shimmerfire.in Open in urlscan Pro
200.69.23.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Effective URL:
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
Submission: On July 26 via manual (July 26th 2023, 6:16:35 pm UTC) from US — Scanned from DE

Summary HTTP 34 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 13 IPs in 4 countries across 10 domains to perform 34 HTTP transactions. The main IP is 200.69.23.141, located in Puerto Madryn, Argentina and belongs to A2HOSTING, US. The main domain is shimmerfire.in.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 1st 2023. Valid for: 3 months.

This is the only time shimmerfire.in was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Discover (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	111.68.108.200 111.68.108.200	45773 (HECPERN-A...) (HECPERN-AS-PK PERN AS Content Servie Provider)
3 13	200.69.23.141 200.69.23.141	55293 (A2HOSTING) (A2HOSTING)
8	23.212.220.180 23.212.220.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	23.67.128.233 23.67.128.233	16625 (AKAMAI-AS) (AKAMAI-AS)
1 3	52.31.139.111 52.31.139.111	16509 (AMAZON-02) (AMAZON-02)
1	52.49.138.0 52.49.138.0	() ()
1	63.140.62.164 63.140.62.164	() ()
1 1	34.249.210.192 34.249.210.192	() ()
5 5	151.101.2.49 151.101.2.49	() ()
1 2	142.250.185.66 142.250.185.66	() ()
1	69.173.144.138 69.173.144.138	() ()
1 2	185.80.39.216 185.80.39.216	() ()
1 2	37.252.172.123 37.252.172.123	() ()
1	35.244.159.8 35.244.159.8	() ()
34	13

1 111.68.108.200 (Karachi, Pakistan)

ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK)
PTR: szabist.edu.pk

szabist.edu.pk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 200.69.23.141 (Puerto Madryn, Argentina) 3 redirects

ASN55293 (A2HOSTING, US)
PTR: 200.69.23.141.static.a2webhosting.com

shimmerfire.in	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 23.212.220.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-212-220-180.deploy.static.akamaitechnologies.com

portal.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.67.128.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-67-128-233.deploy.static.akamaitechnologies.com

messaging.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.31.139.111 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-139-111.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.138.0 (None, )

ASN- ()

discoverfinancialservices.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.164 (None, )

ASN- ()

smetrics.discover.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.249.210.192 (None, ) 1 redirects

ASN- ()

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.2.49 (None, ) 5 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (None, ) 1 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.138 (None, )

ASN- ()

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.80.39.216 (None, ) 1 redirects

ASN- ()

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.123 (None, ) 1 redirects

ASN- ()

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	shimmerfire.in 3 redirects shimmerfire.in	14 KB
11	discover.com portal.discover.com — Cisco Umbrella Rank: 45439 messaging.discover.com — Cisco Umbrella Rank: 47292 smetrics.discover.com	250 KB
6	everesttech.net 6 redirects cm.everesttech.net sync-tm.everesttech.net	1 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 210 discoverfinancialservices.demdex.net	7 KB
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	1 KB
2	doubleclick.net 1 redirects cm.g.doubleclick.net	813 B
1	openx.net us-u.openx.net	264 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	szabist.edu.pk szabist.edu.pk	487 B
34	10

	Domain	Requested by
13	shimmerfire.in	3 redirects shimmerfire.in
8	portal.discover.com	shimmerfire.in portal.discover.com
5	sync-tm.everesttech.net	5 redirects
3	dpm.demdex.net	1 redirects shimmerfire.in
2	ib.adnxs.com	1 redirects shimmerfire.in
2	dsum-sec.casalemedia.com	1 redirects shimmerfire.in
2	cm.g.doubleclick.net	1 redirects shimmerfire.in
2	messaging.discover.com	shimmerfire.in
1	us-u.openx.net
1	pixel.rubiconproject.com	shimmerfire.in
1	cm.everesttech.net	1 redirects
1	smetrics.discover.com	portal.discover.com
1	discoverfinancialservices.demdex.net	portal.discover.com
1	szabist.edu.pk
34	14

This site contains links to these domains. Also see Links.

