n3plcpnl0262.prod.ams3.secureserver.net Open in urlscan Pro
160.153.155.18  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set card.php Show response n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/	11 KB 3 KB	101ms 32ms	Document text/html	160.153.155.18 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.155.18 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS n3plcpnl0262.prod.ams3.secureserver.net Software Apache / PHP/7.2.8 Resource Hash d67f12c2477d3da4230bc85d5bc40f813d93ca6ebd3a7befc6599a02f157dfdd Request headers Host n3plcpnl0262.prod.ams3.secureserver.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate, br Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 06 Feb 2019 09:41:09 GMT Server Apache X-Powered-By PHP/7.2.8 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=a9a59cf15e7101efb280c656f365fb06; path=/ Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2533 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html; charset=UTF-8
GET H2	200	ec.js Show response www.google-analytics.com/plugins/ua/	3 KB 1 KB	14ms 13ms	Script text/javascript	2a00:1450:4001:821::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/plugins/ua/ec.js Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:33:03 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 21 Apr 2016 03:17:22 GMT server sffe age 487 vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=3600 accept-ranges bytes alt-svc quic=":443"; ma=2592000; v="44,43,39" content-length 1296 x-xss-protection 1; mode=block expires Wed, 06 Feb 2019 10:33:03 GMT
GET H2	200	/ Show response track.adform.net/serving/scripts/trackpoint/async/	76 KB 30 KB	175ms 64ms	Script text/javascript	37.157.6.246 ADFORM
General Check archive.org Show headers Download Go to Full URL https://track.adform.net/serving/scripts/trackpoint/async/ Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 37.157.6.246 , Denmark, ASN198622 (ADFORM, DK), Reverse DNS Software nginx / Resource Hash a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265 Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:41:10 GMT content-encoding gzip server nginx access-control-allow-origin * vary Accept-Encoding p3p CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT" status 200 cache-control public, max-age=604800 content-type text/javascript; charset=utf-8 content-length 30712 expires Wed, 13 Feb 2019 09:41:10 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	43 KB 17 KB	8ms 7ms	Script text/javascript	2a00:1450:4001:821::200e Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:821::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Golfe2 / Resource Hash 3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 16 Jan 2019 20:01:45 GMT server Golfe2 age 6723 date Wed, 06 Feb 2019 07:49:07 GMT vary Accept-Encoding content-type text/javascript status 200 cache-control public, max-age=7200 timing-allow-origin * alt-svc quic=":443"; ma=2592000; v="44,43,39" content-length 17543 expires Wed, 06 Feb 2019 09:49:07 GMT
GET H2	200	webfont.js Show response ajax.googleapis.com/ajax/libs/webfont/1/	13 KB 5 KB	16ms 10ms	Script text/javascript	2a00:1450:4001:81c::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Fri, 01 Feb 2019 12:42:03 GMT content-encoding gzip x-content-type-options nosniff age 421147 status 200 alt-svc quic=":443"; ma=2592000; v="44,43,39" content-length 5437 x-xss-protection 1; mode=block last-modified Tue, 20 Dec 2016 18:17:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Sat, 01 Feb 2020 12:42:03 GMT
GET H2	200	gtm.js Show response www.googletagmanager.com/	256 KB 46 KB	27ms 21ms	Script application/javascript	2a00:1450:4001:81a::2008 Google LLC
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-P76R79S Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software Google Tag Manager (scaffolding) / Resource Hash 29063041526d23cf877e63e2404cbe900e909e9e4301b7173e57feed32f944b7 Security Headers Name Value X-Xss-Protection 1; mode=block Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:41:10 GMT content-encoding br alt-svc quic=":443"; ma=2592000; v="44,43,39" server Google Tag Manager (scaffolding) access-control-allow-origin http://www.googletagmanager.com vary Accept-Encoding content-type application/javascript; charset=UTF-8 status 200 cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control content-length 46638 x-xss-protection 1; mode=block expires Wed, 06 Feb 2019 09:41:10 GMT
GET H2	200	hotjar-643217.js Show response static.hotjar.com/c/	2 KB 1 KB	103ms 26ms	Script application/javascript	147.75.205.43 Packet Host
General Check archive.org Show headers Download Go to Full URL https://static.hotjar.com/c/hotjar-643217.js?sv=5 Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.205.43 Amsterdam, Netherlands, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-31 Software openresty / Resource Hash bd759d4216d20d9caf196f86e0e4673bbff01042bf542ecad35a0bc363fa029c Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:41:10 GMT content-encoding gzip x-content-type-options nosniff content-type application/javascript section-io-tag hotjar age 57 status 200 section-io-cache Hit vary Accept-Encoding content-length 1063 x-cache-hit 1 server openresty x-frame-options SAMEORIGIN etag W/f7d116f7d98befc5845ef9c753e81460 access-control-max-age 600 section-io-origin-status 200 access-control-allow-origin * cache-control max-age=60 section-io-origin-time-seconds 0.073 accept-ranges bytes section-io-id 69e6ff8e58302d1cff5ac7d5b6689d07
