urlscan.io logo urlscan.io
SecurityTrails logo

paste.sh Open in urlscan Pro
2606:4700:3036::ac43:d08c  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://iplis.ru/data3
Effective URL: https://paste.sh/1nGnJ7pX
Submission: On November 16 via manual from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 5 countries across 8 domains to perform 22 HTTP transactions. The main IP is 2606:4700:3036::ac43:d08c, located in United States and belongs to CLOUDFLARENET, US. The main domain is paste.sh.
TLS certificate: Issued by E1 on October 29th 2023. Valid for: 3 months.
This is the only time paste.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 104.21.63.150 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 88.212.201.204 39134 (UNITEDNET)
4 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
8 2606:4700:303... 13335 (CLOUDFLAR...)
22 8
3    104.21.63.150 (None, )

ASN13335 (CLOUDFLARENET, US)
iplis.ru
1    2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
2    88.212.201.204 (Russian Federation)

ASN39134 (UNITEDNET, RU)
PTR: host204.rax.ru
counter.yadro.ru
4    2a00:1450:400c:c03::5c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
pay.google.com
1    2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
4    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
8    2606:4700:3036::ac43:d08c (United States)

ASN13335 (CLOUDFLARENET, US)
paste.sh
Apex Domain
Subdomains		 Transfer
8 paste.sh
paste.sh
26 KB
4 gstatic.com
www.gstatic.com
101 KB
4 google.com
pay.google.com — Cisco Umbrella Rank: 2685
421 KB
3 iplis.ru
iplis.ru
24 KB
2 yadro.ru
counter.yadro.ru — Cisco Umbrella Rank: 11595
1 KB
1 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
4 KB
1 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 97
52 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
2 KB
22 8
Domain Requested by
8 paste.sh iplis.ru
paste.sh
4 www.gstatic.com pay.google.com
www.gstatic.com
4 pay.google.com iplis.ru
pay.google.com
www.gstatic.com
3 iplis.ru 1 redirects iplis.ru
2 counter.yadro.ru 1 redirects iplis.ru
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 pagead2.googlesyndication.com iplis.ru
1 cdn.jsdelivr.net iplis.ru
22 8

This site contains no links.

Subject Issuer Validity Valid
iplis.ru
GTS CA 1P5		 2023-11-06 -
2024-02-04		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.google.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
paste.sh
E1		 2023-10-29 -
2024-01-27		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://paste.sh/1nGnJ7pX
Frame ID: 540EEB58E3C7E11CBA3DB34D60F09639
Requests: 14 HTTP requests in this frame

Frame: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fiplis.ru&mid=
Frame ID: 47D149F7B532142E8F4EC21F5FE18001
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Frame ID: B4DC7C8794265ED9AE6B96FF97BC7C94
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

paste.sh · encrypted pastebin

Page URL History Show full URLs

  1. http://iplis.ru/data3 HTTP 301
    https://iplis.ru/data3 Page URL
  2. https://paste.sh/1nGnJ7pX Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • pay\.google\.com/([a-z/]+)/pay\.js
Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

22
Requests

95 %
HTTPS

75 %
IPv6

8
Domains

8
Subdomains

8
IPs

5
Countries

632 kB
Transfer

1975 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://iplis.ru/data3 HTTP 301
    https://iplis.ru/data3 Page URL
  2. https://paste.sh/1nGnJ7pX Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://iplis.ru/data3 HTTP 301
  • https://iplis.ru/data3
Request Chain 2
  • https://counter.yadro.ru/hit?t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266 HTTP 302
  • https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
data3
iplis.ru/
Redirect Chain
  • http://iplis.ru/data3
  • https://iplis.ru/data3
57 KB
23 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.63.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c8e92b0657827bb2c0a1d12848d90878203dc9f38580ff6808dd264729450ad
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800 max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
826ec7a8b9e25c4c-AMS
content-encoding
br
content-security-policy
img-src https: data:; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 09:41:44 GMT
expires
Thu, 16 Nov 2023 09:41:44 +0000
memory
0.5025787353515625
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KTYxWK5MFXf7edF10if7WriHKzQqAP3ta3PTkDf1z9z9fziKvadOdjNQER9nL3p4%2BN%2FPKS3yhUkmvuEsNeQ7iE55UGe5xtaLwQVxWv8%2FWRUKXi90WS5ZUk%2B4Vw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=604800 max-age=31536000
x-frame-options
SAMEORIGIN