Domain
www.discover.com
www.fdic.gov

Subject Issuer	Validity	Valid
www.szabist.edu.pk R3	`2023-06-08` - `2023-09-06`	3 months	crt.sh
shimmerfire.in cPanel, Inc. Certification Authority	`2023-06-01` - `2023-08-30`	3 months	crt.sh
www.discovercard.com DigiCert EV RSA CA G2	`2023-03-15` - `2024-04-14`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
smetrics.discover.com DigiCert TLS RSA SHA256 2020 CA1	`2023-02-01` - `2024-03-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
Frame ID: 13365801A09D0BEE0DDF2CCE0924B8B2
Requests: 28 HTTP requests in this frame

Frame: https://discoverfinancialservices.demdex.net/dest5.html?d_nsid=0
Frame ID: 27E9FD9EE96B1B31348962B1258AA360
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Credit Card Login | Discover Card

Page URL History Show full URLs

https://szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
https://shimmerfire.in/.well-known/mynewdiscovercard/ HTTP 302
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+ HTTP 301
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/ HTTP 302
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Page URL

Detected technologies

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Page Statistics

34
Requests

68 %
HTTPS

0 %
IPv6

10
Domains

14
Subdomains

13
IPs

4
Countries

273 kB
Transfer

672 kB
Size

3
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.discover.com/credit-cards/cashback-bonus/?ICMPGN=PUB_FTR_RWDS_CBB
Title: Cash Back Rewards

Search URL Search Domain Scan URL

URL: https://www.fdic.gov/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://szabist.edu.pk/wp-admin/user/discoverlkre33232/ Page URL
https://shimmerfire.in/.well-known/mynewdiscovercard/ HTTP 302
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+ HTTP 301
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/ HTTP 302
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730

Request Chain 27

https://cm.everesttech.net/cm/dd?d_uuid=21453186985558220082692706698935924571 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMFjAwAAAM5DqgNx

Request Chain 28

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wk1GakF3QUFBTTVEcWdOeA== HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push=&google_sc=&google_hm=Wk1GakF3QUFBTTVEcWdOeA==&google_tc=

Request Chain 29

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZMFjAwAAAM5DqgNx&expires=90

Request Chain 30

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx&C=1

Request Chain 31

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D HTTP 302
https://ib.adnxs.com/setuid?entity=158&code=ZMFjAwAAAM5DqgNx HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DZMFjAwAAAM5DqgNx

Request Chain 32

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZMFjAwAAAM5DqgNx

34 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 /
szabist.edu.pk/wp-admin/user/discoverlkre33232/ 364 B
487 B 1876ms
645ms Document
text/html 111.68.108.200
HECPERN-AS-PK PER...

General

Check archive.org

Show headers Download Go to

Full URL: https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 111.68.108.200 Karachi, Pakistan, ASN45773 (HECPERN-AS-PK PERN AS Content Servie Provider, Islamabad, Pakistan, PK),
Reverse DNS: szabist.edu.pk
Software: Microsoft-IIS/10.0 / PHP/8.0.23 ASP.NET
Resource Hash

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 364
content-type: text/html; charset=UTF-8
date: Wed, 26 Jul 2023 18:16:29 GMT
server: Microsoft-IIS/10.0
x-powered-by: PHP/8.0.23 ASP.NET

GET
H2

200

Primary Request sisclog.htm Show response
shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/
Redirect Chain

https://shimmerfire.in/.well-known/mynewdiscovercard/
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/
https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

