29485412.xyz Open in urlscan Pro
104.21.90.227 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://29485412.xyz/05s0kqro/reYLB3/8
Submission: On February 02 via api (February 2nd 2024, 2:46:34 pm UTC) from PL — Scanned from PL

Summary HTTP 48 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 48 HTTP transactions. The main IP is 104.21.90.227, located in and belongs to CLOUDFLARENET, US. The main domain is 29485412.xyz.
TLS certificate: Issued by E1 on February 1st 2024. Valid for: 3 months.

This is the only time 29485412.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PKO Bank Polski (Banking)

Domain & IP information

	IP Address	AS Autonomous System
38	104.21.90.227 104.21.90.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	142.250.186.78 142.250.186.78	15169 (GOOGLE) (GOOGLE)
2	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1 2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
48	6

38 104.21.90.227 (None, )

ASN13335 (CLOUDFLARENET, US)

29485412.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.78 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f14.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.166 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
38	29485412.xyz 29485412.xyz	705 KB
6	youtube.com www.youtube.com — Cisco Umbrella Rank: 75	971 KB
3	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 static.doubleclick.net — Cisco Umbrella Rank: 263	1 KB
2	gstatic.com fonts.gstatic.com	31 KB
48	4

	Domain	Requested by
38	29485412.xyz	29485412.xyz
6	www.youtube.com	29485412.xyz www.youtube.com
2	googleads.g.doubleclick.net	1 redirects www.youtube.com
2	fonts.gstatic.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
48	5

This site contains links to these domains. Also see Links.

Domain
www.ipko.pl
www.pkobp.pl

Subject Issuer	Validity	Valid
29485412.xyz E1	`2024-02-01` - `2024-05-01`	3 months	crt.sh
*.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://29485412.xyz/05s0kqro/reYLB3/8
Frame ID: 92AA34ADC2AA5A9D96B159A802079CCA
Requests: 42 HTTP requests in this frame

Frame: https://www.youtube.com/embed/amGERmJ6M0E
Frame ID: 40477246481968369BAA92162E5C1A3B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

iPKO – bankowość elektroniczna PKO Banku Polskiego

Detected technologies

Socket.io (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

socket\.io.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

48
Requests

98 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

1708 kB
Transfer

5906 kB
Size

5
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ipko.pl/secure/ikd3/
Title: iPKO

Search URL Search Domain Scan URL

URL: https://www.ipko.pl/secure/ikd3/#INT_LOGIN_HELP
Title: Pomoc w logowaniu

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/klienci-indywidualni/konta/konta-osobiste/zostan-naszym-klientem/
Title: Otwórz konto

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/
Title: © 2024 PKO Bank Polski

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/klienci-indywidualni/operacje-zagraniczne/bic-swift-i-iban/
Title: Kod BIC (Swift): BPKOPLPW

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/polityka-prywatnosci/
Title: Polityka prywatności

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/klienci-indywidualni/bankowosc-elektroniczna/bezpieczenstwo/
Title: Bezpieczeństwo

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/klienci-indywidualni/bankowosc-elektroniczna/zacznij-korzystac/
Title: Pomoc

Search URL Search Domain Scan URL

URL: https://www.pkobp.pl/klienci-indywidualni/bankowosc-elektroniczna/serwis-telefoniczny/
Title: Kontakt

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://googleads.g.doubleclick.net/pagead/id HTTP 302
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

48 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 8 Show response
29485412.xyz/05s0kqro/reYLB3/ 1 MB
177 KB 1278ms
472ms Document
text/html 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

662e0c0bc531b3115f44d7ca953dbfb4df2dede1cfa7f7bf6ecb24a276957f4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache, private
cf-cache-status: DYNAMIC
cf-ray: 84f3393c9ef0c605-KHI
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 02 Feb 2024 14:46:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XFL0%2BSbrX7BBel0zH%2BQo3ZIMYD9KZSSLjWt8EChpuPx0xTPT790bH%2BY0T0JARzKsLPCaXz9gKC0G1nAHRQ0HD0LurCqYZFxE0z4Porhp9vKvtHc%2FceftYpazqMt3plI%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H2 200 comp-block_how_to_start.ae39a95df053edbeaeff.css
29485412.xyz/css/limits/ 9 KB
2 KB 2149ms
2148ms Stylesheet
text/css 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/css/limits/comp-block_how_to_start.ae39a95df053edbeaeff.css

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8573227780d340426a11e25af2734e6f71289eeb497c20dd894e27d368edff48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-2401"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dBHyGqGsWNBC%2B5jA07iA0GPgL3rGe3w%2FM2UgWNH0J5ZtaELGxvi5ufoTi9xEmeFfe81Uvvy71G8j82ApXQA2h%2BLgkI0x5aIC2czAcdr70MgbBXmAZjHa%2F8yP2Pqxlrk%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3393f9c29c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 comp-intro_banner.b269726fe25c3ad37bbc.css
29485412.xyz/css/limits/ 12 KB
2 KB 2153ms
2153ms Stylesheet
text/css 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/css/limits/comp-intro_banner.b269726fe25c3ad37bbc.css

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52fb216f0db981c9fa92b1cc653f35cb1534fd338f4fc666b151bdef2c275ebd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-2f0c"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HxcMmyNKWuslgHbdBHWw5l6BUpFj%2F%2B%2BEpJ04WuKZAttGnr6sDLOLH5T1hNXriDzLCq5I19tqQRN2hq40yL5rWoY9zDWTIkWvaErommvRFcjGsXAJGjqpHJmZJA6WwYo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3393f9c2cc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 app.css
29485412.xyz/css/ 85 KB
14 KB 2150ms
2150ms Stylesheet
text/css 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/css/app.css?id=7345698a2729b5451bf6

