mooney-pagamento-online-d4a222.ingress-daribow.ewp.live Open in urlscan Pro
63.250.43.14 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
Submission: On August 18 via api (August 18th 2023, 11:50:24 pm UTC) from JP — Scanned from JP

Summary HTTP 30 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 10 IPs in 3 countries across 8 domains to perform 30 HTTP transactions. The main IP is 63.250.43.14, located in United States and belongs to NAMECHEAP-NET, US. The main domain is mooney-pagamento-online-d4a222.ingress-daribow.ewp.live.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on May 9th 2023. Valid for: a year.

This is the only time mooney-pagamento-online-d4a222.ingress-daribow.ewp.live was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Mooney (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	63.250.43.14 63.250.43.14	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2404:6800:400... 2404:6800:4004:825::200a	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:827::200a	15169 (GOOGLE) (GOOGLE)
2	2600:140b:2::... 2600:140b:2::1703:68d6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2404:6800:400... 2404:6800:4004:81e::2004	15169 (GOOGLE) (GOOGLE)
1	2600:9000:26a... 2600:9000:26a7:d600:13:e04a:1c0:93a1	() ()
4	2404:6800:400... 2404:6800:4004:823::2003	15169 (GOOGLE) (GOOGLE)
1 2	142.250.199.102 142.250.199.102	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:824::2002	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4004:823::2002	15169 (GOOGLE) (GOOGLE)
30	10

16 63.250.43.14 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: ingress-daribow.ewp.live

mooney-pagamento-online-d4a222.ingress-daribow.ewp.live	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:825::200a (Australia)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:827::200a (Australia)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:140b:2::1703:68d6 (Tokyo, Japan)

ASN20940 (AKAMAI-ASN1, NL)

www.mooney.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2404:6800:4004:81e::2004 (Australia)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:26a7:d600:13:e04a:1c0:93a1 (United States)

ASN- ()

vf.r3f.technology	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2404:6800:4004:823::2003 (Australia)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.199.102 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: nrt13s52-in-f6.1e100.net

9965807.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:824::2002 (Australia)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4004:823::2002 (Australia)

ASN15169 (GOOGLE, US)

adservice.google.co.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	ewp.live mooney-pagamento-online-d4a222.ingress-daribow.ewp.live	222 KB
4	gstatic.com www.gstatic.com
3	google.com www.google.com — Cisco Umbrella Rank: 3 adservice.google.com — Cisco Umbrella Rank: 126	59 KB
2	doubleclick.net 1 redirects 9965807.fls.doubleclick.net — Cisco Umbrella Rank: 214265	1 KB
2	mooney.it www.mooney.it
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 73 ajax.googleapis.com — Cisco Umbrella Rank: 424	35 KB
1	google.co.jp adservice.google.co.jp — Cisco Umbrella Rank: 101271	515 B
1	r3f.technology vf.r3f.technology — Cisco Umbrella Rank: 200162	1 KB
30	8

	Domain	Requested by
16	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
4	www.gstatic.com	www.google.com
2	9965807.fls.doubleclick.net	1 redirects vf.r3f.technology
2	www.google.com	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
2	www.mooney.it	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
1	adservice.google.co.jp	adservice.google.com
1	adservice.google.com	9965807.fls.doubleclick.net
1	vf.r3f.technology	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
1	ajax.googleapis.com	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
1	fonts.googleapis.com	mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
30	10

This site contains links to these domains. Also see Links.

Domain
policies.google.com

Subject Issuer	Validity	Valid
*.ingress-daribow.ewp.live Sectigo RSA Domain Validation Secure Server CA	`2023-05-09` - `2024-05-25`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.mooney.it DigiCert TLS RSA SHA256 2020 CA1	`2022-10-11` - `2023-10-11`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.r3f.technology Amazon RSA 2048 M01	`2023-02-27` - `2024-03-26`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh
*.google.co.jp GTS CA 1C3	`2023-07-31` - `2023-10-23`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
Frame ID: 07254E8BA83901DC9FD96D158AF2B612
Requests: 20 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cHM6Ly93d3cubW9vbmV5Lml0OjQ0Mw..&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=mhwrr3rrs1si
Frame ID: E7C967FABAAC361053C2A28B9F44D94D
Requests: 3 HTTP requests in this frame

Frame: https://vf.r3f.technology/vf/sync/tags/360?_rnd=0.5197239169524861
Frame ID: 8FE48F062C5FAEF069E32C919C21C218
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cDovL2xvY2FsaG9zdDo4MA..&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=zbe9rmk541p7
Frame ID: DA2DDD2D9A89E9EF8FEE4442CB1D1437
Requests: 3 HTTP requests in this frame