36 KB
7 KB

186ms
185ms

Document
text/html

200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

b0fb1b7024589c5ee977f8c1739e03fdc6e2f537cfda00870c996317afab3058

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://szabist.edu.pk/wp-admin/user/discoverlkre33232/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 7029
content-type: text/html
date: Wed, 26 Jul 2023 18:16:34 GMT
last-modified: Wed, 26 Jul 2023 06:45:20 GMT
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 26 Jul 2023 18:16:34 GMT
location: sisclog.htm?ip=45.141.152.75
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains
vary: User-Agent
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN

GET
H/1.1 200
OK common.min.css
portal.discover.com/global/public/css/ 241 KB
38 KB 119ms
56ms Stylesheet
text/css 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 08 Oct 2020 12:08:26 GMT
Date: Wed, 26 Jul 2023 18:16:34 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38029
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK visitorAPI.js Show response
portal.discover.com/global/scripts/ 59 KB
20 KB 141ms
17ms Script
application/javascript 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/scripts/visitorAPI.js?ver=9071d5d8ef

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

5c8f3ce009f92493422008d08f3cd96139e05ee6d36b43a4cd1df9f7d593d0ee

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Thu, 27 Aug 2020 09:31:44 GMT
Date: Wed, 26 Jul 2023 18:16:34 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 19585
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK at-top-v2-public.min.js Show response
portal.discover.com/global/public/scripts/ 142 KB
45 KB 162ms
21ms Script
application/javascript 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://portal.discover.com/global/public/scripts/at-top-v2-public.min.js?ver=6745124a56

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 26 Jul 2023 05:45:12 GMT
Date: Wed, 26 Jul 2023 18:16:34 GMT
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45069
X-XSS-Protection: 1; mode=block

GET login-logout.min.css
shimmerfire.in/portal.discover.com/applications/login-logout/css/ 0
0

GET
H/1.1 200
OK freshchat-style.min.css
messaging.discover.com/css/ 6 KB
2 KB 124ms
23ms Stylesheet
text/css 23.67.128.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://messaging.discover.com/css/freshchat-style.min.css

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.67.128.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-67-128-233.deploy.static.akamaitechnologies.com

Software

Resource Hash

24e90171982a04e69f68974a75d19b0fc4c8ae482dfa5dc73f6cceb69b9206b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Thu, 08 Jun 2023 19:46:51 GMT
Vary: Accept-Encoding
Content-Type: text/css
X-Vcap-Request-Id: f340f97e-4ab6-4688-40d5-317a61efa7d8
Cache-Control: no-cache, no-store, must-revalidate
Server-Timing: intid;desc=2840422d5b399b53
Accept-Ranges: bytes
Connection: keep-alive
X-Dfsresponse: p-ssb:mes:route2:3d34bce9833dfcbb0279c3fd66832634
Content-Length: 1908
Expires: Wed, 26 Jul 2023 18:16:34 GMT

GET
H/1.1 200
OK discover-logo.png
portal.discover.com/global/images/ 3 KB
4 KB 63ms
62ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/discover-logo.png

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:45 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3212
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icon-spyglass.png
portal.discover.com/global/images/ 443 B
925 B 99ms
36ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/icon-spyglass.png

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Tue, 12 Dec 2017 07:27:53 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 443
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_LRG_at.jpg
portal.discover.com/applications/login-logout/images/ 49 KB
50 KB 121ms
21ms Image
image/jpeg 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_LRG_at.jpg

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Mon, 22 May 2023 06:47:41 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: public, must-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 50503
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK Site_marketing_SML_at.png
portal.discover.com/applications/login-logout/images/ 32 KB
32 KB 287ms
169ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/applications/login-logout/images/Site_marketing_SML_at.png

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Wed, 26 Jul 2023 18:16:35 GMT
Last-Modified: Mon, 22 May 2023 06:47:41 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 32504
X-XSS-Protection: 1; mode=block

GET
H2 404 libs.min.js
shimmerfire.in/global/libs/scripts/ 0
0 171ms
171ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/libs/scripts/libs.min.js?ver=83cb8e1c62

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 thirdparty.min.js
shimmerfire.in/global/public/scripts/ 0
0 172ms
172ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/thirdparty.min.js?rel=s3uak281l37