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

445dd862d664d19dd7968cebdb69cc57da1784493a682877d885c45e70c75ccd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Sat, 27 Jan 2024 11:58:15 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b4efd7-1532f"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ti1lPi5P%2FioHHWnNC4wzt8nmfub9i%2FJDevjUnEHVPnAf29BH%2BK%2BgJYzbENVApILSNn14%2BBVM1x2vpNuOIn7XJ0g4U1L8cBP72Wb4rq6CTMf2EXSnFJf49Rol7l%2FBLaM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3393f9c2ec605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 vendors_debug.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 22 KB
7 KB 2154ms
2153ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/vendors_debug.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe77b18e2c6ff984fe3753ba571d1842b732d14885f2c86de90af8362aff3618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-56fc"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=niKCc3iNRmnVZ0QNthweoj4ReENppFOL8SCps8uhwAS0R9jBAI1t3qwpcKZ1h%2F20x8sg38GoyJ5WAeJYVW4qlBAlmV53vn3Aa5ef8mzTW4cVGRxwDY62348UH304eik%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3393f9c2fc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 debug.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 2 KB
1 KB 2153ms
2153ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/debug.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1aea3decec4c4cce9d75336e520177ae2b21e385ba870913017cb8a9abd89eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:26 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-751"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PrCP%2FpdHZ%2FAnhifTm2xLK0K%2F%2ByU8p2vVMoCG5zzm86wOd1jNumK4b8zBuNwlJXDrvjswgO5Y3teCFoiFDrjV7apl2DwjwNAQbqBjD3fd2E5XYkzNX1N%2F%2BfivUQR5zQ0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3393f9c30c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 vendors_locale-data-pl.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 26 KB
4 KB 371ms
368ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/vendors_locale-data-pl.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

91b1c4ea2d72fc299015a5c14550f2c6770e6389b1b8068dacddc885913fecd4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-6600"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PtXh5KkHKIs5RYEzxctYf2QFejQvKTb%2FJgeF6dBhR1QucG%2BRcNYslkTwQpfBMMAVQtsmXMQ%2B2tqDc%2FW%2Fdv1cx02jfp2MhQPYWBBKRQWUU2pZ8n7Ahjgdp7m0VbsfJh4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f62c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 1.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 29 KB
11 KB 385ms
381ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/1.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4757f73027330c50b98941a23927fa2306213e64fcf9869e315558af2de429aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-72f1"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1hob%2BH1cNAltxdmDtLmJCUkIYTEJ%2FVCzQN5ob45o%2Bo6R8q9cHeF3lw6ce4W9JS1UhYN6gNjvEEP8hFuWde0Kkw7OTMEVXETHQNP3eLyIyygAcjKH23VcMDXpTtjRVlk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f66c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 3.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 71 KB
25 KB 404ms
401ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/3.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bacb5480648bf8e6135aa8c1856feb3b820a1b0be1ac14567aabe492a1cf0be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-11b12"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A1hf7I%2FFbaZKtZQxJu9Kpdg6EezKk80cN2c%2Bc0D443Numa7SGhzNjYBq8f5w7lh%2FHkkcdz1DHpAf%2BcEWFP0a3rWZ6%2FDcGBO5hb65Uqdld3f6cQ9oe4pUoeEJylCiOrM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f69c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 0.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 94 KB
13 KB 396ms
393ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/0.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50e6736cdae0cd9e3e82a924810f79351a1512dfd04866759d23a9052bbf02a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-17663"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gkmfTYhQqdBJDl3z1XFxlP57MiLjLd4zHCJug9NtfhRcyVKbapM5rKG6TXWgEhBHmaPTIioALWbNNO5rbexA9vxbsqVDv9zxMchgLdeDEGRRvz1s8za1pRhxnGLh7bU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f6bc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 2.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 16 KB
4 KB 402ms
399ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/2.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d3b38698589d2f517bc64732540e27cc34d4a6ff6ffd6536f8e7cf29f6ca794

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-41d3"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0kgFbNFvxpgOWk6po75i8bbK8zGMcuyJyiJ0aRQyCwcVJb26VdEMDK7gZ665qXtXLThFlTMDSLzgHgNX%2Bf6VC5d3w4tdc2xrCPM7wSPRJHYcmwuN9a1EWJihBimnI%2F4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f6dc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 15.7588542c8ffbb74514f5.js Show response
29485412.xyz/banks/pl/ipko/ 90 KB
20 KB 387ms
384ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/15.7588542c8ffbb74514f5.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a0b43c6d6d528889bd0d64ffd5262f7f1d967374ef092ebee774f4b4f494d361

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-1674b"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OMNHJw4YG0iunkasdDASq1ZX%2BWJwn3esBUpeA%2F8hEQRz2HlCCPG1DukzWI42kocoqnQXYCVgR5VRV0P384OaZ8YRD9Zou6TRKgnxy6X8meOwhkiq05lZIX0yFaSxFWM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f3394e5f6ec605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 checkbox.png
29485412.xyz/banks/pl/ipko/ 1 KB
2 KB 401ms
398ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/banks/pl/ipko/checkbox.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

373250632ee807b404d18ae65ae2290f275cd0304fcc3c0866675116028d3ee7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1311
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
server: cloudflare
etag: "65841ccc-51f"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SCC3F4sHDXI9MhlkHM9EhlpQkiDFDy%2B6T0F%2BbHTAT2yrEqBuAHifGbDQHWL1RyeILSxDeO6fmYCuURpJy5XgCY5879YkV%2FGjRWwiYJsmd2mndOO9ByM6D8LFR8ONZ9Y%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f3394e5f70c605-KHI