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/1.7.2/	93 KB 33 KB	13ms 12ms	Script text/javascript	2a00:1450:4001:81c::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:81c::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software sffe / Resource Hash 47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Mon, 14 Jan 2019 18:37:00 GMT content-encoding gzip x-content-type-options nosniff age 1955050 status 200 alt-svc quic=":443"; ma=2592000; v="44,43,39" content-length 33845 x-xss-protection 1; mode=block last-modified Tue, 20 Dec 2016 18:17:03 GMT server sffe vary Accept-Encoding content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Tue, 14 Jan 2020 18:37:00 GMT
GET H2	200	css fonts.googleapis.com/	5 KB 699 B	17ms 16ms	Stylesheet text/css	2a00:1450:4001:808::200a Google LLC
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css?family=Open+Sans:400,600&subset=latin Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 2a00:1450:4001:808::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US), Reverse DNS Software ESF / Resource Hash 4c9151ec30fd2126494b4e022b181ec87b46a1839450d31a7afa00269983022c Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding br last-modified Wed, 06 Feb 2019 09:41:10 GMT server ESF access-control-allow-origin * date Wed, 06 Feb 2019 09:41:10 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 status 200 alt-svc quic=":443"; ma=2592000; v="44,43,39" cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin x-xss-protection 1; mode=block expires Wed, 06 Feb 2019 09:41:10 GMT
GET H2	200	modules-79263abf7d750edcf2ac9b3f61c10e5a.js Show response script.hotjar.com/	400 KB 81 KB	87ms 15ms	Script application/javascript	147.75.80.178 Packet Host
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules-79263abf7d750edcf2ac9b3f61c10e5a.js Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.80.178 , Switzerland, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-25 Software / Resource Hash b15e7144c955c393a5d8f9dbe7935fc296336808b0a25e86240fbde6f6644c4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:41:10 GMT content-encoding gzip x-content-type-options nosniff last-modified Thu, 24 Jan 2019 10:28:33 GMT access-control-allow-origin * etag W/"79263abf7d750edcf2ac9b3f61c10e5a" content-type application/javascript status 200 cache-control max-age=31536000 section-io-origin-time-seconds 0.027 content-length 82398 section-io-origin-status 200 accept-ranges bytes section-io-id 36b8e4b680120c24ae6eaf4b4fcae7ed x-amz-version-id 4y670bWU5PJu59GqghGBNvi4ffjpdaWc
GET H/1.1	200 OK	vendor.222d70f6d6e470a9d211755bfbc35f22.css privati.nexi.it/	14 KB 5 KB	290ms 64ms	Stylesheet text/css	185.198.116.51 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Full URL https://privati.nexi.it/vendor.222d70f6d6e470a9d211755bfbc35f22.css Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.198.116.51 -, , ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash ae4697824881a6a6b5fe690d5652d24fbacae1586d0afa90213d7b2c18162938 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 06 Feb 2019 09:41:10 GMT Content-Encoding gzip Last-Modified Mon, 04 Feb 2019 13:19:08 GMT X-Frame-Options SAMEORIGIN ETag "37bd-58111566d8b00-gzip" Vary Accept-Encoding P3P policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT" Cache-Control max-age=31536000, private Connection keep-alive, Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5, max=100 Content-Length 3807 Expires Fri, 08 Mar 2019 09:41:10 GMT
GET H/1.1	200 OK	app.976106247a3e6ce08a12fe8c08f86176.css privati.nexi.it/	0 2 KB	289ms 63ms	Stylesheet text/html	185.198.116.51 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Full URL https://privati.nexi.it/app.976106247a3e6ce08a12fe8c08f86176.css Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.198.116.51 -, , ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers
GET H/1.1	200 OK	logo_dark.svg privati.nexi.it/	3 KB 3 KB	242ms 57ms	Image image/svg+xml	185.198.116.51 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Show image Full URL https://privati.nexi.it/logo_dark.svg Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 185.198.116.51 -, , ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash 2ba20f95f1f9e59dced89ead82577dc71a3c0c7d9fa6b7dd9d1b3c0d638cf193 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 06 Feb 2019 09:41:10 GMT Last-Modified Mon, 04 Feb 2019 13:19:08 GMT ETag "a3b-58111566d8b00" X-Frame-Options SAMEORIGIN P3P policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT" Cache-Control max-age=2592000, public Connection keep-alive, Keep-Alive Accept-Ranges bytes Content-Type image/svg+xml Keep-Alive timeout=5, max=99 Content-Length 2619 Expires Fri, 08 Mar 2019 09:41:10 GMT