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 common.min.js
shimmerfire.in/global/public/scripts/ 0
0 176ms
175ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/common.min.js?ver=5g6cc66f4343

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 siteTag.js
shimmerfire.in/global/public/scripts/ 0
0 177ms
176ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/siteTag.js

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK freshchat-widget-links.js Show response
messaging.discover.com/js/ 310 B
826 B 21ms
20ms Script
application/javascript 23.67.128.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://messaging.discover.com/js/freshchat-widget-links.js

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.67.128.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-67-128-233.deploy.static.akamaitechnologies.com

Software

Resource Hash

4af0dc12ed07b47bbc7c6665b42363f738335aed74f2e7eea5ca0e1d02ca53e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Thu, 08 Jun 2023 19:46:51 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
X-Vcap-Request-Id: 6e6b445b-3d3e-4aed-5206-45c48183ad8e
Cache-Control: no-cache, no-store, must-revalidate
Server-Timing: intid;desc=e4515ccce80d3c6f
Accept-Ranges: bytes
Connection: keep-alive
X-Dfsresponse: p-ssb:mes:route2:617b36fc163bf2023a6f3304bab3b6c5
Content-Length: 200
Expires: Wed, 26 Jul 2023 18:16:34 GMT

GET
H2 404 login-logout.min.js
shimmerfire.in/applications/login-logout/scripts/ 0
0 178ms
177ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/applications/login-logout/scripts/login-logout.min.js?rel=69874266854

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 omu-at.min.js
shimmerfire.in/global/public/scripts/ 0
0 179ms
177ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/omu-at.min.js?ver=69847562a57

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 signal_tms.js
shimmerfire.in/global/public/scripts/ 0
0 180ms
178ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/signal_tms.js?v=2

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 404 cookie_logout.js
shimmerfire.in/global/public/scripts/ 0
0 183ms
182ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/global/public/scripts/cookie_logout.js?v=6

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
date: Wed, 26 Jul 2023 18:16:34 GMT
x-content-type-options: nosniff
server: Apache
content-length: 315
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1

GET
H2 200 sisclog.htm Show response
shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/ 36 KB
7 KB 184ms
183ms Script
text/html 200.69.23.141
A2HOSTING

General

Check archive.org

Show headers Download Go to

Full URL

https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

200.69.23.141 Puerto Madryn, Argentina, ASN55293 (A2HOSTING, US),

Reverse DNS

200.69.23.141.static.a2webhosting.com

Software

Apache /

Resource Hash

b0fb1b7024589c5ee977f8c1739e03fdc6e2f537cfda00870c996317afab3058

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 26 Jul 2023 18:16:34 GMT
last-modified: Wed, 26 Jul 2023 06:45:20 GMT
server: Apache
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/html
accept-ranges: bytes
content-length: 7029

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730

2 KB
2 KB

40ms
39ms

XHR
application/json

52.31.139.111
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Server

52.31.139.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-139-111.eu-west-1.compute.amazonaws.com

Software

Resource Hash

bd96fcf8cea409822753be7cefc108a51e2bf147009cb7164cca1dc241448ee4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-0d4b97179.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: HgrKjR9lSCU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://shimmerfire.in
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 908
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-074724e7d.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: NINZhae7RnA=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://shimmerfire.in
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0D6C4673527839230A490D45%40AdobeOrg&d_nsid=0&ts=1690395394730
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET login-logout.min.css
shimmerfire.in/portal.discover.com/applications/login-logout/css/ 0
0

GET
H/1.1 200
OK utility-icons.png
portal.discover.com/global/images/ 57 KB
58 KB 26ms
25ms Image
image/png 23.212.220.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://portal.discover.com/global/images/utility-icons.png

Requested by

Host: portal.discover.com
URL: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.212.220.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-212-220-180.deploy.static.akamaitechnologies.com