GET
H2 200 416x416_3mFnxTh_208_208.png
29485412.xyz/banks/pl/ipko/ 49 KB
49 KB 418ms
415ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/banks/pl/ipko/416x416_3mFnxTh_208_208.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8631ca3161b1766f5b595ea497a99c60becba6e4d3fb8d5cd39e861896227746

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 50082
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
server: cloudflare
etag: "65841ccc-c3a2"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sRwDcf4ympfvrK0vzD%2BT8mXvC3PJZ5Bu%2FLat2lcSAshgG02BRZkZn%2BB5%2FPPq9UYfg%2B2QCVGUcEei1oAyUV2PqteSRU1hjiGdMCPILTlIf5AJEx4w4Dc2dBmHwSLaP5c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f3394e5f72c605-KHI

GET
H2 200 jquery-1.11.2.min.js Show response
29485412.xyz/banks/pl/ipko/ 153 KB
40 KB 385ms
384ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/jquery-1.11.2.min.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ad710238b09a6e5827707340e93ff4169be8ab2280e74a96b165270f577336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-26489"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XsbLoz0cvziMGP45xN48z4ysDu5zOGi2iROWuAwSnus0qYIlPCoTsIksGS%2BMWbSTRZgcOR8eek3X%2BjfxcwWhbtqO5bEihuaEiyioshudnpzKBRGdFlYXQIgaXtvMDAE%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33950eb1ac605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 app.js Show response
29485412.xyz/js/ 490 KB
142 KB 390ms
390ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d5e13d58d554a6629f8cc73033bc512055821b3332ba2a0352b6aab0158edc02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Wed, 24 Jan 2024 20:25:21 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65b17231-7a856"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m9nTrEUWdVk%2BqnjThY%2FksPrSQ%2FkuClIHnTNCLmzBrh1H6bW54nqwA7KAf8Q0T%2FOqXzOUzdKswAao93DJ%2FZ9zlhuCEPPA3tyRNqnyWnzbYEyb3FnJHwjtfmNPSHejXAY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33950eb4bc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 timer.js Show response
29485412.xyz/js/ 942 B
716 B 362ms
361ms Script
application/javascript 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/js/timer.js

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2337f42c9af936d4bd6698c79a005d84604142c69e47c41c60e96822861d6ac5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccd-3ae"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e%2BeuLGHQZ8W2kfMdrBos26GHf70w0b7H6gH8VEQSWJ1gMdEjquQ8fSBaDW46TEpztj9azNFXaKVcRQxqIkTa7Lt2%2BtCUslwVkMFCiVhBCXwcZ6QNN4TF7ch4YRysVtQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33950eb38c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 success.png
29485412.xyz/wait-payment/ 33 KB
33 KB 409ms
409ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/wait-payment/success.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec059973924d6b34db97a816efdeff110e74f50ec42d0e69a68da0ca47964f96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 33410
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-8282"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SDlYEB7OPOvg9TX1QGAS%2FY5SGB4Ga%2F0OnMkXtm%2FuuXjSxQOFV3%2FwRT%2BMgYi317fsjGk%2ByUw3wad8mfUakpzPxGTX6LRcZ%2BIBR6H29UN8VS4AeR3ViHWJnqn6sr0wXQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33950eb42c605-KHI

GET
H2 200 error.png
29485412.xyz/change-bank/ 9 KB
10 KB 387ms
387ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/change-bank/error.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ceb06437c01a11ef4f64dab8831cefc24737a9375bb74582162f246980dfac19

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 9514
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
server: cloudflare
etag: "65841ccc-252a"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IH8bMtkRqbWZDuKK6yDSoAIKarCETBPxJMcTi0pErBBHHTEv%2BE3C%2FuVgHsbFkr7Tp9ZosK%2BlDh2DqLRR2UOGRVj8jBKMU26meusst6Fp%2FjdI3qShwM7bDO8nmh1meLQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33950eb47c605-KHI

GET
H2 200 call.png
29485412.xyz/images/call/ 29 KB
29 KB 409ms
408ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/call/call.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecf6c9405ae206fd49d59e87b03e048477e7a67b24dbc4d113d80470decc5192

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 29310
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-727e"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BtPjeVqqFWTC0Wt6mEWd2WTxJbEZm6ee2BCC1Ml1%2BN4RaEA0NYVwexluI4Yq30wdbWjJ2jwSlhLBi1ff7q7YcxTw4ICJ08ytTuPXzjD13cFgF9%2BPoYGVA67aCzBeWzk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33950eb4ec605-KHI

GET
H2 200 amGERmJ6M0E Show response
www.youtube.com/embed/ Frame 4047 86 KB
40 KB 534ms
129ms Document
text/html 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/amGERmJ6M0E

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

ESF /

Resource Hash

d8cff98170a5de9e9a9a4cd8609054f3932b84c710590168bde32f1455dcea7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://29485412.xyz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language: pl-PL,pl;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: br
content-type: text/html; charset=utf-8
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
cross-origin-resource-policy: cross-origin
date: Fri, 02 Feb 2024 14:46:29 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=pl for more info."
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma: no-cache
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server: ESF
strict-transport-security: max-age=31536000
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29ece7b2e689f637d125e4049a960fd9d5a5a71ead05cb4a89660221bd671038

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 797 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 615ebc53d81d4377c6ee5c3781d70c03134be16dcb9784759141358c250cc46b

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 908 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 461bad4cd1f362f5b3adba93866045a1d5bef82e902e06bf1453205ebfcc0a52