GET H/1.1	200 OK	nexipay-tablet-688x468.jpg n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/img/	79 KB 79 KB	27ms 21ms	Image image/jpeg	160.153.155.18 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/img/nexipay-tablet-688x468.jpg Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 160.153.155.18 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS n3plcpnl0262.prod.ams3.secureserver.net Software Apache / Resource Hash 916fb1152dbc9efc7ef54039655e7c5e86bca3fde2b51f0e4a19eb21a17b3282 Request headers Pragma no-cache Accept-Encoding gzip, deflate, br Host n3plcpnl0262.prod.ams3.secureserver.net User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Cookie PHPSESSID=a9a59cf15e7101efb280c656f365fb06 Connection keep-alive Cache-Control no-cache Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 06 Feb 2019 09:41:10 GMT Last-Modified Wed, 06 Feb 2019 06:55:35 GMT Server Apache ETag "7da0a5a-13cc9-581343679df47" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 81097
GET H/1.1	200 OK	style.css www.nexi.it/cookieservice/titolari-it/	17 KB 5 KB	270ms 49ms	Stylesheet text/css	151.99.162.64 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Full URL https://www.nexi.it/cookieservice/titolari-it/style.css Requested by Host: n3plcpnl0262.prod.ams3.secureserver.net URL: https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 151.99.162.64 , Italy, ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash 260f59a0f3ec205735c10ed1b28b0b42871437fa0f466bf61a386e6150ac4239 Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Wed, 06 Feb 2019 09:41:10 GMT Content-Encoding gzip Last-Modified Mon, 23 Jul 2018 10:15:15 GMT ETag "433a-571a7ebedf547-gzip" Vary Accept-Encoding P3P policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT" Connection Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5, max=100 Content-Length 4884
GET H2	200	modules-ab5ba0ccf53ded68dfc9bbcb1e84cd7b.js Show response script.hotjar.com/	409 KB 84 KB	28ms 25ms	Script application/javascript	147.75.80.178 Packet Host
General Check archive.org Show headers Download Go to Full URL https://script.hotjar.com/modules-ab5ba0ccf53ded68dfc9bbcb1e84cd7b.js Requested by Host: static.hotjar.com URL: https://static.hotjar.com/c/hotjar-643217.js?sv=5 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 147.75.80.178 , Switzerland, ASN54825 (PACKET - Packet Host, Inc., US), Reverse DNS pkt-ams-k1-25 Software / Resource Hash 10525ac208d522b0bffcd016b342de2d8ebe00971c3d6727fec5e7047d11dbf5 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers date Wed, 06 Feb 2019 09:41:10 GMT content-encoding gzip x-content-type-options nosniff last-modified Mon, 04 Feb 2019 11:10:39 GMT access-control-allow-origin * etag W/"ab5ba0ccf53ded68dfc9bbcb1e84cd7b" content-type application/javascript status 200 cache-control max-age=31536000 section-io-origin-time-seconds 0.039 content-length 85079 section-io-origin-status 200 accept-ranges bytes section-io-id dbca7950574370bd4d3c5f6fca90df4a x-amz-version-id ZXdtJ1gfdaprJj8WGRewCXGnxpC.K3Tc

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| gaplugins function| ga function| $ function| jQuery object| google_tag_data object| WebFont object| google_tag_manager object| dataLayer object| Adform object| KJUR object| adf object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| hj object| _hjSettings

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			n3plcpnl0262.prod.ams3.secureserver.net/	1969-12-31 23:59:59	Name: PHPSESSID Value: a9a59cf15e7101efb280c656f365fb06

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://script.hotjar.com/modules-ab5ba0ccf53ded68dfc9bbcb1e84cd7b.js(Line 121) Message: Hotjar Tracking Warning: Multiple Hotjar tracking codes were detected on this page. Tracking will not work as expected.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
n3plcpnl0262.prod.ams3.secureserver.net
privati.nexi.it
script.hotjar.com
static.hotjar.com
track.adform.net
www.google-analytics.com
www.googletagmanager.com
www.nexi.it
147.75.205.43
147.75.80.178
151.99.162.64
160.153.155.18
185.198.116.51
2a00:1450:4001:808::200a
2a00:1450:4001:81a::2008
2a00:1450:4001:81c::200a
2a00:1450:4001:821::200e
37.157.6.246
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
10525ac208d522b0bffcd016b342de2d8ebe00971c3d6727fec5e7047d11dbf5
260f59a0f3ec205735c10ed1b28b0b42871437fa0f466bf61a386e6150ac4239
29063041526d23cf877e63e2404cbe900e909e9e4301b7173e57feed32f944b7
2ba20f95f1f9e59dced89ead82577dc71a3c0c7d9fa6b7dd9d1b3c0d638cf193
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4c9151ec30fd2126494b4e022b181ec87b46a1839450d31a7afa00269983022c
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
916fb1152dbc9efc7ef54039655e7c5e86bca3fde2b51f0e4a19eb21a17b3282
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
ae4697824881a6a6b5fe690d5652d24fbacae1586d0afa90213d7b2c18162938
b15e7144c955c393a5d8f9dbe7935fc296336808b0a25e86240fbde6f6644c4b
bd759d4216d20d9caf196f86e0e4673bbff01042bf542ecad35a0bc363fa029c
d67f12c2477d3da4230bc85d5bc40f813d93ca6ebd3a7befc6599a02f157dfdd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855