Frame: https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33
Frame ID: 63146CD590FED469AFF86378926790B9
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33;~oref=https://vf.r3f.technology/
Frame ID: CC56AFA764CA8088B01AC8DE7C744B49
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.co.jp/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33;~oref=https://vf.r3f.technology/
Frame ID: 4AEFEFE37CAD060DCF65F8FA97CE1F17
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mooney: pagamenti digitali, carte prepagate e ricariche

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

30
Requests

100 %
HTTPS

80 %
IPv6

8
Domains

10
Subdomains

10
IPs

3
Countries

319 kB
Transfer

1561 kB
Size

1
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Norme sulla Privacy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Termini di Servizio

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://9965807.fls.doubleclick.net/activityi;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33 HTTP 302
https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33

30 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request 9zAMrB.php Show response
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/ 1 MB
103 KB 567ms
236ms Document
text/html 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

239b1bc94c5de0b82da790b2a3d1253013e86cf680a0f72e02ddbb2ade51ea71

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

accept-ranges: bytes
age: 24915
cache-control: no-store, no-cache, must-revalidate, public
content-encoding: gzip
content-length: 104875
content-type: text/html; charset=UTF-8
date: Fri, 18 Aug 2023 16:55:04 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: nginx
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-cache: HIT
x-cacheable: YES
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 css
fonts.googleapis.com/ 5 KB
1016 B 81ms
38ms Stylesheet
text/css 2404:6800:4004:825::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:400,700,800&display=swap;

Requested by

Host: mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:825::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a2e69d5666036e3fa8f7d107b87b98fb5c4326aaaa2a25b4593a989a7ae6638f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 18 Aug 2023 23:50:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 18 Aug 2023 23:50:19 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 18 Aug 2023 23:50:19 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 43ms
2ms Script
text/javascript 2404:6800:4004:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:827::200a , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 05:39:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 65446
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 17 Aug 2024 05:39:33 GMT

GET
H2 200 hexor.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 33 B
529 B 230ms
229ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/hexor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

ce0968d0fecf61ac2551b6e087ec05261fe0aec65be177f6cdecfd988e981917

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 33
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: "64c6c3e4-21"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: text/css
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 main.5c7391ec.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 99 KB
15 KB 232ms
231ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/main.5c7391ec.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

607615b1d60667cc05fbe9d166c5dcbe7a17aa5623e0e6d91a7fb889a8c0a645

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 14893
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-18cae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6997.5ced27b7.chunk.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 9 KB
2 KB 232ms
231ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/6997.5ced27b7.chunk.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

d8d2bfec518f0151c52b4960d218c899ce73cf5362914e456acfb35bbf183aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 1903
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-22bb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6605.d44505ed.chunk.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 2 KB
977 B 233ms
232ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/6605.d44505ed.chunk.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

adc1e14040795364708e14493e84f13ae66cd548787c74d76598a0337e5701e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 454
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-9db"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6652.e40499ab.chunk.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 5 KB
2 KB 233ms
232ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/6652.e40499ab.chunk.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

af39e03d49f710d2214307b099bb009dd0f02ff0903b323bcc745a33c9b97320

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 1091
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-1310"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7920.7311176f.chunk.css
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/ 1 KB
1022 B 234ms
233ms Stylesheet
text/css 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/7920.7311176f.chunk.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

e228f2c86a7fc67be196d6f2267552d6323879cfae14fd089488accacbb4aadf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 499
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-4fb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 7d4b4983
www.mooney.it/akam/13/ 0
0 655ms
11ms Script
text/html 2600:140b:2::1703:68d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.mooney.it/akam/13/7d4b4983
Requested by: Host: mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:140b:2::1703:68d6 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:50:20 GMT
access-control-max-age: 86400
content-type: text/html
access-control-allow-origin: *
access-control-expose-headers: Server,range,hdntl,hdnts,Akamai-Mon-Iucid-Ing,Akamai-Mon-Iucid-Del, Access-Control-Expose-Headers
access-control-allow-credentials: true
access-control-allow-headers: origin,range,hdntl,hdnts,accept,authorization,content-type,x-requested-with,X-EB-Username,X-EB-Password,X-EB-Auth-Token,X-EB-Accept-Language,X-EB-MarketId,X-EB-PlatformId,X-EB-SecurityId,X-EB-Resultcount
content-length: 9