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 639 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 658088d8e5cc28740f96340d43a723ffe1ac64880906240c334ee9ec8e3385af

Request headers

accept-language: pl-PL,pl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 PKOBankPolski-Regular.woff
29485412.xyz/banks/pl/ipko/ 31 KB
31 KB 357ms
357ms Font
application/font-woff 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/PKOBankPolski-Regular.woff

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08e8695cc1177aba498bb4f0e97d406ab707ea76594495a0835708a120cf46ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://29485412.xyz/05s0kqro/reYLB3/8
Origin: https://29485412.xyz
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-7be8"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zYBRr2hamq8yD1J%2B0eNWcZTzEthUblLoaCcUwvlR1%2FbyF9rqo7Sj6hrRUhwG%2FU1s2Nr%2FbEx4voJGCIifOslZbT11hiFUTT%2BS3XQvLlnNEGu5hDxMU6ybd%2FKWTrD8agw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33950fb56c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 PKOBankPolski-Bold.woff
29485412.xyz/banks/pl/ipko/ 31 KB
31 KB 365ms
364ms Font
application/font-woff 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/banks/pl/ipko/PKOBankPolski-Bold.woff

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8a3c82e7f180a04686064c7f6a267a930682882f3c26b1ae9ce478d5419b546c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://29485412.xyz/05s0kqro/reYLB3/8
Origin: https://29485412.xyz
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-7bf0"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EX%2FSd3cH7j%2Byc6ZwwrmkeGZMuuOGClkIuwCJpu7pf4sVLeTrsILOzVUseMay99Of5HhcZgNl9HrimnnBvaUxk1Ie9Omcc4C9OOSpNnKbQXU87PlTJE2jMM216Qiqxfs%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/font-woff
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33950fb59c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
29485412.xyz/socket.io/ 104 B
436 B 360ms
360ms XHR
text/plain 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/socket.io/?EIO=3&transport=polling&t=OrgIG-m

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02c14115af8c5f78e4f4ac891c2666597b07330217476eb11334065b568075f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l9U9zeCelApWzig3lsRlxxt8lsvC1GVM4MOWJ2Fq5nRoH7UZAvKkL0wzsarCC8Lky5AmNrPEePQ7SOdc0J1rJu2FbdicBDbgQAEBM%2B9ZzxQ%2FoidQAhn9PYj6CTHZCJc%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cf-ray: 84f33953c88fc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 new-message.mp3 Show response
29485412.xyz/sounds/ 40 KB
41 KB 380ms
379ms XHR
audio/mpeg 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/sounds/new-message.mp3

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef09af6f51079f7a264e1ae0be2ed290c8f7d839ef7547cfade2ca0f07743690

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 41212
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-a0fc"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1w8CUUWbupb3WMdJPInCXjo95jj2SzCBG2rlL8XQEKNR9nhIv2HSEq1NWIznTnL%2FGxpHxymnI6SucGniWSgJSYrJz%2F4TPcgNrLydBhBenRqsJbNqE8uV9vEeGFMX240%3D"}],"group":"cf-nel","max_age":604800}
content-type: audio/mpeg
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33953f8b9c605-KHI

GET
H2 200 messages Show response
29485412.xyz/chats/client/ 649 B
1 KB 464ms
464ms XHR
application/json 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/chats/client/messages?advert_slug=05s0kqro&bank_id=8&location=iPKO+%E2%80%93+bankowo%C5%9B%C4%87+elektroniczna+PKO+Banku+Polskiego

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d9cb0d178872c26255337fe1ef9f498fda1656df29a15370eab2815b1691012

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/plain, */*
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
X-XSRF-TOKEN: eyJpdiI6IlZnK2ZFZTJ3MVJTR1F3V051WUdnaGc9PSIsInZhbHVlIjoiMEMzV202YVRpeFlJaDJsWllKTnRyNUJzenZxVk9kMU1BZ01FZDBCa3Q4alh3bndwTklPb1IvTXpEVnAzWnN1WG1XaVA5Y3lzUTNvZjE5MFdiZjlNU2REeEZGb3NpUEFMbkI1UjAvTzlReVd5eXZaeW1kSG52ck95L1AvMmNBOW4iLCJtYWMiOiJjNTU2YzM3NzY0NWU3N2VmZWJjNTA2ZGI1ZTkzN2MxYjg1NzM4MzU1NWY4ZmRmZjc5ODkxMTA5NmY3Zjg1YmY2IiwidGFnIjoiIn0=
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ClA6Tt%2BCY88GOPFlHY9cdqxoukXk2V0nmg%2Fxf22xPvsOeW3Wwwl6Hqt03F2%2B%2FQyp3PbHIpu%2F17%2F1do2jwi%2BCm2er2taeOazKFwjL51N8TQ%2BQ%2FBFao8g7GK3cf%2B7iW4Q%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json
cache-control: no-cache, private
cf-ray: 84f33953f8bcc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 avatar.svg
29485412.xyz/chat/client/ 2 KB
1 KB 394ms
392ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/chat/client/avatar.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

