urlscan.io logo urlscan.io
SecurityTrails logo

wicked-maze.bin.sh Open in urlscan Pro
198.206.134.72  Public Scan

Go To Rescan Add Verdict Report
URL: https://wicked-maze.bin.sh/
Submission Tags: phishingrod
Submission: On July 10 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 198.206.134.72, located in Franklin, United States and belongs to CYBERLYNK, US. The main domain is wicked-maze.bin.sh.
TLS certificate: Issued by R3 on April 30th 2024. Valid for: 3 months.
This is the only time wicked-maze.bin.sh was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 198.206.134.72 21554 (CYBERLYNK)
1 207.153.1.24 10242 (USINTERNET)
1 2a00:1450:400... 15169 (GOOGLE)
8 3
Apex Domain
Subdomains		 Transfer
8 bin.sh
wicked-maze.bin.sh
www.bin.sh
donjon.bin.sh
83 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 607
40 KB
8 2
Domain Requested by
6 wicked-maze.bin.sh 1 redirects wicked-maze.bin.sh
1 donjon.bin.sh wicked-maze.bin.sh
1 ajax.googleapis.com wicked-maze.bin.sh
1 www.bin.sh wicked-maze.bin.sh
8 4

This site contains links to these domains. Also see Links.

Domain
www.drivethrurpg.com
Subject Issuer Validity Valid
wicked-maze.bin.sh
R3		 2024-04-30 -
2024-07-29		 3 months crt.sh
www.bin.sh
R11		 2024-07-08 -
2024-10-06		 3 months crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
donjon.bin.sh
R3		 2024-05-27 -
2024-08-25		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://wicked-maze.bin.sh/
Frame ID: DC8BAF4930F1838729FA8EE7ABABFA3E
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Random Wicked Maze Generator

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Page Statistics

8
Requests

88 %
HTTPS

33 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

123 kB
Transfer

263 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://wicked-maze.bin.sh/favicon.ico HTTP 302
  • https://wicked-maze.bin.sh/

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
wicked-maze.bin.sh/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
ab0e56db654deaad83e634e60bc8c1ed370199b9f88e363c11e852408f2c0898
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
2269
Content-Type
text/html; charset=utf-8
Date
Wed, 10 Jul 2024 05:01:30 GMT
ETag
"8dd-5c662ab1618c0"
Keep-Alive
timeout=5, max=100
Last-Modified
Mon, 05 Jul 2021 16:19:23 GMT
Referrer-Policy
strict-origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
common.css
www.bin.sh/skin/style/ 		5 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bin.sh/skin/style/common.css
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
207.153.1.24 Minneapolis, United States, ASN10242 (USINTERNET, US),
Reverse DNS
207-153-1-24.fttp.usinternet.com
Software
Apache /
Resource Hash
8e9d92713c6cbe5583d088a2f37282ee67da00d97976e0ced0692bf1c54078ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:32 GMT
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
1396
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 10 Nov 2021 05:24:19 GMT
Server
Apache
ETag
"1550-5d0687012a6c0-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
style.css
wicked-maze.bin.sh/ 		902 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://wicked-maze.bin.sh/style.css
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
b6b68330022ab2923ecf4d380a98c472acf3fc0c1f217a8b79b0da3d0417074c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:30 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Jun 2014 03:08:47 GMT
Server
Apache
ETag
"386-4fc139426edc0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
902
X-XSS-Protection
1; mode=block
prototype.js
ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/ 		177 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
48a4fd51466ac55d081ff932371021b328f118f74ee6ba93c0ec8fd163e34a30
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:42:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
69561
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
40653
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Jul 2025 09:42:09 GMT
control.js
wicked-maze.bin.sh/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://wicked-maze.bin.sh/control.js
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
c4669ee182ec545c566157f3edef7a8f74c69f3736702ce06bf4b53baef651c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:30 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 18 Jun 2014 03:11:27 GMT
Server
Apache
ETag
"791-4fc139db055c0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1937
X-XSS-Protection
1; mode=block
blank.png
donjon.bin.sh/icons/ 		109 B
567 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://donjon.bin.sh/icons/blank.png
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
268685489b539ec81d242184158e6bfb5ece068f6fe4c14034e2e5a25e3a3df9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:31 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Last-Modified
Wed, 11 Jun 2014 18:42:27 GMT
Server
Apache
ETag
"6d-4fb93ce50aac0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
109
X-XSS-Protection
1; mode=block
maze.cgi
wicked-maze.bin.sh/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://wicked-maze.bin.sh/maze.cgi?seed=1720587692399&width=48&height=60&enc=17
Requested by
Host: wicked-maze.bin.sh
URL: https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
ad038dd684b0a8d2314c09f1cc74b2e0da665dedd03cd6b698f8bee51bc1d1d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:32 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
image/png
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
X-XSS-Protection
1; mode=block
/
wicked-maze.bin.sh/
Redirect Chain
  • https://wicked-maze.bin.sh/favicon.ico
  • https://wicked-maze.bin.sh/
2 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://wicked-maze.bin.sh/
Protocol
HTTP/1.1
Server
198.206.134.72 Franklin, United States, ASN21554 (CYBERLYNK, US),
Reverse DNS
mithlond.bin.sh
Software
Apache /
Resource Hash
ab0e56db654deaad83e634e60bc8c1ed370199b9f88e363c11e852408f2c0898
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://wicked-maze.bin.sh/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 10 Jul 2024 05:01:30 GMT
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Jul 2021 16:19:23 GMT
Server
Apache
ETag
"8dd-5c662ab1618c0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Accept-Ranges
bytes
Content-Length
2269
X-XSS-Protection
1; mode=block

Redirect headers

Date
Wed, 10 Jul 2024 05:01:33 GMT
Strict-Transport-Security
max-age=31536000
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://wicked-maze.bin.sh/
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
211
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Prototype object| Class function| PeriodicalExecuter function| Template object| $break object| Enumerable function| $A function| $w function| $H function| Hash function| $R function| ObjectRange object| Abstract object| Try object| Ajax object| Form object| Field function| $F object| Toggle object| Insertion object| $continue object| Position function| $ function| $$ function| Sizzle function| Selector function| init_control function| seed_reaction function| new_seed function| reset_seed function| width_reaction function| height_reaction function| size_reaction function| load_maze

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block