urlscan.io logo urlscan.io
SecurityTrails logo

nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro Open in urlscan Pro
86.35.1.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://yandex.com/collections/api/links/redirect?url=http://www.periferiastore.com/home/.quarantine/redi.htm
Effective URL: https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=l...
Submission: On April 24 via manual from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 4 countries across 4 domains to perform 2 HTTP transactions. The main IP is 86.35.1.13, located in Bucharest, Romania and belongs to RTD Bucharest, Romania, RO. The main domain is nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 11th 2020. Valid for: 3 months.
This is the only time nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2a02:6b8:a::a 13238 (YANDEX)
1 89.46.104.35 31034 (ARUBA-ASN)
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 86.35.1.13 9050 (RTD Bucha...)
2 2
Apex Domain
Subdomains		 Transfer
1 ilcavo.ro
nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro
390 B
1 tr.im
tr.im
705 B
1 periferiastore.com
www.periferiastore.com
497 B
1 yandex.com
yandex.com
332 B
2 4
Domain Requested by
1 nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro
1 tr.im 1 redirects
1 www.periferiastore.com
1 yandex.com 1 redirects
2 4

This site contains no links.

Subject Issuer Validity Valid
nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro
cPanel, Inc. Certification Authority		 2020-04-11 -
2020-07-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=link_click
Frame ID: 52DF8FC3CAA68191EE3F11B43CEB65EA
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://yandex.com/collections/api/links/redirect?url=http://www.periferiastore.com/home/.quara... HTTP 307
    http://www.periferiastore.com/home/.quarantine/redi.htm Page URL
  2. https://tr.im/nexi HTTP 302
    https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%... Page URL

Page Statistics

2
Requests

50 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

2
IPs

4
Countries

1 kB
Transfer

0 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://yandex.com/collections/api/links/redirect?url=http://www.periferiastore.com/home/.quarantine/redi.htm HTTP 307
    http://www.periferiastore.com/home/.quarantine/redi.htm Page URL
  2. https://tr.im/nexi HTTP 302
    https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=link_click Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://yandex.com/collections/api/links/redirect?url=http://www.periferiastore.com/home/.quarantine/redi.htm HTTP 307
  • http://www.periferiastore.com/home/.quarantine/redi.htm

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redi.htm
www.periferiastore.com/home/.quarantine/
Redirect Chain
  • https://yandex.com/collections/api/links/redirect?url=http://www.periferiastore.com/home/.quarantine/redi.htm
  • http://www.periferiastore.com/home/.quarantine/redi.htm
217 B
497 B 		Document
General
Check archive.org
Download Go to
Full URL
http://www.periferiastore.com/home/.quarantine/redi.htm
Protocol
HTTP/1.1
Server
89.46.104.35 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
webx1025.aruba.it
Software
aruba-proxy /
Resource Hash
66c5a3e0c34d9527a1892a9e539c20eebbbed55c3c310bf5c3b346e215514680

Request headers

Host
www.periferiastore.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
aruba-proxy
Date
Fri, 24 Apr 2020 06:48:33 GMT
Content-Type
text/html
Content-Length
217
Connection
keep-alive
Last-Modified
Wed, 22 Apr 2020 17:28:05 GMT
ETag
"d9-5a3e474713340"
Accept-Ranges
bytes
X-ServerName
ipvsproxy14.ad.aruba.it

Redirect headers

status
307
location
http://www.periferiastore.com/home/.quarantine/redi.htm
x-content-type-options
nosniff
set-cookie
i=HM4ZhivHTJ41myXPwvExVkSiwz3GOewmmXuzrHo1uhPcxz9nBOX1/FkQt01j0F0Ihg5sT8lCKktwtMCMrLRNxC3C3G4=; Expires=Mon, 22-Apr-2030 06:48:33 GMT; Domain=.yandex.com; Path=/; Secure; HttpOnly
pragma
no-cache
x-csrftoken
9ee10d321a0596dd1867b23418ce5c951e32fd34:1587710913
expires
-1
cache-control
no-cache
content-type
application/json; charset=UTF-8
Primary Request /
nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/
Redirect Chain
  • https://tr.im/nexi
  • https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=link_click
148 B
390 B 		Document
General
Check archive.org
Download Go to
Full URL
https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=link_click
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
86.35.1.13 Bucharest, Romania, ASN9050 (RTD Bucharest, Romania, RO),
Reverse DNS
cpanel3.romtelecom.net
Software
Apache /
Resource Hash
6b64776bb504c6c2ed233b014ff9006ddf73c253a859952cd914b59698c36548

Request headers

Host
nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
http://www.periferiastore.com/home/.quarantine/redi.htm
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://www.periferiastore.com/home/.quarantine/redi.htm

Response headers

Date
Fri, 24 Apr 2020 06:48:37 GMT
Server
Apache
Content-Encoding
gzip
Vary
Accept-Encoding
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

status
302
date
Fri, 24 Apr 2020 06:48:36 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfddb59c3e2e4d5a43c46b6f976601c061587710915; expires=Sun, 24-May-20 06:48:35 GMT; path=/; domain=.tr.im; HttpOnly; SameSite=Lax __cf_bm=b8bd966209341a04955c6de328c961c77c1c6997-1587710916-1800-AaL9AmJ0Tnl8j78qVYgpARvcOMw5kUbme0BJ4SXgS9MouvTNRNr1QojJevHE45SjqVsEyaMPO+chTNHReU3/DdE=; path=/; expires=Fri, 24-Apr-20 07:18:36 GMT; domain=.tr.im; HttpOnly; Secure; SameSite=None
x-powered-by
PHP/5.6.28-1+deb.sury.org~xenial+1
cache-control
no-cache
location
https://nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro/Nexi/?utm_source=tr.im&utm_medium=www.periferiastore.com&utm_campaign=tr.im%2Fnexi&utm_content=link_click
strict-transport-security
max-age=15724800; includeSubDomains
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
588de1282965c2e5-FRA
cf-request-id
024c8b0d140000c2e5e40f1200000001

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nexi-centro-di-rilevamento-delle-frodi.ilcavo.ro
tr.im
www.periferiastore.com
yandex.com
2606:4700:3036::681b:a3f8
2a02:6b8:a::a
86.35.1.13
89.46.104.35
66c5a3e0c34d9527a1892a9e539c20eebbbed55c3c310bf5c3b346e215514680
6b64776bb504c6c2ed233b014ff9006ddf73c253a859952cd914b59698c36548