11220814a97df26fe8024da922dadae6b90d267548993ce4d15bb934c82568e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-7f9"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aq0K4quLvcD7pt55NKAcS9Bf2ILDy3lidKIrzn0s00ar2XyH59ZTQFpmTANtF0oz2ruh%2FApdyA%2B4Ben4uTXitymS3ZNiVwB9Ztny%2FoVzCdL37WQHUjAeyNkxaYEsJWw%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33953f8bec605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 attach-file.svg
29485412.xyz/chat/client/ 1 KB
959 B 376ms
375ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/chat/client/attach-file.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b580421600e8f04b4b4f743a69edbd2ed0949693d77fcf4315cab542c8a860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-425"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iRMPxf7t%2FO1i%2FiyNMGfU2LjItXDFSUD5z3QIXxm%2BUPwIxmAVJGE%2Bm%2FMZPGrS9zUGSeV0soEP3Moicj8IxHqj4D%2BoDPKGgiYJ9Yo%2B8832Wl9S3mNgo7VzlmEV%2BR8We94%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33953f8c0c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 send-message.svg
29485412.xyz/chat/client/ 696 B
662 B 378ms
377ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/chat/client/send-message.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dae88314b743b910976bb381feb2b102d2b396eacdac78b56dd4f2acf19ac765

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-2b8"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t55Y1fRnclwsFjLgQle4ABPmIJ7H3q%2FfBmvLRGr%2FfedxOjVJAca87xf3H0ymZpdAOA0cNu6vZaK4QlvOhr1%2FzmwCq4n5EDFKTPR45v3rvfM%2B4Iu%2F9lT%2BQjTvvi4qydg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33953f8c2c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 visa.png
29485412.xyz/images/card/logotypes/ 1 KB
2 KB 377ms
376ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/card/logotypes/visa.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f15da9b87e5f6d9fdf190c25bcf56596999e3162d31f1604509e05d353ace94

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1500
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-5dc"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DAFJ78wYyYmPP9aYLTjuu6ntYIed2jB2GgHOR%2F%2FLa4ddHYt5HyNMRuwMdBz%2BV88CMRxyyJzbvg32hDoOqe6tQaEBUMH8OQ4QLkfdGyd9CFyhgVCT0l%2FEIQ%2FYlXHqIIM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33953f8c4c605-KHI

GET
H2 200 mastercard.png
29485412.xyz/images/card/logotypes/ 2 KB
2 KB 383ms
382ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/card/logotypes/mastercard.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44ab66b0b66583cdac0e0dc51d5025e2800c16df48aaa655b670e4f324d28902

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1718
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-6b6"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dx59o9FrxYLRYWf1ZZcN675INy1ZdIDL6C%2F9eaCDKj5pUxOg0u9uesbKAegh4o4feXuvw2lNVoPiVJzHzTrag3tScFxhQvrsKJkuos%2BAOZQoAowoEEuSHQ78paVNqx0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33953f8c8c605-KHI

GET
H2 200 maestro.png
29485412.xyz/images/card/logotypes/ 2 KB
2 KB 374ms
373ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/card/logotypes/maestro.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82ef8d051d9ac37e88d41193864d87462277233183954e91c9e6fc7e91f84b7d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 1701
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-6a5"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUmWISUoNfPwk3Y2mTLMGHG6LIwgmVNse%2FxzAwFRay9c1Wr5Vrmr9S3PPleDtsIN3ouf61cvR%2BXLKqCp2FTtOPyW8Lhovy%2BYLgkw%2Bi2VKiVDl22ZwrX%2BKWUvoCL3u4M%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33953f8c9c605-KHI

GET
H2 200 chip.png
29485412.xyz/images/card/ 2 KB
3 KB 375ms
374ms Image
image/png 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/card/chip.png

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dcbb5496ca32f31dfff5d8d45ccf4f0ea8751bce5b17ea22059804410f9fbf24

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 2456
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
server: cloudflare
etag: "65841ccd-998"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g6EfO3yh27CR1Sn2xlztpWpElQWrvURKKG%2FEoWry5U9hu3lB%2Bw%2FLj009F%2BgTGzRoA87fWMvJk88EE8qp3udyafnm5NYdQYlDJJJEqpY%2FUAuzOok5c0IFLkfT2yFItCU%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
vary: Accept-Encoding
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 84f33953f8d0c605-KHI

GET
H2 200 arrow.svg
29485412.xyz/images/card/ 165 B
422 B 377ms
377ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/images/card/arrow.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb2341b285e3b4021df38bfb51bb6d35c28d1ba9d06e4e72ac617458c8da24e8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:01 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccd-a5"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EZX4%2BC0VDegYsNyXNcNH7YAbmHej9G0%2FzumBSirK6LcBKIYtXhrLY5CnzbzIwqvf%2B8VFR5D1uSO2RAQdAXpFRu%2FNv4QoKRoV9LzmPn4IK1SzY4wXuYSJoYP%2Frvf6heI%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33953f8d1c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 open-chat.svg
29485412.xyz/chat/client/ 2 KB
1 KB 389ms
388ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/chat/client/open-chat.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50e36a00b325d67a71017ca0b99c12b4e664c96bacfaf52fa0d5dbf012c097b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:29 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-71c"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5NpJu2V3EIQbNYqS3wTrktfRTmou9wpel64iSYjBZnKjbaWjzY09T687gqdTA1cY6Q9mvakf0jNpQeusWS%2FFkg%2B7M60I%2F1jZ%2FRZl%2B1igbrPHqN5lqLZJ78GYX1WjRHo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33953f8d3c605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 www-player.css
www.youtube.com/s/player/a1d7d0f8/ Frame 4047 359 KB
47 KB 52ms
52ms Stylesheet
text/css 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a1d7d0f8/www-player.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

sffe /

Resource Hash

44c265654f8aa883d626e1d54a05281a91bca42ef639fde0458d5018a4ed2a1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/embed/amGERmJ6M0E
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 05:42:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 32650
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47527
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 05:17:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 01 Feb 2025 05:42:19 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4047 15 KB
15 KB 464ms
60ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Thu, 01 Feb 2024 23:26:56 GMT
x-content-type-options: nosniff
age: 55174
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 31 Jan 2025 23:26:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 4047 15 KB
16 KB 452ms
48ms Font
font/woff2 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
Origin: https://www.youtube.com
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 12:44:28 GMT
x-content-type-options: nosniff
age: 7322
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 01 Feb 2025 12:44:28 GMT

