widget.intervale.kz Open in urlscan Pro
91.238.120.141 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.mypay.kz/
Effective URL:
http://widget.intervale.kz/
Submission: On December 18 via automatic, source certstream-suspicious (December 18th 2020, 9:33:02 am UTC)

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 7 domains to perform 15 HTTP transactions. The main IP is 91.238.120.141, located in Russian Federation and belongs to INTERVALE-AS, RU. The main domain is widget.intervale.kz.

This is the only time widget.intervale.kz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2a00:5da0:100... 2a00:5da0:1000::127	48716 (PS) (PS)
6	91.238.120.141 91.238.120.141	198712 (INTERVALE-AS) (INTERVALE-AS)
1	2a00:1450:400... 2a00:1450:4001:802::200a	15169 (GOOGLE) (GOOGLE)
1	91.238.120.182 91.238.120.182	198712 (INTERVALE-AS) (INTERVALE-AS)
4	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE)
3	2a02:6b8::1:119 2a02:6b8::1:119	13238 (YANDEX) (YANDEX)
15	5

1 2a00:5da0:1000::127 (Kazakhstan) 1 redirects

ASN48716 (PS, KZ)

www.mypay.kz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 91.238.120.141 (Russian Federation)

ASN198712 (INTERVALE-AS, RU)

widget.intervale.kz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widget.intervale.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 91.238.120.182 (Russian Federation)

ASN198712 (INTERVALE-AS, RU)
PTR: payments.thepayup.ru

wl.thepayup.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:6b8::1:119 (Moscow, Russian Federation)

ASN13238 (YANDEX, RU)

mc.yandex.ru	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	gstatic.com fonts.gstatic.com	37 KB
4	intervale.kz widget.intervale.kz	18 KB
3	yandex.ru mc.yandex.ru	41 KB
2	intervale.ru widget.intervale.ru
1	thepayup.ru wl.thepayup.ru	13 KB
1	googleapis.com fonts.googleapis.com	609 B
1	mypay.kz 1 redirects www.mypay.kz	135 B
15	7

	Domain	Requested by
4	fonts.gstatic.com	fonts.googleapis.com
4	widget.intervale.kz	widget.intervale.kz
3	mc.yandex.ru	wl.thepayup.ru mc.yandex.ru
2	widget.intervale.ru	widget.intervale.kz wl.thepayup.ru
1	wl.thepayup.ru	widget.intervale.kz
1	fonts.googleapis.com	widget.intervale.kz
1	www.mypay.kz	1 redirects
15	7

This site contains no links.

Subject Issuer	Validity	Valid
upload.video.google.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
*.thepayup.ru RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2020-08-27` - `2021-08-28`	a year	crt.sh
*.intervale.ru GlobalSign RSA OV SSL CA 2018	`2020-01-24` - `2021-01-24`	a year	crt.sh
*.gstatic.com GTS CA 1O1	`2020-11-10` - `2021-02-02`	3 months	crt.sh
mc.yandex.ru Yandex CA	`2020-09-29` - `2021-03-11`	5 months	crt.sh

This page contains 3 frames:

Primary Page: http://widget.intervale.kz/
Frame ID: 86A24887245DC97B76D9B7709959BD9D
Requests: 13 HTTP requests in this frame

Frame: https://widget.intervale.ru/?portal_id=KZPEREVEDIMEWIDGET09809830877GH6
Frame ID: C41F098164754E5487D2A57A85CAB9ED
Requests: 1 HTTP requests in this frame

Frame: https://widget.intervale.ru/?portal_id=KZPEREVEDIMEWIDGET09809830877GH6
Frame ID: FE088A73234DB1590CE4B40CEFF18807
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.mypay.kz/ HTTP 302
http://widget.intervale.kz/ Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Yandex.Metrika (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /mc\.yandex\.ru\/metrika\/watch\.js/i

Page Statistics

15
Requests

73 %
HTTPS

67 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

110 kB
Transfer

185 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.mypay.kz/ HTTP 302
http://widget.intervale.kz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
widget.intervale.kz/
Redirect Chain

https://www.mypay.kz/
http://widget.intervale.kz/

5 KB
6 KB

234ms
116ms

Document
text/html

91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://widget.intervale.kz/

Protocol

HTTP/1.1

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.19.3 /

Resource Hash

4a4795b35f145af437cb7ee9b594bb85326003d591dd16282f01d83af7b4fec9

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: widget.intervale.kz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.19.3
Date: Fri, 18 Dec 2020 09:32:41 GMT
Content-Type: text/html
Content-Length: 5254
Last-Modified: Tue, 20 Mar 2018 15:08:44 GMT
Connection: keep-alive
ETag: "5ab123fc-1486"
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=16070400; includeSubDomains
Accept-Ranges: bytes