GET
H2 200 logo-mooney.1330f350147445f5103b36dac80a6726.svg
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/ 5 KB
3 KB 233ms
232ms Image
image/svg+xml 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/logo-mooney.1330f350147445f5103b36dac80a6726.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 2085
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-126f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 loading.gif
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/ 78 KB
79 KB 235ms
234ms Image
image/gif 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/loading.gif

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

0152d582aea6fa64bb59344afa3c201c7ce6f9b35e7cec344c563372c96920df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
strict-transport-security: max-age=15768000
x-content-type-options: nosniff
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 80293
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: "64c6c3e4-139a5"
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
content-type: image/gif
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 chatbot.svg
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/ 5 KB
2 KB 235ms
234ms Image
image/svg+xml 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/chatbot.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

5069db4b51cf82b9e55291450042af9d92b07c38d7f1916fb72e6d9af4a5d776

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 1940
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-1485"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scrollButton.372d5008fb0996706305047d7e23d56d.svg
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/ 1012 B
896 B 347ms
346ms Image
image/svg+xml 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/scrollButton.372d5008fb0996706305047d7e23d56d.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

2acfd81b5ab163772c03cd0373fc0d27b575fea95a2b822ff6daef341cec5627

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 368
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-3f4"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 404 l1fcgMB
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/4Yi8jKIzxAPQ/5D/skjFK6tPQF/maXaJr2w3m3u/IllgMkk7BQ/YCQNR/ 0
0 347ms
346ms Script
text/html 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/4Yi8jKIzxAPQ/5D/skjFK6tPQF/maXaJr2w3m3u/IllgMkk7BQ/YCQNR/l1fcgMB

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:50:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
link: <https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-json/>; rel="https://api.w.org/"
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 403 Icona_bandagialla_6b15670097.png
www.mooney.it/cms/uploads/ 0
0 425ms
11ms Image
text/html 2600:140b:2::1703:68d6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.mooney.it/cms/uploads/Icona_bandagialla_6b15670097.png
Requested by: Host: mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:140b:2::1703:68d6 Tokyo, Japan, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 404 Gotham-Book_Web.7fa96aa06775160ee646.woff2
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/ 0
0 120ms
119ms Font
text/html 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Book_Web.7fa96aa06775160ee646.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/main.5c7391ec.css
Origin: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:50:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html

GET
H2 404 Gotham-Medium_Web.1ddab6f832b5d19ddd8f.woff2
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/ 0
0 120ms
120ms Font
text/html 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Medium_Web.1ddab6f832b5d19ddd8f.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/main.5c7391ec.css
Origin: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:50:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html
content-length: 167

GET
H2 404 Gotham-Bold_Web.d23d96aefe768329255e.woff2
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/ 0
0 120ms
120ms Font
text/html 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Bold_Web.d23d96aefe768329255e.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/css/main.5c7391ec.css
Origin: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
accept-language: jp-JP,jp;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 23:50:20 GMT
content-encoding: gzip
strict-transport-security: max-age=15768000
server: nginx
age: 0
vary: Accept-Encoding
x-cache: MISS
content-type: text/html

GET
H2 200 bg.svg
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/ 41 KB
13 KB 119ms
119ms Image
image/svg+xml 63.250.43.14
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/online/static/media/bg.svg

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.250.43.14 , United States, ASN22612 (NAMECHEAP-NET, US),

Reverse DNS

ingress-daribow.ewp.live

Software

nginx /

Resource Hash

4fcc513b06e45151361a8cb33ebb25190e0e9b856baff5695e990ca7ef0c4068

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date: Fri, 18 Aug 2023 12:56:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15768000
x-cacheable: YES
age: 39250
x-cache: HIT
content-length: 12974
x-xss-protection: 1; mode=block
last-modified: Sun, 30 Jul 2023 20:11:16 GMT
server: nginx
etag: W/"64c6c3e4-a5b1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT
cache-control: max-age=315360000
access-control-allow-credentials: true
accept-ranges: bytes
access-control-allow-headers: User-Agent,Keep-Alive,Content-Type
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame E7C9 54 KB
31 KB 94ms
56ms Document
text/html 2404:6800:4004:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cHM6Ly93d3cubW9vbmV5Lml0OjQ0Mw..&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=mhwrr3rrs1si

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:81e::2004 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