GET
H2 200 embed.js Show response
www.youtube.com/s/player/a1d7d0f8/player_ias.vflset/pl_PL/ Frame 4047 54 KB
17 KB 93ms
92ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a1d7d0f8/player_ias.vflset/pl_PL/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

sffe /

Resource Hash

593f7f65783ecd32c36caa57948f6c60a0da7a94e1e286a90c6e40cc24b1f888

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/embed/amGERmJ6M0E
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 08:43:37 GMT
content-encoding: br
x-content-type-options: nosniff
age: 194572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17007
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 05:17:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 30 Jan 2025 08:43:37 GMT

GET
H2 200 www-embed-player.js Show response
www.youtube.com/s/player/a1d7d0f8/www-embed-player.vflset/ Frame 4047 318 KB
95 KB 47ms
47ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a1d7d0f8/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

sffe /

Resource Hash

bba2653a44f46ed95594b8ca06246d5b5d9df9a31fa4e4dc6fd218ba6e83a194

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/embed/amGERmJ6M0E
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 12:46:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 7226
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97221
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 05:17:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Sat, 01 Feb 2025 12:46:03 GMT

GET
H2 200 base.js Show response
www.youtube.com/s/player/a1d7d0f8/player_ias.vflset/pl_PL/ Frame 4047 2 MB
773 KB 98ms
98ms Script
text/javascript 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/a1d7d0f8/player_ias.vflset/pl_PL/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

sffe /

Resource Hash

93b8c6fac7fcba95df64aa2819e5222c31c9705b9f0bfdd9d6f06f4baeea82bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/embed/amGERmJ6M0E
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Wed, 31 Jan 2024 08:43:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194572
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 791171
x-xss-protection: 0
last-modified: Wed, 31 Jan 2024 05:17:15 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Thu, 30 Jan 2025 08:43:37 GMT

POST
H2 200 / Show response
29485412.xyz/socket.io/ 2 B
402 B 383ms
382ms XHR
text/html 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/socket.io/?EIO=3&transport=polling&t=OrgIH4S&sid=feCgD_s_-Lq7pt8zA9sf

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Fri, 02 Feb 2024 14:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ehsr2thfMaFvu43pl1NuQBibWMJKAS9nwpHbRCqINlYOudVmXsRqlajBBivYH2lZCxjpM%2Br8ag%2Fy%2FbGmCTL9p06LeGUfXQJPcddN6DksZBkfXawgQLV0H96hXwJ2Tss%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://29485412.xyz
access-control-allow-credentials: true
cf-ray: 84f339561c9fc605-KHI
alt-svc: h3=":443"; ma=86400

GET
H2 200 / Show response
29485412.xyz/socket.io/ 3 B
448 B 1733ms
1733ms XHR
text/plain 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/socket.io/?EIO=3&transport=polling&t=OrgIH4T&sid=feCgD_s_-Lq7pt8zA9sf

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

62325dfc1fc675255519674da6e2c4aad5f51cc6c3217ed3c6fbf6cabe0d86b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:31 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNLMsTYje5p7sv3Zrzrttg7MxL94R5uWCKixn0Bfl5dcYf413AV2ejzE%2FEVtV2wLWhnJUUPxG6EJ%2FOQU13MAjxWcwguaWv7ho%2FRV9CWn6NG0ZhVSN%2F4Ixu%2BkBzyeWG8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: *
cf-ray: 84f339561ca6c605-KHI
alt-svc: h3=":443"; ma=86400
content-length: 3

GET
H2

200

id Show response
googleads.g.doubleclick.net/pagead/ Frame 4047
Redirect Chain

https://googleads.g.doubleclick.net/pagead/id
https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

100 B
242 B

48ms
47ms

XHR
application/json

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id?slf_rd=1

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/amGERmJ6M0E

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

cafe /

Resource Hash

f0ca83aa14d297bd2c79692a10d300a527ece925092ebb7104933480a28efd95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 120
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Fri, 02 Feb 2024 14:46:30 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 4047 29 B
495 B 438ms
43ms Script
text/javascript 142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/a1d7d0f8/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:40:29 GMT
x-content-type-options: nosniff
age: 361
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29
x-xss-protection: 0
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 02 Feb 2024 14:55:29 GMT

POST
H2 204 qoe Show response
www.youtube.com/api/stats/ Frame 4047 0
200 B 54ms
54ms XHR
text/html 142.250.186.78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/api/stats/qoe?cpn=IxJVu12ye82GgawY&el=embedded&ns=yt&fexp=v1%2C23983296%2C21348%2C2602%2C73492%2C54572%2C73455%2C176963%2C53633%2C84737%2C35230%2C1088%2C6271%2C26439494%2C4054%2C1930%2C5181%2C9369%2C1556%2C1141%2C2998%2C5130%2C5966%2C5500%2C4683%2C9954%2C2008%2C3276%2C666%2C5491%2C759%2C5060%2C5954%2C3001%2C1473%2C1598%2C3460%2C1908%2C2%2C1153%2C535%2C422%2C2584%2C2875%2C248%2C879&cl=602739084&seq=1&event=streamingstats&docid=amGERmJ6M0E&qclc=ChBJeEpWdTEyeWU4MkdnYXdZEAE&embargoed=0&cbr=Chrome&cbrver=121.0.6167.139&c=WEB_EMBEDDED_PLAYER&cver=1.20240130.01.00&cplayer=UNIPLAYER&cos=Windows&cosver=10.0&cplatform=DESKTOP&vps=0.000:N,0.000:ER&cmt=0.000:0.000,0.000:0.000&error=0.000:auth::0.000:1;a6s.0&vis=0.000:0&bh=0.000:0.000