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
826ec7a7ddaad353-CDG
Connection
keep-alive
Content-Type
text/html
Date
Thu, 16 Nov 2023 09:41:44 GMT
Location
https://iplis.ru/data3#80
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YDE5A5i%2FgDqUPpepCQSkSHe54DbKB%2BWpSorUbLH6YSieIK11hBKoU4KplTD0qHQ3JOsH%2BNuSCLkeEUJSDQSwur%2FJLvSvoAfUWtyhiRzR8b5O2mQp8IeZSoqDew%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
alt-svc
h3=":443"; ma=86400
polyfill.min.js
cdn.jsdelivr.net/npm/promise-polyfill@8/dist/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://iplis.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:44 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
13611
x-jsd-version
8.3.0
content-encoding
br
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230116-FRA
x-jsd-version-type
version
server
cloudflare
etag
W/"1132-XysC4a2Vt+mONL0o6U+bsaeRjIc"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6ZFnedYfih%2BZcxzHtkdqcugkQxqTr1Yhun12Q%2BJ7fmbNYmSrRIbgGWKmJHoGxLQ9SpCVhE27R2dibzCXEelMHzPo5aAOVInc7BKOnRluKDt0mBl9AtJnvtDqiOHXczulnL6mezh1CRM7xAJf8h8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cf-ray
826ec7a9bf019299-FRA
hit
counter.yadro.ru/
Redirect Chain
  • https://counter.yadro.ru/hit?t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266
  • https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266
445 B
931 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
HTTP/1.1
Server
88.212.201.204 , Russian Federation, ASN39134 (UNITEDNET, RU),
Reverse DNS
host204.rax.ru
Software
nginx/1.17.9 /
Resource Hash
3e13369e5c528a4598007330a7d572dadd181e268d0cf87ba7b62fd7668597f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://iplis.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 09:41:44 GMT
Strict-Transport-Security
max-age=86400
Server
nginx/1.17.9
Content-Type
image/gif
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Access-Control-Allow-Origin
*
Cache-control
no-cache
Connection
keep-alive
Content-Length
445
Expires
Tue, 15 Nov 2022 21:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Thu, 16 Nov 2023 09:41:44 GMT
Strict-Transport-Security
max-age=86400
Server
nginx/1.17.9
Content-Type
text/html
Location
https://counter.yadro.ru/hit?q;t38.6;r;s1600*1200*24;uhttps%3A//iplis.ru/redirect-2;h;0.59813487975266
P3P
policyref="/w3c/p3p.xml", CP="UNI"
Cache-control
no-cache
Connection
keep-alive
Content-Length
32
Expires
Tue, 15 Nov 2022 21:00:00 GMT
pay.js
pay.google.com/gp/p/js/ 		118 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/js/pay.js
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
81b3cfec8709a5844f547eae1fc0966ca4db5ec5c762a371b31954967cbda57b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-B3o8BZs6S6MOn_hfFh6J7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://iplis.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:44 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-B3o8BZs6S6MOn_hfFh6J7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendHttp/cspreport
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
same-origin
server
ESF
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-frame-options
SAMEORIGIN
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Thu, 16 Nov 2023 09:41:44 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		150 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4f04f565b40e54e13d457c6ac0a7ec14805bb917845b27073c7f19004c4c02ab
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://iplis.ru/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:44 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52677
x-xss-protection
0
server
cafe
etag
12160984884996933012
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
link
<https://googleads.g.doubleclick.net>; rel="preconnect"; crossorigin
expires
Thu, 16 Nov 2023 09:41:44 GMT
payframe
pay.google.com/gp/p/ui/ Frame 47D1 		19 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fiplis.ru&mid=
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/js/pay.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4c4d3eb8c2604e22a6c42397125d638039d38d8752b6bd4e1ac9cf102e5e0792
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-2fLy6v4oQG6WkJl_XOOvvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iplis.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=3600
content-encoding
gzip
content-security-policy
require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport script-src 'report-sample' 'nonce-2fLy6v4oQG6WkJl_XOOvvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport;worker-src 'self' script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/InstantbuyFrontendBuyflowPayframeUi/cspreport/allowlist
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-site
date
Thu, 16 Nov 2023 09:41:45 GMT
expires
Thu, 16 Nov 2023 09:41:45 GMT
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-content-type-options
nosniff
x-ua-compatible
IE=edge
x-xss-protection
0
zrt_lookup_fy2021.html
googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/ Frame B4DC 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20231109/r20190131/zrt_lookup_fy2021.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://iplis.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
58927
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=1209600
content-encoding
br
content-length
4118
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 15 Nov 2023 17:19:37 GMT
etag
16674218716276178799
expires
Wed, 29 Nov 2023 17:19:37 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
cspreport
pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/ Frame 47D1 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101

