litigepayrefund.duckdns.org

Summary

This website contacted 3 IPs in 1 countries across 5 domains to perform 5 HTTP transactions. The main IP is 172.234.245.212, located in and belongs to . The main domain is litigepayrefund.duckdns.org.
TLS certificate: Issued by R3 on April 24th 2024. Valid for: 3 months.

This is the only time litigepayrefund.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2	2620:0:890::100 2620:0:890::100	54113 (FASTLY) (FASTLY)
1 1	13.33.187.122 13.33.187.122	16509 (AMAZON-02) (AMAZON-02)
1 1	172.67.1.225 172.67.1.225	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.234.245.212 172.234.245.212	() ()
5	3

2 2620:0:890::100 (United States)

ASN54113 (FASTLY, US)

payrefundcontest.web.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.122 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-122.fra60.r.cloudfront.net

qrco.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.1.225 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

tinyurl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.234.245.212 (None, )

ASN- ()

litigepayrefund.duckdns.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	web.app payrefundcontest.web.app	1 KB
1	duckdns.org litigepayrefund.duckdns.org
1	tinyurl.com 1 redirects tinyurl.com — Cisco Umbrella Rank: 19149	809 B
1	qrco.de 1 redirects qrco.de — Cisco Umbrella Rank: 90066	335 B
0	paypalobjects.com Failed www.paypalobjects.com Failed
5	5

	Domain	Requested by
2	payrefundcontest.web.app
1	litigepayrefund.duckdns.org	litigepayrefund.duckdns.org
1	tinyurl.com	1 redirects
1	qrco.de	1 redirects
0	www.paypalobjects.com Failed	litigepayrefund.duckdns.org
5	5

This site contains no links.

Subject Issuer	Validity	Valid
web.app GTS CA 1D4	`2024-03-21` - `2024-06-19`	3 months	crt.sh
litigepayrefund.duckdns.org R3	`2024-04-24` - `2024-07-23`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://litigepayrefund.duckdns.org/index.php
Frame ID: 76EEFA93564DECEBD79877C2335EFE87
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://payrefundcontest.web.app/ Page URL
https://qrco.de/bf04mG HTTP 302
https://tinyurl.com/48h6v96r HTTP 301
https://litigepayrefund.duckdns.org/index.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

60 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

3
IPs

1
Countries

1 kB
Transfer

3 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://payrefundcontest.web.app/ Page URL
https://qrco.de/bf04mG HTTP 302
https://tinyurl.com/48h6v96r HTTP 301
https://litigepayrefund.duckdns.org/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
payrefundcontest.web.app/ 283 B
517 B 75ms
23ms Document
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://payrefundcontest.web.app/

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

90bbdd80ac4593bb50a84a1b4db7e3cd456201e96d223f15e9f231e5f5ea253c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=3600
content-encoding: br
content-length: 149
content-type: text/html; charset=utf-8
date: Wed, 24 Apr 2024 23:35:25 GMT
etag: "f2f57e373a63c27876d862498f4dad2171ae8a063ec7ebe6617a694630c9cb98-br"
last-modified: Wed, 24 Apr 2024 01:48:26 GMT
strict-transport-security: max-age=31556926; includeSubDomains; preload
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-fra-eddf8230135-FRA
x-timer: S1714001726.785444,VS0,VE1

GET
H2 404 favicon.ico
payrefundcontest.web.app/ 2 KB
970 B 24ms
23ms Other
text/html 2620:0:890::100
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://payrefundcontest.web.app/favicon.ico

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2620:0:890::100 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

/

Resource Hash

b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://payrefundcontest.web.app/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-served-by: cache-fra-eddf8230135-FRA
strict-transport-security: max-age=31556926; includeSubDomains; preload
content-encoding: gzip
date: Wed, 24 Apr 2024 23:35:25 GMT
last-modified: Wed, 24 Apr 2024 01:48:26 GMT
x-timer: S1714001726.827640,VS0,VE1
etag: "762bf484ba67404bd1a3b181546ea28d60dfddf18e9dd4795d8d25bcf3c1a890"
vary: x-fh-requested-host, accept-encoding
x-cache: HIT
content-type: text/html; charset=utf-8
cache-control: max-age=3600
accept-ranges: bytes
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 852
x-cache-hits: 1