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/a1d7d0f8/player_ias.vflset/pl_PL/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.78 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f14.1e100.net

Software

Video Stats Server /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type: application/x-www-form-urlencoded
X-YouTube-Utc-Offset: 60
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/amGERmJ6M0E
X-YouTube-Client-Version: 1.20240130.01.00
X-YouTube-Time-Zone: Europe/Warsaw
X-Goog-Visitor-Id: CgtrOF9uMlIxbFFDRSjFgPStBjIOCgJQTBIIEgQSAgsMIA4%3D
X-YouTube-Ad-Signals: dt=1706885189922&flash=0&frm=2&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C0%2C0&vis=1&wgl=true&ca_type=image

Response headers

pragma: no-cache
date: Fri, 02 Feb 2024 14:46:30 GMT
x-content-type-options: nosniff
server: Video Stats Server
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 close-notification.svg
29485412.xyz/chat/client/ 1 KB
839 B 380ms
380ms Image
image/svg+xml 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://29485412.xyz/chat/client/close-notification.svg

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/05s0kqro/reYLB3/8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d409404a561255be9c1d2c890b2cd4583de44cee37a1b1409313db1e458286f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: pl-PL,pl;q=0.9
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date: Fri, 02 Feb 2024 14:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
last-modified: Thu, 21 Dec 2023 11:09:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"65841ccc-449"
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ffGklUssy17GYnu%2BXOqwwSjPlFPhOzMjKbhzI6Sc8vHza27WAlCuLUMSyYsTyP3YcDV5ZfwFO0L4Jn94wen1CNCbkekOwF3yoAvX5Pil8sHUj3Xr0boTZkT1sxNXvGA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
vary: Accept-Encoding
cache-control: max-age=14400
cf-ray: 84f33956cdf0c605-KHI
alt-svc: h3=":443"; ma=86400

POST
H2 200 / Show response
29485412.xyz/socket.io/ 2 B
273 B 372ms
372ms XHR
text/html 104.21.90.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://29485412.xyz/socket.io/?EIO=3&transport=polling&t=OrgIHAT&sid=feCgD_s_-Lq7pt8zA9sf

Requested by

Host: 29485412.xyz
URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.90.227 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: */*
Referer: https://29485412.xyz/05s0kqro/reYLB3/8
accept-language: pl-PL,pl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-type: text/plain;charset=UTF-8

Response headers

date: Fri, 02 Feb 2024 14:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-frame-options: SAMEORIGIN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oB7xZrMxhlVtfatvTkB6%2FMN3KopvaYLti4%2BECqIKabQmuqj2ZX4cuc1T4uDPucWiwU8IEH%2BJo9FxjwEO55gD1pfasJqJP4Xh%2BpoQXHVNatDDRzMfeC21dPP5UPA193A%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: https://29485412.xyz
access-control-allow-credentials: true
cf-ray: 84f3395878c3c605-KHI
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PKO Bank Polski (Banking)

47 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: EFpZa0gexgI
.youtube.com/	1970-01-20 22:27:17	Name: VISITOR_INFO1_LIVE Value: k8_n2R1lQCE
29485412.xyz/	1969-12-31 23:59:59	Name: io Value: feCgD_s_-Lq7pt8zA9sf
29485412.xyz/	1970-01-20 18:08:12	Name: XSRF-TOKEN Value: eyJpdiI6IkRadUltTGdxd3BVcnh1R0J6ZHlVUlE9PSIsInZhbHVlIjoiVVR1TFFMUkVXY0dIbTZrVDdmSlhYcUVaQlpIMldPOUc0QU1QSlNYTE9GZjFFN25Ccjg1ME93TDJMaXJOajRmNHFONFdZWFI2TE1wUllvV1UyQnZWbzVKYnlhYVRYN1FsNmpNTExkeUZuNzMwMEFmOVByZHJidmEvTDZ1bnkwSmsiLCJtYWMiOiJkZTM3NjU2MWJhZWVhZGI2NTBkZTM4ODM0NzMxYTMyNmYyNDViNWZhMjZlOWY1Y2I0NDNmYTFhNTE4MjQ5ZTJjIiwidGFnIjoiIn0%3D
29485412.xyz/	1970-01-20 18:08:12	Name: public_session Value: eyJpdiI6IkQ3ME10dG04WHA2enZoTE9ZT2hDQ1E9PSIsInZhbHVlIjoiZG5mZkVtaVlUVk5XRXRibi9FdU8zOEFUUE4yK1ZkZUZKTXQ5TUhTT3doeFlCcFMzQnQ1R0tXVEQ3NnlpODQ4M0kyWENOcER6MUtXeHEvd3M5YytUVFNGNDMyQ3Q5cjFKNDgveFhhRHdrUEEzNlZtaVBoS1B3bU1KTkJXT3h4emIiLCJtYWMiOiJlMDQ2NGM5NjYzZTNiNjNlYzVmOGY5NThkZDgzYTRkYmIxN2Y2NTU2YTY3MWMwOGUzNWY1YjFlNjI5MWY5MWYwIiwidGFnIjoiIn0%3D

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://29485412.xyz/js/app.js?id=7087be58f1cb4be4cbad(Line 1) Message: The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://29485412.xyz/05s0kqro/reYLB3/8 Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