Request headers

Referer
https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fiplis.ru&mid=
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Thu, 16 Nov 2023 09:41:45 GMT
referrer-policy
no-referrer
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1608
content-type
text/html; charset=UTF-8
m=_b,_tp
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfr... Frame 47D1 		159 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfri-q2AyGdG4pfctk2Ymn9GaZnMncQ/m=_b,_tp
Requested by
Host: pay.google.com
URL: https://pay.google.com/gp/p/ui/payframe?origin=https%3A%2F%2Fiplis.ru&mid=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0d641cd345ecb8a76c6c52db24e446414e58e1ea3b3de1e6962a277fd5a86858
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 21:33:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43720
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57479
x-xss-protection
0
last-modified
Wed, 15 Nov 2023 07:33:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 14 Nov 2024 21:33:05 GMT
m=Das5Le
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVX... Frame 47D1 		73 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVXxVcck.L.B1.O/am=EIYY/d=1/exm=_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfriuTIfKJvcF0dHzmQsniDQ7pbD2jQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Das5Le
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfri-q2AyGdG4pfctk2Ymn9GaZnMncQ/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
747693094d8736b1d3c2f6997bd01af07b156db9bff54a8db587d3709955d943
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 18:34:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
54407
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
27293
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 02:58:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 14 Nov 2024 18:34:58 GMT
m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVX... Frame 47D1 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVXxVcck.L.B1.O/am=EIYY/d=1/exm=Das5Le,_b,_tp/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfriuTIfKJvcF0dHzmQsniDQ7pbD2jQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=Wt6vjf,hhhU8,FCpbqb,ws9Tlc,WhJNk
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfri-q2AyGdG4pfctk2Ymn9GaZnMncQ/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
22aff09a4899c48a59b0b6963e2fc945a674556db20ce9576b54fce2d1de0812
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 21:34:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43607
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3731
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 02:58:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 14 Nov 2024 21:34:58 GMT
m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVX... Frame 47D1 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/ck=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.YXtBVXxVcck.L.B1.O/am=EIYY/d=1/exm=Das5Le,FCpbqb,WhJNk,Wt6vjf,_b,_tp,hhhU8,ws9Tlc/excm=_b,_tp,payframeview/ed=1/wt=2/ujg=1/rs=AMitfriuTIfKJvcF0dHzmQsniDQ7pbD2jQ/ee=EmZ2Bf:zr1jrb;Erl4fe:FloWmf;JsbNhc:Xd8iUd;LBgRLc:XVMNvd;Me32dd:MEeYgc;NPKaK:PVlQOd;NSEoX:lazG7b;Oj465e:KG2eXe;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;eBAeSb:zbML3c;iFQyKf:vfuNJf;io8t5d:yDVVkb;kMFpHd:OTA3Ae;nAFL3:NTMZac;oGtAuc:sOXFj;qddgKe:xQtZb;sP4Vbe:VwDzFe;uY49fb:COQbmf;ul9GGd:VDovNc;wR5FRb:siKnQd;yEQyxe:p8L0ob;yxTchf:KUM7Z/m=byfTOb,lsjVmc,LEikZe,lwddkf,EFQ78c
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfri-q2AyGdG4pfctk2Ymn9GaZnMncQ/m=_b,_tp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33024a69c55c2172b2db5fa2774cec3a2ca7c2e7775847edd69bdf4d358cc336
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Wed, 15 Nov 2023 21:34:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43607
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/payments-consumer-boq-js-css-signers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14131
x-xss-protection
0
last-modified