253929f82cebc55fbcabc01ae8728d700f6650c2dc8cf892418fa8ad097913bf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-lPDy1C_Tfvv8_h9ALfhklA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 30595
content-security-policy: script-src 'report-sample' 'nonce-lPDy1C_Tfvv8_h9ALfhklA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 360 Show response
vf.r3f.technology/vf/sync/tags/ Frame 8FE4 2 KB
1 KB 725ms
420ms Document
text/html 2600:9000:26a7:d600:13:e04a:1c0:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://vf.r3f.technology/vf/sync/tags/360?_rnd=0.5197239169524861
Requested by: Host: mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/wp-content/mooneyitV3/xls/div/zd/espace/9zAMrB.php?verification
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26a7:d600:13:e04a:1c0:93a1 , United States, ASN (),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: f11ca59ba317f35acc5ab591c1e23c2ea36b88108ebbe42a50111e39b69ae74a

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

access-control-allow-headers: Authorization,Content-Type
cache-control: private
content-encoding: gzip
content-type: text/html
date: Fri, 18 Aug 2023 23:50:20 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
via: 1.1 625de2f1411217f73790fcae4370e2ac.cloudfront.net (CloudFront)
x-amz-cf-id: Fvne4T3HMIC9Qdrp046oVnfRASQljRdIS6lWQZERy4kZKxgoBxdxUA==
x-amz-cf-pop: NRT20-P2
x-aspnet-version: 4.0.30319
x-cache: Miss from cloudfront
x-powered-by: ASP.NET

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame DA2D 51 KB
28 KB 65ms
57ms Document
text/html 2404:6800:4004:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cDovL2xvY2FsaG9zdDo4MA..&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=zbe9rmk541p7

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:81e::2004 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

fa4bcb0a3beae8f60d5515c440f3d1ae870636ab37f3d55611431d4b65db7cba

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iZzc2G1bJJ1ucgxPOO0y4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 28587
content-security-policy: script-src 'report-sample' 'nonce-iZzc2G1bJJ1ucgxPOO0y4A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame DA2D 0
0 319ms
275ms Stylesheet
text/html 2404:6800:4004:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cDovL2xvY2FsaG9zdDo4MA..&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=zbe9rmk541p7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/ Frame DA2D 0
0 559ms
516ms Script
text/html 2404:6800:4004:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cDovL2xvY2FsaG9zdDo4MA..&hl=en&v=vpEprwpCoBMgy-fvZET0Mz6L&size=invisible&cb=zbe9rmk541p7
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 404 styles__ltr.css
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame E7C9 0
0 200ms
157ms Stylesheet
text/html 2404:6800:4004:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cHM6Ly93d3cubW9vbmV5Lml0OjQ0Mw..&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=mhwrr3rrs1si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2 404 recaptcha__en.js
www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/ Frame E7C9 0
0 869ms
826ms Script
text/html 2404:6800:4004:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js
Requested by: Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcaMfIcAAAAAIlRBtF27zhGV1ETLRrsE-jfWUoA&co=aHR0cHM6Ly93d3cubW9vbmV5Lml0OjQ0Mw..&hl=en&v=Trd6gj1dhC_fx0ma_AWHc1me&size=invisible&cb=mhwrr3rrs1si
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4004:823::2003 , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

accept-language: jp-JP,jp;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

GET
H2

200

activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D... Show response
9965807.fls.doubleclick.net/ Frame 6314
Redirect Chain

https://9965807.fls.doubleclick.net/activityi;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%...
https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;...

555 B
475 B

45ms
45ms

Document
text/html

142.250.199.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33?

Requested by

Host: vf.r3f.technology
URL: https://vf.r3f.technology/vf/sync/tags/360?_rnd=0.5197239169524861

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.199.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

nrt13s52-in-f6.1e100.net

Software

cafe /

Resource Hash

d854a0a5384bd7995b04af802eb2f613871e99f157cab66dfde70ef3efe33461

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://vf.r3f.technology/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 300
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%... Frame CC56 557 B
676 B 124ms
46ms Document
text/html 2404:6800:4004:824::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33;~oref=https://vf.r3f.technology/

Requested by

Host: 9965807.fls.doubleclick.net
URL: https://9965807.fls.doubleclick.net/activityi;dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:824::2002 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

814cc9f3d2113f7f522bc2e2603b8807093e2332d0db5cc090b599b332993964

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://9965807.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 302
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:21 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
adservice.google.co.jp/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=... Frame 4AEF 194 B
515 B 93ms
44ms Document
text/html 2404:6800:4004:823::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.co.jp/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33;~oref=https://vf.r3f.technology/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CJzNsYiz54ADFZSJ6QUduyULqQ;src=9965807;type=invmedia;cat=moone00;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=698484402853.33;~oref=https://vf.r3f.technology/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4004:823::2002 , Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language: jp-JP,jp;q=0.9