29485412.xyz
fonts.gstatic.com
googleads.g.doubleclick.net
static.doubleclick.net
www.youtube.com
104.21.90.227
142.250.181.226
142.250.185.227
142.250.186.166
142.250.186.78
02c14115af8c5f78e4f4ac891c2666597b07330217476eb11334065b568075f9
08e8695cc1177aba498bb4f0e97d406ab707ea76594495a0835708a120cf46ea
11220814a97df26fe8024da922dadae6b90d267548993ce4d15bb934c82568e7
12ad710238b09a6e5827707340e93ff4169be8ab2280e74a96b165270f577336
2337f42c9af936d4bd6698c79a005d84604142c69e47c41c60e96822861d6ac5
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
29ece7b2e689f637d125e4049a960fd9d5a5a71ead05cb4a89660221bd671038
2d3b38698589d2f517bc64732540e27cc34d4a6ff6ffd6536f8e7cf29f6ca794
373250632ee807b404d18ae65ae2290f275cd0304fcc3c0866675116028d3ee7
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f15da9b87e5f6d9fdf190c25bcf56596999e3162d31f1604509e05d353ace94
445dd862d664d19dd7968cebdb69cc57da1784493a682877d885c45e70c75ccd
44ab66b0b66583cdac0e0dc51d5025e2800c16df48aaa655b670e4f324d28902
44c265654f8aa883d626e1d54a05281a91bca42ef639fde0458d5018a4ed2a1e
461bad4cd1f362f5b3adba93866045a1d5bef82e902e06bf1453205ebfcc0a52
4757f73027330c50b98941a23927fa2306213e64fcf9869e315558af2de429aa
50e36a00b325d67a71017ca0b99c12b4e664c96bacfaf52fa0d5dbf012c097b1
50e6736cdae0cd9e3e82a924810f79351a1512dfd04866759d23a9052bbf02a4
52fb216f0db981c9fa92b1cc653f35cb1534fd338f4fc666b151bdef2c275ebd
593f7f65783ecd32c36caa57948f6c60a0da7a94e1e286a90c6e40cc24b1f888
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bacb5480648bf8e6135aa8c1856feb3b820a1b0be1ac14567aabe492a1cf0be
615ebc53d81d4377c6ee5c3781d70c03134be16dcb9784759141358c250cc46b
62325dfc1fc675255519674da6e2c4aad5f51cc6c3217ed3c6fbf6cabe0d86b0
658088d8e5cc28740f96340d43a723ffe1ac64880906240c334ee9ec8e3385af
662e0c0bc531b3115f44d7ca953dbfb4df2dede1cfa7f7bf6ecb24a276957f4c
6d9cb0d178872c26255337fe1ef9f498fda1656df29a15370eab2815b1691012
82ef8d051d9ac37e88d41193864d87462277233183954e91c9e6fc7e91f84b7d
8573227780d340426a11e25af2734e6f71289eeb497c20dd894e27d368edff48
8631ca3161b1766f5b595ea497a99c60becba6e4d3fb8d5cd39e861896227746
8a3c82e7f180a04686064c7f6a267a930682882f3c26b1ae9ce478d5419b546c
91b1c4ea2d72fc299015a5c14550f2c6770e6389b1b8068dacddc885913fecd4
93b8c6fac7fcba95df64aa2819e5222c31c9705b9f0bfdd9d6f06f4baeea82bf
a0b43c6d6d528889bd0d64ffd5262f7f1d967374ef092ebee774f4b4f494d361
bb2341b285e3b4021df38bfb51bb6d35c28d1ba9d06e4e72ac617458c8da24e8
bba2653a44f46ed95594b8ca06246d5b5d9df9a31fa4e4dc6fd218ba6e83a194
ceb06437c01a11ef4f64dab8831cefc24737a9375bb74582162f246980dfac19
d409404a561255be9c1d2c890b2cd4583de44cee37a1b1409313db1e458286f9
d5e13d58d554a6629f8cc73033bc512055821b3332ba2a0352b6aab0158edc02
d8cff98170a5de9e9a9a4cd8609054f3932b84c710590168bde32f1455dcea7b
dae88314b743b910976bb381feb2b102d2b396eacdac78b56dd4f2acf19ac765
dcbb5496ca32f31dfff5d8d45ccf4f0ea8751bce5b17ea22059804410f9fbf24
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b580421600e8f04b4b4f743a69edbd2ed0949693d77fcf4315cab542c8a860
ec059973924d6b34db97a816efdeff110e74f50ec42d0e69a68da0ca47964f96
ecf6c9405ae206fd49d59e87b03e048477e7a67b24dbc4d113d80470decc5192
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
ef09af6f51079f7a264e1ae0be2ed290c8f7d839ef7547cfade2ca0f07743690
f0ca83aa14d297bd2c79692a10d300a527ece925092ebb7104933480a28efd95
f1aea3decec4c4cce9d75336e520177ae2b21e385ba870913017cb8a9abd89eb
fe77b18e2c6ff984fe3753ba571d1842b732d14885f2c86de90af8362aff3618

29485412.xyz Open in urlscan Pro 104.21.90.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

48 Requests

98 %HTTPS

0 %IPv6

4 Domains

5 Subdomains

6 IPs

2 Countries

1708 kBTransfer

5906 kBSize

5 Cookies

9 Outgoing links

Redirected requests

48 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

29485412.xyz Open in urlscan Pro
104.21.90.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

48
Requests

98 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

6
IPs

2
Countries

1708 kB
Transfer

5906 kB
Size

5
Cookies

48 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!