Tue, 14 Nov 2023 02:58:29 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="boq-infra/payments-consumer-boq-js-css-signers"
vary
Accept-Encoding, Origin
report-to
{"group":"boq-infra/payments-consumer-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/payments-consumer-boq-js-css-signers"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
expires
Thu, 14 Nov 2024 21:34:58 GMT
pay
pay.google.com/gp/p/ui/ Frame 47D1 		1 MB
375 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://pay.google.com/gp/p/ui/pay
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-payments-consumer/_/js/k=boq-payments-consumer.InstantbuyFrontendBuyflowPayframeUi.de.MOKkx_he4kc.es5.O/am=EIYY/d=1/excm=_b,_tp,payframeview/ed=1/dg=0/wt=2/ujg=1/rs=AMitfri-q2AyGdG4pfctk2Ymn9GaZnMncQ/m=_b,_tp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c03::5c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e136326ec851aec24b781047d5a01ac478d6a09abe6b83ca29c741bf117f5c18
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-3wvA_0AsvtjcbNJDwbJSaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://pay.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:45 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-3wvA_0AsvtjcbNJDwbJSaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com https://payments.sandbox.google.com https://pay.google.com https://pay.sandbox.google.com;report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/InstantbuyFrontendBuyflowPayUi/cspreport
x-content-type-options
nosniff
cross-origin-resource-policy
same-site
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
x-ua-compatible
IE=edge
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy
unsafe-none
server
ESF
x-frame-options
DENY
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type
text/html; charset=utf-8
cache-control
private, max-age=3600
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
expires
Thu, 16 Nov 2023 09:41:45 GMT
data3
iplis.ru/ 		138 B
411 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://iplis.ru/data3
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.63.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json
Referer
https://iplis.ru/data3
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=604800, max-age=31536000
content-encoding
br
content-security-policy
img-src https: data:; upgrade-insecure-requests
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bripyZaYpjaJrDiqKxoLjx9bqbB39160wqRJIFXYD7pTrbGTeC8UUD%2FRMow2ilYozJ1LOlcTXew2bKdoNuqwkKP4lfajWGW9aEDC7BHCNvFGwJilUODDDpm45Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cf-ray
826ec7bcb8ab5c4c-AMS
alt-svc
h3=":443"; ma=86400
Primary Request 1nGnJ7pX
paste.sh/ 		13 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://paste.sh/1nGnJ7pX
Requested by
Host: iplis.ru
URL: https://iplis.ru/data3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c7c9481fb7faeade4ef6b13935275a645e8486c855f483cbc2e8fc97fc76bfd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://iplis.ru/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
826ec7bd8ed42c65-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 16 Nov 2023 09:41:47 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDclpbhxkCH17gI%2BlTK1qBqN9CYFtGrcSqP%2FL%2FEAnFE%2Bq9XHW5C%2B9LxcltTkJp81TwEV9nI6sfk8iecfGrqs1I%2Bwe3umsSmCb6rm1rag%2B5ezoCmpQinr8Z7L2LPZlNP4SJcIsfaxXA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
x-robots-tag
noindex
core.js
paste.sh/cryptojs/ 		21 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/core.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27eacd89f798fe80937fa374a5046244211e3e97cc7852c88cba0776cfc2b72f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 18:04:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SW8ivSb6b3Z%2BitTPwlhk2HBlAtdPI4U04mT7V4foQmf3Ir2jsMv5Kgb5kvB2RBNE0%2BWrtRnLG2bdqg7jN%2FWgR%2Fi2FHq0EziwHcx1eOodttPAdDzpez%2Fzq8slnqaP6h%2BBkMC9ouAnTg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f882c65-FRA
alt-svc
h3=":443"; ma=86400
enc-base64.js