Software

Resource Hash

21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://portal.discover.com/global/public/css/common.min.css?rel=5837fg78rt
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains;preload
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options: nosniff
Date: Wed, 26 Jul 2023 18:16:34 GMT
Last-Modified: Tue, 29 Jun 2021 05:49:18 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 58699
X-XSS-Protection: 1; mode=block

GET MetaWebPro-Bold.woff
portal.discover.com/global/public/fonts/ 0
0

GET MetaWebPro-Normal.woff
portal.discover.com/global/public/fonts/ 0
0

GET
H/1.1 200
OK dest5.html Show response
discoverfinancialservices.demdex.net/ Frame 27E9 7 KB
3 KB 146ms
33ms Document
text/html 52.49.138.0

General

Check archive.org

Show headers Download Go to

Full URL

https://discoverfinancialservices.demdex.net/dest5.html?d_nsid=0

Requested by

Host: portal.discover.com
URL: https://portal.discover.com/global/scripts/visitorAPI.js?ver=9071d5d8ef

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.49.138.0 -, , ASN (),

Reverse DNS

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://shimmerfire.in/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v050-04d7ad54c.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: 6r4BL2efSkA=
content-encoding: gzip
date: Wed, 26 Jul 2023 18:16:35 GMT
last-modified: Wed, 28 Jun 2023 12:57:16 GMT
vary: accept-encoding

GET
H2 200 id Show response
smetrics.discover.com/ 48 B
458 B 98ms
21ms XHR
application/x-javascript 63.140.62.164

General

Check archive.org

Show headers Download Go to

Full URL

https://smetrics.discover.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=0D6C4673527839230A490D45%40AdobeOrg&mid=12521344321720205093025187656685956094&ts=1690395394976

Requested by

Host: portal.discover.com
URL: https://portal.discover.com/global/scripts/visitorAPI.js?ver=9071d5d8ef

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.164 -, , ASN (),

Reverse DNS

Software

jag /

Resource Hash

02ad7fc7160c31f38693e1294431ef0c11ccd93bca138fafaeb3781ec18af08d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://shimmerfire.in/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 26 Jul 2023 18:16:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
access-control-allow-origin: https://shimmerfire.in
p3p: CP="This is not a P3P policy"
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZMFjAwAAAM5DqgNx
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=21453186985558220082692706698935924571
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMFjAwAAAM5DqgNx

42 B
942 B

37ms
37ms

Image
image/gif

52.31.139.111
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMFjAwAAAM5DqgNx

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

HTTP/1.1

Server

52.31.139.111 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-139-111.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://shimmerfire.in/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-0a9eadf0a.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 2DxwdL9QRps=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZMFjAwAAAM5DqgNx
Date: Wed, 26 Jul 2023 18:16:35 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 27E9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_push%26google_sc%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push&google_sc&google_hm=Wk1GakF3QUFBTTVEcWdOeA==
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push=&google_sc=&google_hm=Wk1GakF3QUFBTTVEcWdOeA==&google_tc=

170 B
243 B

27ms
27ms

Image
image/png

142.250.185.66

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push=&google_sc=&google_hm=Wk1GakF3QUFBTTVEcWdOeA==&google_tc=

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Server

142.250.185.66 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverfinancialservices.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_push=&google_sc=&google_hm=Wk1GakF3QUFBTTVEcWdOeA==&google_tc=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 345
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 27E9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D7941%26nid%3D2243%26put%3D%24%7BUSER_ID%7D%26expires%3D90
https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZMFjAwAAAM5DqgNx&expires=90

0
239 B

43ms
8ms

Image
image/gif

69.173.144.138

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZMFjAwAAAM5DqgNx&expires=90
Requested by: Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
Protocol: HTTP/1.1
Server: 69.173.144.138 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverfinancialservices.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 54ae5f20a7acdd83fd00ddb00e96a2c1
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

x-served-by: cache-fra-eddf8230064-FRA
pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1690395395.323560,VS0,VE0
x-cache: HIT
location: https://pixel.rubiconproject.com/tap.php?v=7941&nid=2243&put=ZMFjAwAAAM5DqgNx&expires=90
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 27E9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx&C=1