Redirect headers

server: nginx
date: Fri, 18 Dec 2020 09:32:40 GMT
content-type: text/html; charset=UTF-8
location: http://widget.intervale.kz
x-content-type-options: nosniff
x-powered-by: PleskLin

GET
H2 200 css
fonts.googleapis.com/ 2 KB
609 B 19ms
16ms Stylesheet
text/css 2a00:1450:4001:802::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d1572d9654b3a02eb377518f62a6f2b1fcd8c27af34586b9d79b19348761e6bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 18 Dec 2020 09:32:41 GMT
server: ESF
date: Fri, 18 Dec 2020 09:32:41 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Dec 2020 09:32:41 GMT

GET
H/1.1 200
OK reset.css
widget.intervale.kz/css/ 7 KB
7 KB 66ms
64ms Stylesheet
text/css 91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://widget.intervale.kz/css/reset.css

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/

Protocol

HTTP/1.1

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.19.3 /

Resource Hash

7a2f1a4397b57bc7d80f565d1bfeb6640352de2e7461fffc242072857a90f67a

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Dec 2020 09:32:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 30 Sep 2016 06:36:18 GMT
Server: nginx/1.19.3
X-Frame-Options: SAMEORIGIN
ETag: "57ee07e2-1a07"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 6663
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK style.css
widget.intervale.kz/css/ 4 KB
4 KB 132ms
118ms Stylesheet
text/css 91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

http://widget.intervale.kz/css/style.css

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/

Protocol

HTTP/1.1

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.19.3 /

Resource Hash

254c51e3bae5ee46a8c96b544f7f60e381345289edb1bdcd45c3951bdd7190c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Dec 2020 09:32:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 20 Mar 2018 15:05:48 GMT
Server: nginx/1.19.3
X-Frame-Options: SAMEORIGIN
ETag: "5ab1234c-e03"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3587
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK iv-payup-widget.1.0.0.min.js Show response
wl.thepayup.ru/ 12 KB
13 KB 287ms
85ms Script
application/javascript 91.238.120.182
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wl.thepayup.ru/iv-payup-widget.1.0.0.min.js

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.238.120.182 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

payments.thepayup.ru

Software

nginx/1.19.3 /

Resource Hash

05f47f027d3047b115ae919f971404f4b4c2ebc08f285edc3a82dfcde7e3ee62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: ; style-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' ; font-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://openapi-entry.intervale.ru
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Dec 2020 09:32:41 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 12654
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 30 Apr 2019 07:44:39 GMT
Server: nginx/1.19.3
ETag: "5cc7fce7-316e"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: no-cache
Feature-Policy: geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data: *; style-src 'self' 'unsafe-inline'; frame-src 'self' 'unsafe-inline' *; font-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' https://openapi-entry.intervale.ru
Accept-Ranges: bytes
Expires: Fri, 18 Dec 2020 09:32:40 GMT

GET
H/1.1 200
OK /
widget.intervale.ru/ Frame C41F 0
0 373ms
79ms Document
text/html 91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.intervale.ru/?portal_id=KZPEREVEDIMEWIDGET09809830877GH6

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: widget.intervale.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://widget.intervale.kz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://widget.intervale.kz/

Response headers

Server: nginx/1.18.0
Date: Fri, 18 Dec 2020 09:32:41 GMT
Content-Type: text/html
Last-Modified: Fri, 07 Jun 2019 09:23:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5cfa2d16-1799"
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=16070400; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Content-Encoding: gzip

GET
H/1.1 200
OK arrow.png
widget.intervale.kz/images/ 2 KB
2 KB 75ms
75ms Image
image/png 91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://widget.intervale.kz/images/arrow.png

Requested by

Host: widget.intervale.kz
URL: http://widget.intervale.kz/css/style.css

Protocol

HTTP/1.1

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.19.3 /

Resource Hash

8b34973e85aafb264c1d5b8e3bb39bb6206de6574771ff4a2a158e50888bf9ab

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://widget.intervale.kz/css/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 18 Dec 2020 09:32:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 16 Jun 2017 12:22:44 GMT
Server: nginx/1.19.3
X-Frame-Options: SAMEORIGIN
ETag: "5943cd94-731"
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1841
X-XSS-Protection: 1; mode=block