paste.sh/cryptojs/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/enc-base64.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
648d7e0aec8d7226be56e725ff66d7e9264789c86095a2fc2f5832c3c97c8f57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 18:04:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I5WGMOw6kXln0NgWcTcKY6RvNKgsFmeLGTYhURNNb35nOtk3CBvKwQCkH5dwmB3Q2UibO4w38IzP%2FwfQJ6pyeyfHbCE4FHbauKowtMWaEQaew2%2BvmU54KUzl4%2ByfFo2ndQ6gJjej%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f8b2c65-FRA
alt-svc
h3=":443"; ma=86400
evpkdf.js
paste.sh/cryptojs/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/evpkdf.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
06e80cdc98f9361101e00863a04c42c407f2a36a66944dc442ec1d4b1bd2324f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 18:04:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riBDoU1DGK9T2XdWzg1HAraf25SBUcqpfjrFhoFXHxJakV7qB8Us1Ex6NBpnurgTmRP4OPUMdJ2w5YWtNSSjZlyU%2BtMfN8DvhsN%2BhH6geIZ7UGKK3Z7E0zuFu1IodiqLgfmpW34Mfg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f8c2c65-FRA
alt-svc
h3=":443"; ma=86400
cipher-core.js
paste.sh/cryptojs/ 		28 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/cipher-core.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccb3498a964fb16c36ea86dfa959502d0d6a778cbc697ae2a378bdd67452c9ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 14:27:04 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ikHInTMV6PNdxtdxD2B8Qdy%2FpjGChswOzMLcuPL94b4jWRtaUHdG644dbm%2FGdYEw%2BqXmB%2F22ZcESoIx9mg9Ojhd9tIzWW7pm8edPs2wPbL7x5tcm%2Bb1OFGul325WYDhO2saZ6F4HA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f8d2c65-FRA
alt-svc
h3=":443"; ma=86400
aes.js
paste.sh/cryptojs/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/aes.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceff151527069dd1bdf05dd11632bd13de1391cea198db881799944cfacf3290
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 14:27:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0O4wKTDcpjTqb8sk0BRecyKWQonuV4FhkXFlp5tkzqjzsSQ1%2F0iTsMF%2BSUtPioYeTfA7T0W8kcy%2FXEYmNuIPsPpyA9xmH%2FJPdTMcmI6C16O41%2FTzD5vpF2IyhjQwrDwNqBTCtSOcIA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f8e2c65-FRA
alt-svc
h3=":443"; ma=86400
x64-core.js
paste.sh/cryptojs/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/x64-core.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5ace9c72eef117291739bb9319b7dbc0add0026e4a8ce5ebd545e9eb27085e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 14:27:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N2EdX4WjpI3CgaXBs94Y5u8xCZPE2UeCjdcrdijQzCq8ImIoyy0Cyk2xPrOlHgeNyDhjDqBKn%2BD02ycvLholV5%2BDgK3q4Mv%2F0ZUEjRGV8i%2FSE8PZcg6zohtqAaE0sEO63c8zin2q2w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f902c65-FRA
alt-svc
h3=":443"; ma=86400
sha512.js
paste.sh/cryptojs/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://paste.sh/cryptojs/sha512.js
Requested by
Host: paste.sh
URL: https://paste.sh/1nGnJ7pX
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:d08c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ee33128c5bcac13cc2bbb1d771b375c9dbf20f50848fdb4c0e6cf01aba5e931a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://paste.sh/1nGnJ7pX
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Thu, 16 Nov 2023 09:41:47 GMT
strict-transport-security
max-age=31536000
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Wed, 15 Nov 2023 06:43:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qw4oRmjkJyyBtTsU5IOO34UGEiUOrIvyzAxkU5p6d2NDkADzBBVcmU3auzqbNwAzePUQwch6BgQ78tMibnOk7AItcTcr3911Wmevh8jhWPM4XwCadSf2ArcN6nyIzZogfEed6BkuPA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=14400
cf-ray
826ec7be3f912c65-FRA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| CryptoJS string| content string| editable string| serverkey boolean| cmd object| paste function| getKey function| maybeSave function| serverSave function| getServerKey function| updateCursorPos boolean| oldwarning function| shouldSave function| randomStr function| generate function| encrypt function| decrypt function| rawme