Response headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 85
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 18 Aug 2023 23:50:21 GMT
expires: Fri, 18 Aug 2023 23:50:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Mooney (Banking)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.doubleclick.net/	1970-01-20 14:06:43	Name: test_cookie Value: CheckForPermission

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/4Yi8jKIzxAPQ/5D/skjFK6tPQF/maXaJr2w3m3u/IllgMkk7BQ/YCQNR/l1fcgMB Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Book_Web.7fa96aa06775160ee646.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Medium_Web.1ddab6f832b5d19ddd8f.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://mooney-pagamento-online-d4a222.ingress-daribow.ewp.live/online/static/media/Gotham-Bold_Web.d23d96aefe768329255e.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.mooney.it/akam/13/7d4b4983 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.mooney.it/cms/uploads/Icona_bandagialla_6b15670097.png Message: Failed to load resource: the server responded with a status of 403 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/styles__ltr.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/vpEprwpCoBMgy-fvZET0Mz6L/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.gstatic.com/recaptcha/releases/Trd6gj1dhC_fx0ma_AWHc1me/recaptcha__en.js Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9965807.fls.doubleclick.net
adservice.google.co.jp
adservice.google.com
ajax.googleapis.com
fonts.googleapis.com
mooney-pagamento-online-d4a222.ingress-daribow.ewp.live
vf.r3f.technology
www.google.com
www.gstatic.com
www.mooney.it
142.250.199.102
2404:6800:4004:81e::2004
2404:6800:4004:823::2002
2404:6800:4004:823::2003
2404:6800:4004:824::2002
2404:6800:4004:825::200a
2404:6800:4004:827::200a
2600:140b:2::1703:68d6
2600:9000:26a7:d600:13:e04a:1c0:93a1
63.250.43.14
0152d582aea6fa64bb59344afa3c201c7ce6f9b35e7cec344c563372c96920df
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
239b1bc94c5de0b82da790b2a3d1253013e86cf680a0f72e02ddbb2ade51ea71
253929f82cebc55fbcabc01ae8728d700f6650c2dc8cf892418fa8ad097913bf
2acfd81b5ab163772c03cd0373fc0d27b575fea95a2b822ff6daef341cec5627
49616c860ff4ad5bed99b66a2b1295e7ef5213d5d5cf76ad2560d2f1daa06635
4fcc513b06e45151361a8cb33ebb25190e0e9b856baff5695e990ca7ef0c4068
5069db4b51cf82b9e55291450042af9d92b07c38d7f1916fb72e6d9af4a5d776
607615b1d60667cc05fbe9d166c5dcbe7a17aa5623e0e6d91a7fb889a8c0a645
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
814cc9f3d2113f7f522bc2e2603b8807093e2332d0db5cc090b599b332993964
a2e69d5666036e3fa8f7d107b87b98fb5c4326aaaa2a25b4593a989a7ae6638f
adc1e14040795364708e14493e84f13ae66cd548787c74d76598a0337e5701e8
af39e03d49f710d2214307b099bb009dd0f02ff0903b323bcc745a33c9b97320
ce0968d0fecf61ac2551b6e087ec05261fe0aec65be177f6cdecfd988e981917
d854a0a5384bd7995b04af802eb2f613871e99f157cab66dfde70ef3efe33461
d8d2bfec518f0151c52b4960d218c899ce73cf5362914e456acfb35bbf183aa4
e228f2c86a7fc67be196d6f2267552d6323879cfae14fd089488accacbb4aadf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f11ca59ba317f35acc5ab591c1e23c2ea36b88108ebbe42a50111e39b69ae74a
fa4bcb0a3beae8f60d5515c440f3d1ae870636ab37f3d55611431d4b65db7cba

mooney-pagamento-online-d4a222.ingress-daribow.ewp.live Open in urlscan Pro 63.250.43.14 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

30 Requests

100 %HTTPS

80 %IPv6

8 Domains

10 Subdomains

10 IPs

3 Countries

319 kBTransfer

1561 kBSize

1 Cookies

2 Outgoing links

Redirected requests

30 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

mooney-pagamento-online-d4a222.ingress-daribow.ewp.live Open in urlscan Pro
63.250.43.14 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

30
Requests

100 %
HTTPS

80 %
IPv6

8
Domains

10
Subdomains

10
IPs

3
Countries

319 kB
Transfer

1561 kB
Size

1
Cookies

30 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!