43 B
766 B

7ms
7ms

Image
image/gif

185.80.39.216

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx&C=1
Requested by: Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75
Protocol: HTTP/1.1
Server: 185.80.39.216 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverfinancialservices.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 26 Jul 2023 18:16:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

Pragma: no-cache
Date: Wed, 26 Jul 2023 18:16:35 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=88&external_user_id=ZMFjAwAAAM5DqgNx&C=1
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

200

bounce
ib.adnxs.com/ Frame 27E9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/UH6TUt9n?redir=https%3A%2F%2Fib.adnxs.com%2Fsetuid%3Fentity%3D158%26code%3D%24%7BTM_USER_ID%7D
https://ib.adnxs.com/setuid?entity=158&code=ZMFjAwAAAM5DqgNx
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DZMFjAwAAAM5DqgNx

43 B
901 B

28ms
28ms

Image
image/gif

37.252.172.123

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DZMFjAwAAAM5DqgNx

Requested by

Host: shimmerfire.in
URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75

Protocol

Server

37.252.172.123 -, , ASN (),

Reverse DNS

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverfinancialservices.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
an-x-request-uuid: 4d573bfa-d14c-4bf7-a541-a7e291418179
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.141.152.75; 45.141.152.75; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
an-x-request-uuid: 1fc64bd9-2c10-4afe-af84-35d7907b8d57
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D158%26code%3DZMFjAwAAAM5DqgNx
cache-control: no-store, no-cache, private
x-proxy-origin: 45.141.152.75; 45.141.152.75; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 27E9
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/ny75r2x0?redir=https%3A%2F%2Fus-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D537148856%26val%3D%24%7BTM_USER_ID%7D
https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZMFjAwAAAM5DqgNx

43 B
264 B

59ms
17ms

Image
image/gif

35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZMFjAwAAAM5DqgNx
Protocol: H2
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://discoverfinancialservices.demdex.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

x-served-by: cache-fra-eddf8230064-FRA
pragma: no-cache
date: Wed, 26 Jul 2023 18:16:35 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1690395396.628421,VS0,VE0
x-cache: HIT
location: https://us-u.openx.net/w/1.0/sd?id=537148856&val=ZMFjAwAAAM5DqgNx
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: shimmerfire.in
URL: https://shimmerfire.in/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679

Domain: shimmerfire.in
URL: https://shimmerfire.in/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff

Domain: portal.discover.com
URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Discover (Financial)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-20 17:52:27	Name: demdex Value: 21453186985558220082692706698935924571
.shimmerfire.in/	1969-12-31 23:59:59	Name: AMCVS_0D6C4673527839230A490D45%40AdobeOrg Value: 1
.shimmerfire.in/	1970-01-20 23:09:15	Name: AMCV_0D6C4673527839230A490D45%40AdobeOrg Value: 1585540135%7CMCIDTS%7C19565%7CMCMID%7C12521344321720205093025187656685956094%7CMCAAMLH-1691000194%7C6%7CMCAAMB-1691000194%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1690402594s%7CNONE%7CvVersion%7C4.4.0