6 Cookies

Domain/Path Name / Value
iplis.ru/ Name: 488529353648182805
Value: 3
iplis.ru/ Name: clhf03028ja
Value: 217.114.218.21
iplis.ru/ Name: unikey
Value: unikey_6d97c0d55148ba6e9b8c82b74b9840db2d66972d2548430507cf83dd8421fa29
.google.com/ Name: NID
Value: 511=Ued9JtW36rPBwMbwaQmPeDLLXGgNbiDAiTqoP2MRKxi44AbN5TmHgsXOY2hntEWeVVBein4peCYI1MS3-UKx2C7L523WzD36rVsZBR4D63-mkvMTldsc7cXeNQjxGJJ9s0n5j7oDdJrDXmHXOXmbdJ1qf1R-Z1UQ5A5_falV4_4
.yadro.ru/ Name: FTID
Value: 1bLUFO2cSIug1bLUFO002QX2
.yadro.ru/ Name: VID
Value: 2zlXLg3C1j8g1bLUFO0020m-

2 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.
network error URL: https://pay.google.com/_/InstantbuyFrontendBuyflowPayframeUi/cspreport
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy img-src https: data:; upgrade-insecure-requests
Strict-Transport-Security max-age=604800 max-age=31536000
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
counter.yadro.ru
googleads.g.doubleclick.net
iplis.ru
pagead2.googlesyndication.com
paste.sh
pay.google.com
www.gstatic.com
104.21.63.150
2606:4700:3036::ac43:d08c
2606:4700::6810:5514
2a00:1450:4001:803::2003
2a00:1450:4001:811::2002
2a00:1450:4001:831::2002
2a00:1450:400c:c03::5c
88.212.201.204
06e80cdc98f9361101e00863a04c42c407f2a36a66944dc442ec1d4b1bd2324f
0d641cd345ecb8a76c6c52db24e446414e58e1ea3b3de1e6962a277fd5a86858
22aff09a4899c48a59b0b6963e2fc945a674556db20ce9576b54fce2d1de0812
27eacd89f798fe80937fa374a5046244211e3e97cc7852c88cba0776cfc2b72f
33024a69c55c2172b2db5fa2774cec3a2ca7c2e7775847edd69bdf4d358cc336
3e13369e5c528a4598007330a7d572dadd181e268d0cf87ba7b62fd7668597f8
4c4d3eb8c2604e22a6c42397125d638039d38d8752b6bd4e1ac9cf102e5e0792
4f04f565b40e54e13d457c6ac0a7ec14805bb917845b27073c7f19004c4c02ab
623c81b092a6116d4d60ff89b14803818efb0b9aebf6e4e2c50241e802f6e016
648d7e0aec8d7226be56e725ff66d7e9264789c86095a2fc2f5832c3c97c8f57
6c7c9481fb7faeade4ef6b13935275a645e8486c855f483cbc2e8fc97fc76bfd
6c8e92b0657827bb2c0a1d12848d90878203dc9f38580ff6808dd264729450ad
747693094d8736b1d3c2f6997bd01af07b156db9bff54a8db587d3709955d943
81b3cfec8709a5844f547eae1fc0966ca4db5ec5c762a371b31954967cbda57b
a5ace9c72eef117291739bb9319b7dbc0add0026e4a8ce5ebd545e9eb27085e9
ccb3498a964fb16c36ea86dfa959502d0d6a778cbc697ae2a378bdd67452c9ff
ceff151527069dd1bdf05dd11632bd13de1391cea198db881799944cfacf3290
d6ff339ddb4525268c21fa26ded66b0703f177e742281dc9bcd558288f8e1101
e136326ec851aec24b781047d5a01ac478d6a09abe6b83ca29c741bf117f5c18
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab
ee33128c5bcac13cc2bbb1d771b375c9dbf20f50848fdb4c0e6cf01aba5e931a