GET
H2 200 jizaRExUiTo99u79D0KExcOPIDU.woff2
fonts.gstatic.com/s/ptsans/v12/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0KExcOPIDU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://widget.intervale.kz
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Dec 2020 06:21:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:11 GMT
server: sffe
age: 11450
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11380
x-xss-protection: 0
expires: Sat, 18 Dec 2021 06:21:51 GMT

GET
H2 200 jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2
fonts.gstatic.com/s/ptsans/v12/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0O6tLR8a8zI.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://widget.intervale.kz
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 16 Dec 2020 04:59:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:37 GMT
server: sffe
age: 189172
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11504
x-xss-protection: 0
expires: Thu, 16 Dec 2021 04:59:49 GMT

GET
H3-Q050 200 jizaRExUiTo99u79D0aExcOPIDUg-g.woff2
fonts.gstatic.com/s/ptsans/v12/ 7 KB
7 KB 34ms
21ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizaRExUiTo99u79D0aExcOPIDUg-g.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

001c2984ebf5eb5558b1039695d020c76566d2c272a49cc10d24c5a3fe4596d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://widget.intervale.kz
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Dec 2020 06:27:49 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:01 GMT
server: sffe
age: 11092
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7124
x-xss-protection: 0
expires: Sat, 18 Dec 2021 06:27:49 GMT

GET
H3-Q050 200 jizfRExUiTo99u79B_mh0OqtLR8a8zILig.woff2
fonts.gstatic.com/s/ptsans/v12/ 7 KB
7 KB 31ms
22ms Font
font/woff2 2a00:1450:4001:825::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ptsans/v12/jizfRExUiTo99u79B_mh0OqtLR8a8zILig.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic

Protocol

H3-Q050

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bdf385cb758b680074163b0975f9f85425125f332deaae55ecb83d910895286

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: http://widget.intervale.kz
Referer: https://fonts.googleapis.com/css?family=PT+Sans:400,700&subset=cyrillic
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 14 Dec 2020 22:14:35 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:10:11 GMT
server: sffe
age: 299886
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7152
x-xss-protection: 0
expires: Tue, 14 Dec 2021 22:14:35 GMT

GET
H2 200 watch.js Show response
mc.yandex.ru/metrika/ 116 KB
40 KB 45ms
44ms Script
application/javascript 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/metrika/watch.js

Requested by

Host: wl.thepayup.ru
URL: https://wl.thepayup.ru/iv-payup-widget.1.0.0.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

d5e10bdca95d0d6e9bdf4a5ff066f0994c4ebff567fd8b4941130926dd5ffc73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Dec 2020 09:32:47 GMT
content-encoding: br
last-modified: Thu, 17 Dec 2020 15:03:06 GMT
etag: "5fda2223-a180"
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
content-length: 41344
expires: Fri, 18 Dec 2020 10:32:47 GMT

GET
H/1.1 200
OK /
widget.intervale.ru/ Frame FE08 0
0 65ms
64ms Document
text/html 91.238.120.141
INTERVALE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://widget.intervale.ru/?portal_id=KZPEREVEDIMEWIDGET09809830877GH6

Requested by

Host: wl.thepayup.ru
URL: https://wl.thepayup.ru/iv-payup-widget.1.0.0.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.238.120.141 , Russian Federation, ASN198712 (INTERVALE-AS, RU),

Reverse DNS

Software

nginx/1.18.0 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: widget.intervale.ru
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: http://widget.intervale.kz/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: _ym_uid=1608283967721925448; _ym_d=1608283967
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: http://widget.intervale.kz/

Response headers

Server: nginx/1.18.0
Date: Fri, 18 Dec 2020 09:32:47 GMT
Content-Type: text/html
Last-Modified: Fri, 07 Jun 2019 09:24:19 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5cfa2d43-1799"
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=16070400; includeSubDomains
Referrer-Policy: strict-origin-when-cross-origin
Content-Encoding: gzip

GET
H2 200 32924368 Show response
mc.yandex.ru/watch/ 186 B
238 B 44ms
44ms XHR
application/json 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to