24 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to apply style from 'https://shimmerfire.in/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75#' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75#' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://shimmerfire.in/global/libs/scripts/libs.min.js?ver=83cb8e1c62 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/libs/scripts/libs.min.js?ver=83cb8e1c62' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://shimmerfire.in/global/public/scripts/thirdparty.min.js?rel=s3uak281l37 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to apply style from 'https://shimmerfire.in/portal.discover.com/applications/login-logout/css/login-logout.min.css?rel=5689ert5679' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/thirdparty.min.js?rel=s3uak281l37' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://shimmerfire.in/global/public/scripts/common.min.js?ver=5g6cc66f4343 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/common.min.js?ver=5g6cc66f4343' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
network	error	URL: https://shimmerfire.in/global/public/scripts/siteTag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://shimmerfire.in/applications/login-logout/scripts/login-logout.min.js?rel=69874266854 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://shimmerfire.in/global/public/scripts/omu-at.min.js?ver=69847562a57 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://shimmerfire.in/global/public/scripts/signal_tms.js?v=2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://shimmerfire.in/global/public/scripts/cookie_logout.js?v=6 Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/siteTag.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/applications/login-logout/scripts/login-logout.min.js?rel=69874266854' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/omu-at.min.js?ver=69847562a57' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/signal_tms.js?v=2' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Refused to execute script from 'https://shimmerfire.in/global/public/scripts/cookie_logout.js?v=6' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
javascript	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff' from origin 'https://shimmerfire.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Bold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://shimmerfire.in/.well-known/mynewdiscovercard/_+-=+/sisclog.htm?ip=45.141.152.75 Message: Access to font at 'https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff' from origin 'https://shimmerfire.in' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://portal.discover.com/global/public/fonts/MetaWebPro-Normal.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cm.everesttech.net
cm.g.doubleclick.net
discoverfinancialservices.demdex.net
dpm.demdex.net
dsum-sec.casalemedia.com
ib.adnxs.com
messaging.discover.com
pixel.rubiconproject.com
portal.discover.com
shimmerfire.in
smetrics.discover.com
sync-tm.everesttech.net
szabist.edu.pk
us-u.openx.net
portal.discover.com
shimmerfire.in
111.68.108.200
142.250.185.66
151.101.2.49
185.80.39.216
200.69.23.141
23.212.220.180
23.67.128.233
34.249.210.192
35.244.159.8
37.252.172.123
52.31.139.111
52.49.138.0
63.140.62.164
69.173.144.138
02ad7fc7160c31f38693e1294431ef0c11ccd93bca138fafaeb3781ec18af08d
0a1d0cc413f2522b27f1b4ec61179cc2c8d33eb76c510b544b82328099e0ab29
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
21c79af7cc321d8e83d669535265ef5df2201aad735b3f2a56c7c4267723b302
24e90171982a04e69f68974a75d19b0fc4c8ae482dfa5dc73f6cceb69b9206b1
2c368b494568114802e37bb3940d7f2763cb4a5e1424403460cb3710442d6125
2db69f6449c7af1fea4eb4e443260844c42a6f246e9f85e9ac42884488bb78c4
4af0dc12ed07b47bbc7c6665b42363f738335aed74f2e7eea5ca0e1d02ca53e7
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5c8f3ce009f92493422008d08f3cd96139e05ee6d36b43a4cd1df9f7d593d0ee
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7cf5c6cb2fe80643a79bc224ebac820a3fed07e1fab03673678aa51f56c05288
90ff61e1180bef924c563843bba2edc5f5e726c8f7495e896d99765aadb72d74
9407c28cd67bb26799629f4dd6c069ca85cda2c40d3c37145f916b155dafa137
b0fb1b7024589c5ee977f8c1739e03fdc6e2f537cfda00870c996317afab3058
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bd96fcf8cea409822753be7cefc108a51e2bf147009cb7164cca1dc241448ee4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

shimmerfire.in Open in urlscan Pro 200.69.23.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

34 Requests

68 %HTTPS

0 %IPv6

10 Domains

14 Subdomains

13 IPs

4 Countries

273 kBTransfer

672 kBSize

3 Cookies

2 Outgoing links

Page URL History

Redirected requests

34 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

shimmerfire.in Open in urlscan Pro
200.69.23.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

34
Requests

68 %
HTTPS

0 %
IPv6

10
Domains

14
Subdomains

13
IPs

4
Countries

273 kB
Transfer

672 kB
Size

3
Cookies

34 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!