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

40 %IPv6

4 Domains

4 Subdomains

6 IPs

4 Countries

222 kBTransfer

552 kBSize

1 Cookies

2 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

thum.polekel.biz.ua Open in urlscan Pro
2606:4700:3032::ac43:9c8d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

40 %
IPv6

4
Domains

4
Subdomains

6
IPs

4
Countries

222 kB
Transfer

552 kB
Size

1
Cookies

18 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!