Full URL

https://mc.yandex.ru/watch/32924368?wmode=7&page-url=http%3A%2F%2Fwidget.intervale.kz%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A3co3dc2h0jw8vt%3Afp%3A1484%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A341%3Acn%3A1%3Adp%3A0%3Als%3A0%3Ahid%3A164862028%3Az%3A60%3Ai%3A202012180103247%3Aet%3A1608283967%3Ac%3A1%3Arn%3A280572822%3Arqn%3A1%3Au%3A1608283967692290656%3Aw%3A1600x1200%3As%3A1600x1200x24%3Ask%3A1%3Ahdl%3A1%3Ans%3A1608283959978%3Ads%3A105%2C12%2C116%2C5%2C846%2C0%2C%2C357%2C0%2C7144%2C7144%2C4%2C1446%3Adsn%3A104%2C13%2C116%2C5%2C846%2C0%2C%2C361%2C0%2C7144%2C7144%2C3%2C1446%3Arqnl%3A1%3Ati%3A2%3Ast%3A1608283967%3At%3A%D0%9F%D0%B5%D1%80%D0%B5%D0%B2%D0%BE%D0%B4%D1%8B%20%D1%81%20%D0%BA%D0%B0%D1%80%D1%82%D1%8B%20%D0%BD%D0%B0%20%D0%BA%D0%B0%D1%80%D1%82%D1%83%20%D0%B8%20%D0%B2%20%D0%BD%D0%B0%D0%BB%D0%B8%D1%87%D0%BD%D1%8B%D0%B5%20%D0%B2%20%D0%BE%D1%82%D0%B4%D0%B5%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F%20%D0%9A%D0%B0%D0%B7%D0%BF%D0%BE%D1%87%D1%82%D1%8B

Requested by

Host: mc.yandex.ru
URL: https://mc.yandex.ru/metrika/watch.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

b45cc3b80198e53dcb2d0aca332d2de2a12e6f78764a8e682d20387be9e55de6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 18 Dec 2020 09:32:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 18-Dec-2020 09:32:47 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
access-control-allow-origin: http://widget.intervale.kz
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 186
x-xss-protection: 1; mode=block
expires: Fri, 18-Dec-2020 09:32:47 GMT

GET
H2 200 advert.gif
mc.yandex.ru/metrika/ 43 B
72 B 46ms
44ms Image
image/gif 2a02:6b8::1:119
YANDEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mc.yandex.ru/metrika/advert.gif

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:6b8::1:119 Moscow, Russian Federation, ASN13238 (YANDEX, RU),

Reverse DNS

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: http://widget.intervale.kz/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 18 Dec 2020 09:32:47 GMT
last-modified: Thu, 17 Dec 2020 15:03:06 GMT
etag: "5fda2223-2b"
strict-transport-security: max-age=31536000
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-length: 43
expires: Fri, 18 Dec 2020 10:32:47 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.intervale.ru/	1970-01-19 23:30:19	Name: _ym_d Value: 1608283967
			.intervale.ru/	1970-01-19 23:30:19	Name: _ym_uid Value: 1608283967721925448

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
mc.yandex.ru
widget.intervale.kz
widget.intervale.ru
wl.thepayup.ru
www.mypay.kz
2a00:1450:4001:802::200a
2a00:1450:4001:825::2003
2a00:5da0:1000::127
2a02:6b8::1:119
91.238.120.141
91.238.120.182
001c2984ebf5eb5558b1039695d020c76566d2c272a49cc10d24c5a3fe4596d2
05f47f027d3047b115ae919f971404f4b4c2ebc08f285edc3a82dfcde7e3ee62
0bdf385cb758b680074163b0975f9f85425125f332deaae55ecb83d910895286
254c51e3bae5ee46a8c96b544f7f60e381345289edb1bdcd45c3951bdd7190c7
4a4795b35f145af437cb7ee9b594bb85326003d591dd16282f01d83af7b4fec9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
7a2f1a4397b57bc7d80f565d1bfeb6640352de2e7461fffc242072857a90f67a
8b34973e85aafb264c1d5b8e3bb39bb6206de6574771ff4a2a158e50888bf9ab
9ae1e27e08b4bbc15557c0f5bbd97b4009eb86c85da9fb2be4c4085a5289182f
b45cc3b80198e53dcb2d0aca332d2de2a12e6f78764a8e682d20387be9e55de6
bb74816a9aaed49f7b58ffbfead623f50686271a551d77a3ed95a56a56e40dbf
d1572d9654b3a02eb377518f62a6f2b1fcd8c27af34586b9d79b19348761e6bd
d5e10bdca95d0d6e9bdf4a5ff066f0994c4ebff567fd8b4941130926dd5ffc73

widget.intervale.kz Open in urlscan Pro 91.238.120.141 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

73 %HTTPS

67 %IPv6

7 Domains

7 Subdomains

5 IPs

3 Countries

110 kBTransfer

185 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

widget.intervale.kz Open in urlscan Pro
91.238.120.141 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

73 %
HTTPS

67 %
IPv6

7
Domains

7
Subdomains

5
IPs

3
Countries

110 kB
Transfer

185 kB
Size

2
Cookies

15 HTTP transactions
0 data transactions