urlscan.io logo urlscan.io
SecurityTrails logo

dpaste.org Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://givawey.click/?up=%3C?php%20%20echo%20substr(md5(microtime()),0,rand(10,30));?%3E&k=3661&down=%3C?php%20echo%2...
Effective URL: https://dpaste.org/nfA3j/raw
Submission: On June 21 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 3 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is dpaste.org.
TLS certificate: Issued by GTS CA 1P5 on May 13th 2024. Valid for: 3 months.
This is the only time dpaste.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
3 3
Apex Domain
Subdomains		 Transfer
1 dpaste.org
dpaste.org
879 B
1 pilgmared.click
pilgmared.click
587 B
1 givawey.click
givawey.click
660 B
3 3
Domain Requested by
1 dpaste.org pilgmared.click
1 pilgmared.click givawey.click
1 givawey.click
3 3

This site contains no links.

Subject Issuer Validity Valid
givawey.click
E5		 2024-06-09 -
2024-09-07		 3 months crt.sh
pilgmared.click
WE1		 2024-06-16 -
2024-09-14		 3 months crt.sh
dpaste.org
GTS CA 1P5		 2024-05-13 -
2024-08-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dpaste.org/nfA3j/raw
Frame ID: 653785E7D56D9D16505770414FD10D3C
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://givawey.click/?up=%3C?php%20%20echo%20substr(md5(microtime()),0,rand(10,30));?%3E&k=3661&d... Page URL
  2. http://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce7... HTTP 307
    https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce7... Page URL
  3. https://dpaste.org/nfA3j/raw Page URL

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

2 kB
Transfer

1 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://givawey.click/?up=%3C?php%20%20echo%20substr(md5(microtime()),0,rand(10,30));?%3E&k=3661&down=%3C?php%20echo%20substr(md5(microtime()),0,rand(7,27));?%3E&j=%3C?php%20echo%20the_title();?%3E Page URL
  2. http://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357 HTTP 307
    https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357 Page URL
  3. https://dpaste.org/nfA3j/raw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357 HTTP 307
  • https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
givawey.click/ 		404 B
660 B 		Document
General
Check archive.org
Download Go to
Full URL
https://givawey.click/?up=%3C?php%20%20echo%20substr(md5(microtime()),0,rand(10,30));?%3E&k=3661&down=%3C?php%20echo%20substr(md5(microtime()),0,rand(7,27));?%3E&j=%3C?php%20echo%20the_title();?%3E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::6815:4aa0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
897394a7988593fa-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 21 Jun 2024 11:15:26 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VUGAFTH5eRf3%2FQA6xMYu1g%2Fd0h5DPCUk1yEEYSdzAYs4%2BN0lnPhGK0rzK8%2Bo6lsQVvy6xnDstan6ilUGjPFH1Il5%2FtneXNcICP8ePaYk2S0n9L9daaF1qvdIVzPzU0%2BgGx7KBYmAoNkGwNwS"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed
/
pilgmared.click/
Redirect Chain
  • http://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357
  • https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357
155 B
587 B 		Document
General
Check archive.org
Download Go to
Full URL
https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357
Requested by
Host: givawey.click
URL: https://givawey.click/?up=%3C?php%20%20echo%20substr(md5(microtime()),0,rand(10,30));?%3E&k=3661&down=%3C?php%20echo%20substr(md5(microtime()),0,rand(7,27));?%3E&j=%3C?php%20echo%20the_title();?%3E
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3033::ac43:805a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
897394abca726427-LHR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 21 Jun 2024 11:15:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=swxntMMW5P%2FOC5bv951GZQPrjgQcXVo%2BPmk4YDkMHtdP1SNb7mxCYcwGHlKvvju0aG8zgKx03VfzAK3IdRgfkaLpRY%2FuTya2dGfqKTcp3rGe0c3zzXWkQFdtE1rV5Lp2zQRthjdKRkXNYPKeJGA%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-turbo-charged-by
LiteSpeed

Redirect headers

Location
https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357
Non-Authoritative-Reason
HttpsUpgrades
Primary Request raw
dpaste.org/nfA3j/ 		567 B
879 B 		Document
General
Check archive.org
Download Go to
Full URL
https://dpaste.org/nfA3j/raw
Requested by
Host: pilgmared.click
URL: https://pilgmared.click/?667560ce71c6b=83787f23c76d86e0663d55d9a5ac0f65&667560ce71c87=3661&667560ce71c89=_php-echo-the-title&gkss=345357
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03e04282ea8ec971a0f65ae94f5867b3f410a500f31ae05722c0d40404f75084
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline'; default-src 'none'; img-src data:; style-src 'self' 'unsafe-inline'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-GB,en;q=0.9;q=0.9
Referer
https://pilgmared.click/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
897394af4ea463c8-LHR
content-encoding
br
content-language
en
content-security-policy
script-src 'self' 'unsafe-inline'; default-src 'none'; img-src data:; style-src 'self' 'unsafe-inline'
content-type
text/plain;charset=UTF-8
cross-origin-opener-policy
same-origin
date
Fri, 21 Jun 2024 11:15:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HBBBsmnWQBlLvN7qs%2BnU7rSpsdEHw%2FwDGObYUTDPx2ZIgLCKnX5%2B960qEYP8iC6rqXOHeMDcU1tVRcyLiPSAdSZDXZjWP3VsEmEPC66em8IG9o84ur%2BURaeCsje5IylrsHyRfZytZ5Ud"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Language, Cookie
x-content-type-options
nosniff
x-frame-options
DENY

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dpaste.org
givawey.click
pilgmared.click
2606:4700:3032::6815:4aa0
2606:4700:3033::ac43:805a
2a06:98c1:3121::3
03e04282ea8ec971a0f65ae94f5867b3f410a500f31ae05722c0d40404f75084