GET
H2

200

Primary Request index.php
litigepayrefund.duckdns.org/
Redirect Chain

https://qrco.de/bf04mG
https://tinyurl.com/48h6v96r
https://litigepayrefund.duckdns.org/index.php

786 B
0

2109ms
1582ms

Document
text/html

172.234.245.212

General

Check archive.org

Show headers Download Go to

Full URL: https://litigepayrefund.duckdns.org/index.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 172.234.245.212 -, , ASN (),
Reverse DNS
Software: nginx / PHP/8.2.18 PleskLin
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://payrefundcontest.web.app/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: br
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 23:35:31 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: nginx
x-powered-by: PHP/8.2.18 PleskLin

Redirect headers

age: 496
alt-svc: h3=":443"; ma=86400
cache-control: max-age=0, must-revalidate, no-cache, no-store, private
cf-cache-status: HIT
cf-ray: 8799e8f62f198f41-FRA
content-type: text/html; charset=UTF-8
date: Wed, 24 Apr 2024 23:35:29 GMT
location: https://litigepayrefund.duckdns.org/index.php
referrer-policy: unsafe-url
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-robots-tag: noindex
x-tinyurl-redirect: eyJpdiI6ImtnYTZJcXA4cFp0L3F1YXIzbE5WZkE9PSIsInZhbHVlIjoiTjZiZE82clpDWDhhak1NTnlYRktmelFJRWQydUdTV3RQTW9KUHpjYWtQaDNPb3I4SFhuOW40bURpdW9HUjh0QnFpV1d2VE9LY2R1NnQ3MHBEQ3dYR3c9PSIsIm1hYyI6IjdhZmU0N2RiOGQ0YjQ0OThhMzMxYTE1ZGE3ZmFjMWRlMTZlY2RkY2YxZWY4Y2VmMzc3YTIyN2M2YmVlOTMwOWEiLCJ0YWciOiIifQ==
x-tinyurl-redirect-type: redirect
x-xss-protection: 1; mode=block

GET pp_fc_hl.svg
www.paypalobjects.com/digitalassets/c/website/logo/full-text/ 0
0

GET antibot.js
litigepayrefund.duckdns.org/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.paypalobjects.com
URL: https://www.paypalobjects.com/digitalassets/c/website/logo/full-text/pp_fc_hl.svg

Domain: litigepayrefund.duckdns.org
URL: https://litigepayrefund.duckdns.org/antibot.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.tinyurl.com/	1970-01-20 20:06:43	Name: __cf_bm Value: s.aOI.hmN6_ufKnc_6Ky.zZuEvOb_fMpiXZ61ct06Ms-1714001729-1.0.1.1-MLlaQqwrEquKzNHxg68HvzdcgAeSs8WWpbsd6_txcLhWWNpx2g_KTaz8eRczTuvh8HVcYyRzGfW5u8R2G4ni0w

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://payrefundcontest.web.app/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

litigepayrefund.duckdns.org
payrefundcontest.web.app
qrco.de
tinyurl.com
www.paypalobjects.com
litigepayrefund.duckdns.org
www.paypalobjects.com
13.33.187.122
172.234.245.212
172.67.1.225
2620:0:890::100
90bbdd80ac4593bb50a84a1b4db7e3cd456201e96d223f15e9f231e5f5ea253c
b77b97fe780d35d18248abd1d2f42f444afbabe43f6abcd8fa8ebb3d47825eee

litigepayrefund.duckdns.org Open in urlscan Pro 172.234.245.212 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

5 Requests

60 %HTTPS

25 %IPv6

5 Domains

5 Subdomains

3 IPs

1 Countries

1 kBTransfer

3 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

litigepayrefund.duckdns.org Open in urlscan Pro
172.234.245.212 Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

3
IPs

1
Countries

1 kB
Transfer

3 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions