portal.merchantsservicescenter.com Open in urlscan Pro
104.21.38.40 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://track.adform.net/adfserve/?bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68...
Effective URL:
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58...
Submission: On December 25 via manual (December 25th 2023, 7:26:45 am UTC) from US — Scanned from DK

Summary HTTP 21 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 21 HTTP transactions. The main IP is 104.21.38.40, located in and belongs to CLOUDFLARENET, US. The main domain is portal.merchantsservicescenter.com.
TLS certificate: Issued by E1 on November 11th 2023. Valid for: 3 months.

This is the only time portal.merchantsservicescenter.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Intuit (Financial)

Domain & IP information

	IP Address	AS Autonomous System
2 2	37.157.5.84 37.157.5.84	198622 (ADFORM) (ADFORM)
2 8	104.21.38.40 104.21.38.40	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.16.86.20 104.16.86.20	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
1	104.19.166.65 104.19.166.65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2a00:1450:400... 2a00:1450:4001:827::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
21	8

2 37.157.5.84 (Denmark) 2 redirects

ASN198622 (ADFORM, DK)

track.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.21.38.40 (None, ) 2 redirects

ASN13335 (CLOUDFLARENET, US)

portal.merchantsservicescenter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.86.20 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.166.65 (None, )

ASN13335 (CLOUDFLARENET, US)

res.cloudinary.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:827::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	merchantsservicescenter.com 2 redirects portal.merchantsservicescenter.com	9 KB
7	gstatic.com www.gstatic.com fonts.gstatic.com	672 KB
5	google.com www.google.com — Cisco Umbrella Rank: 2	36 KB
2	adform.net 2 redirects track.adform.net — Cisco Umbrella Rank: 4289	1 KB
1	cloudinary.com res.cloudinary.com — Cisco Umbrella Rank: 2314	1 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	874 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 313	29 KB
21	7

	Domain	Requested by
8	portal.merchantsservicescenter.com	2 redirects portal.merchantsservicescenter.com
6	www.gstatic.com	www.google.com www.gstatic.com
5	www.google.com	portal.merchantsservicescenter.com www.gstatic.com www.google.com
2	track.adform.net	2 redirects
1	fonts.gstatic.com	www.google.com
1	res.cloudinary.com	portal.merchantsservicescenter.com
1	fonts.googleapis.com	portal.merchantsservicescenter.com
1	cdn.jsdelivr.net	portal.merchantsservicescenter.com
21	8

This site contains links to these domains. Also see Links.

Domain
www.intuit.com
security.intuit.com

Subject Issuer	Validity	Valid
merchantsservicescenter.com E1	`2023-11-11` - `2024-02-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cloudinary.com Go Daddy Secure Certificate Authority - G2	`2023-12-14` - `2024-06-22`	6 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Frame ID: 343372BEBEDD5A67315C95DFE7FED44C
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7&co=aHR0cHM6Ly9wb3J0YWwubWVyY2hhbnRzc2VydmljZXNjZW50ZXIuY29tOjQ0Mw..&hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=8ne8js8ol072
Frame ID: DF557BC121A625F5F0D309967C6876BC
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7
Frame ID: 65239B857F1AA70DA1C7D33292873E3A
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

reCAPTCHA | QBO

Page URL History Show full URLs

https://track.adform.net/adfserve/?bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/... HTTP 302
https://track.adform.net/adfserve/?CC=1&bn=12345;redirurl=https://portal.merchantsservicescenter.com/... HTTP 302
https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b HTTP 301
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/?uid=e68b7802cef8318477b861b9cbd8149b HTTP 302
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7D... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

<div[^>]+class="g-recaptcha"
/recaptcha/api\.js

Page Statistics

21
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

748 kB
Transfer

1933 kB
Size

3
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.intuit.com/legal/
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.intuit.com/privacy/statement/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://security.intuit.com/
Title: Security

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://track.adform.net/adfserve/?bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b HTTP 302
https://track.adform.net/adfserve/?CC=1&bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b HTTP 302
https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b HTTP 301
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/?uid=e68b7802cef8318477b861b9cbd8149b HTTP 302
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request recaptcha.php Show response
portal.merchantsservicescenter.com/mscs/accMgmt/init/
Redirect Chain

https://track.adform.net/adfserve/?bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b
https://track.adform.net/adfserve/?CC=1&bn=12345;redirurl=https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b
https://portal.merchantsservicescenter.com/mscs/accMgmt/init?uid=e68b7802cef8318477b861b9cbd8149b
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/?uid=e68b7802cef8318477b861b9cbd8149b
https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95A...

16 KB
4 KB

84ms
83ms

Document
text/html

104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e5fbf76f6ce776461e3c3d0ff90024cd23ece435d78d1e05a5119a78aa5d0b82

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

cf-cache-status: DYNAMIC
cf-ray: 83af5b6e0e8c6524-LHR
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 25 Dec 2023 07:26:40 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=79lEJXI4UOJaaJp%2BpuFCC2PLK3qHw3PLGipOLTAeRAHBt%2FgHqUhQl%2FO0KIg10Hod9S2C8YHRgUc%2FyO2rSC3Ektukcsn0Si6gTHgJsKm9KxbqJukToPW5Y5R68%2FWMxhrx4vXejv5Z2aishlZ1c4%2BDQV55xvmk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 83af5b6c9da06524-LHR
content-type: text/html; charset=UTF-8
date: Mon, 25 Dec 2023 07:26:40 GMT
location: recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dWcrYA7b%2B%2B2Hf1tdvNZxEz9ZGN0gXolnO%2BuLLHRjpr%2FZxbdv05ySNOooVuUA37VxhtBKugx7Y00fiOq7WMA6m7FommCbLVPImDSaC1M%2FAZmUJO6Msuc5s3uITpJxRRYFWLIKuvY9wqT%2BY%2Bewvh%2BCXSJ%2FN%2FA"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/ 190 KB
29 KB 433ms
52ms Stylesheet
text/css 104.16.86.20
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css

Requested by

Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.86.20 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://portal.merchantsservicescenter.com/
Origin: https://portal.merchantsservicescenter.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2772437
x-jsd-version: 5.2.3
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230122-FRA, cache-bma1621-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"2f955-d5HdHzFzoNYsw5wh0q1x/I2tDnI"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uId%2F0veCtR%2BKyeZzwtukM6AqG9XeH1B7fpSN3d%2BUyK5UyytUrdblc0e1P2bP2OeegX4sWAMu0dn3ifmjhEITutgeZh1GOkzLMApoC00fvg1h0ALaueh8zLHn8Ow3GmhpgI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 83af5b70e84d737b-CPH

GET
H2 200 css2
fonts.googleapis.com/ 696 B
874 B 446ms
65ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz,wght,FILL,GRAD@48,400,0,0

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6fc8c2cf52c14c1f9038ad791c22cc6d8f0b0d07e6364b678c238f68ee91b03a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 25 Dec 2023 07:26:40 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 25 Dec 2023 07:26:40 GMT

GET
H2 200 styles.css
portal.merchantsservicescenter.com/mscs/accMgmt/init/ 1 KB
910 B 102ms
101ms Stylesheet
text/css 104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/styles.css
Requested by: Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f6f06a1549e05086c104b29aa035e361c16e79bcaac7e89cb4ee26cde0f21bd4

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Mon, 21 Aug 2023 16:19:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"5e2-64e38e8e-637fb;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cI0vUl0QEGq9KhJ3%2F2nvJq4wWIWP1NwmaxvAupSStPUH9KmjyQuYLx8QEnrepSM60moxMUu5Q8uQMb9umyYZNPSpYmUb5V84BqRisp%2FezJuFalLyYL220kKq654JGXCewUUWeUb9a4qfswmJ3yF8PIgllI1d"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 83af5b6e9f086524-LHR
expires: Mon, 01 Jan 2024 07:26:40 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 456ms
64ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

334b34db4578dd6e95673e75d5a5ce0ee50eb997f3c0a6a4c84f9049f78ed17c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 25 Dec 2023 07:26:40 GMT

GET
H2 200 intuit.svg
portal.merchantsservicescenter.com/mscs/accMgmt/init/img/ 1 KB
868 B 100ms
99ms Image
image/svg+xml 104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/img/intuit.svg
Requested by: Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 31 Aug 2023 14:19:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"4c7-64f0a168-63800;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1L4GrPkgzL4BrhnZFgaLeBFy94aQExXbv1ItjAoQDk8%2FdbbfgP4L9H3sqbnPLk2dRMInSneAWbxHk72PyjSrmo3Z21njHBj2Qfc3HzJH%2BuKoX4vlgk8KfWvxeRFnY0YcQU13xVGFiGovdzB%2FVQlQIj60d2JJ"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 83af5b6e9f0b6524-LHR
expires: Mon, 01 Jan 2024 07:26:40 GMT

GET
H2 200 img3.svg
portal.merchantsservicescenter.com/mscs/accMgmt/init/img/ 390 B
600 B 104ms
104ms Image
image/svg+xml 104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/img/img3.svg
Requested by: Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9bb49a02a708a0792b4a35a73dee2ffe2c11225ed2a8d3906392055f0dbdef1c

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 31 Aug 2023 14:19:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"186-64f0a168-637fd;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfbV7BctRW53f%2BLblQFL0c9QHtI2eJkcNHwTO8Qi8I%2FeSxXWCnIeWaHklCr59U%2FFbWUGlj4EDIiac6UkhF7GpN8YkwtCDI9QdQtCRqfhLpIQr8GVStlyZDO0r1bzZCwHOW5FQ17tpXFyJHBdx%2Ftjvp7gtZJN"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 83af5b6e9f0d6524-LHR
expires: Mon, 01 Jan 2024 07:26:40 GMT

GET
H2 200 img1.svg
portal.merchantsservicescenter.com/mscs/accMgmt/init/img/ 678 B
714 B 97ms
96ms Image
image/svg+xml 104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/img/img1.svg
Requested by: Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0de228099b4254fc8aa2fe9e0bde1d5f2afa9a77ddb31420e04e092498566423

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 26 Oct 2023 17:43:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"2a6-653aa524-63802;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X%2BryX7wcsWut21F%2F9iClw3N2nQkJ0h%2BGFr8piS7UQhZqG44FlhRs3O8xHCguu003%2BV98k1m%2FBK6ADs6oz38TXHp9UextkTxfVgFuAJf6GvZD1f5Zme2B5em%2FoLt%2BJaBTI%2FElGV6HMkdCeSUdgXjJOxv0qkWS"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 83af5b6e9f116524-LHR
expires: Mon, 01 Jan 2024 07:26:40 GMT

GET
H2 200 img2.svg
portal.merchantsservicescenter.com/mscs/accMgmt/init/img/ 527 B
707 B 91ms
90ms Image
image/svg+xml 104.21.38.40
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/img/img2.svg
Requested by: Host: portal.merchantsservicescenter.com
URL: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.21.38.40 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3909c161c07b36d9b5fed95bd6b41936a9adc65bc9768ba795c8cf6553ba18f7

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/mscs/accMgmt/init/recaptcha.php?upn=T0fzMHBE4ZFp729k3CeO5soxv7TrFPvQIyUJ0G7DGiTsgDxpmDoRbc57sx58bFWVDBumxn5flZC9uDHfKK76v8SsoSt0Fx1zGTM5r7NpYgdzHvFiCRg95Ak5hB04lRwDy8E6PQgpkBN7ZQ-3D-3DrWUf_9rnNh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:40 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Thu, 31 Aug 2023 14:19:20 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"20f-64f0a168-637ff;gz"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XzF3LBLYBhNjh26IJfrTYNct8BZbxAqbBRvNUFLYeea2eWgUAcT6uzURp7%2BjomCs1D5BloyRD%2BzbZ5CYpW15f0MH9HKyd3K%2B6MR5yP21DijV16YpBV2lrHxJnaw5RrBDKycOqJeWlrMkEmbm4jXqaCs6EF%2B%2F"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: public, max-age=604800
cf-ray: 83af5b6e9f136524-LHR
expires: Mon, 01 Jan 2024 07:26:40 GMT

GET
H2 200 rerouter_a7sbnr.js Show response
res.cloudinary.com/dtzxi7n7o/raw/upload/v1685807046/ 917 B
1 KB 840ms
433ms Script
text/javascript 104.19.166.65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://res.cloudinary.com/dtzxi7n7o/raw/upload/v1685807046/rerouter_a7sbnr.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.166.65 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9e1f74aec91860138c9f19486d850d7af3640cb95130b86ebbc163a67958b91

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://portal.merchantsservicescenter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:41 GMT
strict-transport-security: max-age=604800
last-modified: Sat, 03 Jun 2023 15:44:07 GMT
server: cloudflare
etag: "e2c5cfb083068f9518c79904de74e87f"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary
cache-control: public, no-transform, immutable, max-age=2592000
server-timing: cld-cloudflare;dur=393;start=2023-12-25T07:26:40.819Z;desc=miss,rtt;dur=31;cloudinary;dur=58;start=2023-12-25T07:26:41.097Z
accept-ranges: bytes
cf-ray: 83af5b711da46df0-CPH
timing-allow-origin: *
content-length: 917

GET
H2 200 recaptcha__da.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ 503 KB
202 KB 442ms
56ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405e6a8afd26949df5efa075ab70a61249ba1e99841312a5ce79f5b3a5e261d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://portal.merchantsservicescenter.com/
Origin: https://portal.merchantsservicescenter.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 17:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567601
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206646
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 17:46:40 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame DF55 42 KB
27 KB 77ms
76ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7&co=aHR0cHM6Ly9wb3J0YWwubWVyY2hhbnRzc2VydmljZXNjZW50ZXIuY29tOjQ0Mw..&hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=8ne8js8ol072

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

b4ed727bcb581398ada81ec0dcd24a94979c14b21e819b9750319cf1776d9737

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-1QKaugNXevp88uylbVrpRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://portal.merchantsservicescenter.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-1QKaugNXevp88uylbVrpRA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 25 Dec 2023 07:26:41 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame DF55 55 KB
24 KB 170ms
56ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7&co=aHR0cHM6Ly9wb3J0YWwubWVyY2hhbnRzc2VydmljZXNjZW50ZXIuY29tOjQ0Mw..&hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=8ne8js8ol072

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 05:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7753
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Dec 2024 05:17:28 GMT

GET
H3 200 recaptcha__da.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame DF55 503 KB
202 KB 199ms
85ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405e6a8afd26949df5efa075ab70a61249ba1e99841312a5ce79f5b3a5e261d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 17:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567601
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206646
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 17:46:40 GMT

GET
DATA 200
OK truncated
/ Frame DF55 14 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e

Request headers

accept-language: da-DK,da;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame DF55 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27

Request headers

accept-language: da-DK,da;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame DF55 2 KB
2 KB 56ms
55ms Image
image/png 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 19:56:54 GMT
x-content-type-options: nosniff
age: 559788
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 25 Dec 2023 19:56:54 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DF55 15 KB
16 KB 426ms
56ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: da-DK,da;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 21 Dec 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 287986
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 20 Dec 2024 23:26:56 GMT

GET
H2 200 lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js Show response
www.google.com/js/bg/ Frame DF55 17 KB
7 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/bg/lEEM4ZLDLFuvATVvcnxglI8CLvLrSc6BLt7Ue_ua1SM.js

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

94410ce192c32c5baf01356f727c60948f022ef2eb49ce812eded47bfb9ad523

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7&co=aHR0cHM6Ly9wb3J0YWwubWVyY2hhbnRzc2VydmljZXNjZW50ZXIuY29tOjQ0Mw..&hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=8ne8js8ol072
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 22 Dec 2023 04:15:54 GMT
content-encoding: br
x-content-type-options: nosniff
age: 270648
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6830
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:30:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 21 Dec 2024 04:15:54 GMT

GET
H2 200 webworker.js
www.google.com/recaptcha/api2/ Frame DF55 102 B
209 B 65ms
65ms Other
text/javascript 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d52cfa4be3ee6b929c6462713d37b2f40dc725dc898d63dcd4acbc7f7acd143d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7&co=aHR0cHM6Ly9wb3J0YWwubWVyY2hhbnRzc2VydmljZXNjZW50ZXIuY29tOjQ0Mw..&hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&size=normal&cb=8ne8js8ol072
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 07:26:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 25 Dec 2023 07:26:42 GMT

GET
H2 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 6523 7 KB
1 KB 68ms
68ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

00873d669d399eee2be4ecabdade84653a69d70940a887034e86f22e3d61493c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gdJzWJ6v6O0f0JFlgAhfhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://portal.merchantsservicescenter.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: da-DK,da;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-gdJzWJ6v6O0f0JFlgAhfhQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 25 Dec 2023 07:26:42 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 6523 55 KB
24 KB 56ms
56ms Stylesheet
text/css 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 25 Dec 2023 05:17:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 7754
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 24 Dec 2024 05:17:28 GMT

GET
H3 200 recaptcha__da.js Show response
www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/ Frame 6523 503 KB
202 KB 58ms
58ms Script
text/javascript 2a00:1450:4001:827::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/u-xcq3POCWFlCr3x8_IPxgPu/recaptcha__da.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=da&v=u-xcq3POCWFlCr3x8_IPxgPu&k=6LeSojEpAAAAANE_mfJeD2xuxnDGyAabcmPaSGu7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

405e6a8afd26949df5efa075ab70a61249ba1e99841312a5ce79f5b3a5e261d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: da-DK,da;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 18 Dec 2023 17:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 567602
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 206646
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 05:01:12 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 17 Dec 2024 17:46:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Intuit (Financial)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.adform.net/	1970-01-20 17:56:07	Name: C Value: 1
.adform.net/	1970-01-20 18:37:53	Name: receive-cookie-deprecation Value: 1
.adform.net/	1970-01-20 18:37:53	Name: uid Value: 7463090869065874429

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
portal.merchantsservicescenter.com
res.cloudinary.com
track.adform.net
www.google.com
www.gstatic.com
104.16.86.20
104.19.166.65
104.21.38.40
2a00:1450:4001:813::2003
2a00:1450:4001:827::2003
2a00:1450:4001:82a::2004
2a00:1450:4001:82a::200a
37.157.5.84
00873d669d399eee2be4ecabdade84653a69d70940a887034e86f22e3d61493c
0964d141519db34adc6aa127a33dbc6761cda1e56b584ea402082d99c44afb9e
0de228099b4254fc8aa2fe9e0bde1d5f2afa9a77ddb31420e04e092498566423
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
334b34db4578dd6e95673e75d5a5ce0ee50eb997f3c0a6a4c84f9049f78ed17c
3909c161c07b36d9b5fed95bd6b41936a9adc65bc9768ba795c8cf6553ba18f7
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
405e6a8afd26949df5efa075ab70a61249ba1e99841312a5ce79f5b3a5e261d9
43ef4025567f7a15859b5252b6ccc1efe2ff8c7331b1aefbea7ce88eb5084d27
6fc8c2cf52c14c1f9038ad791c22cc6d8f0b0d07e6364b678c238f68ee91b03a
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
82ca8cd60e5ecda336a08c16ac17d81962736bb628814f35c10cb8c15aaab448
94410ce192c32c5baf01356f727c60948f022ef2eb49ce812eded47bfb9ad523
9bb49a02a708a0792b4a35a73dee2ffe2c11225ed2a8d3906392055f0dbdef1c
a9e1f74aec91860138c9f19486d850d7af3640cb95130b86ebbc163a67958b91
b4ed727bcb581398ada81ec0dcd24a94979c14b21e819b9750319cf1776d9737
c0bcf7898fdc3b87babca678cd19a8e3ef570e931c80a3afbffcc453738c951a
d52cfa4be3ee6b929c6462713d37b2f40dc725dc898d63dcd4acbc7f7acd143d
e5fbf76f6ce776461e3c3d0ff90024cd23ece435d78d1e05a5119a78aa5d0b82
f6f06a1549e05086c104b29aa035e361c16e79bcaac7e89cb4ee26cde0f21bd4

portal.merchantsservicescenter.com Open in urlscan Pro 104.21.38.40 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

21 Requests

100 %HTTPS

50 %IPv6

7 Domains

8 Subdomains

8 IPs

3 Countries

748 kBTransfer

1933 kBSize

3 Cookies

3 Outgoing links

Page URL History

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

3 Cookies

Indicators

portal.merchantsservicescenter.com Open in urlscan Pro
104.21.38.40 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

748 kB
Transfer

1933 kB
Size

3
Cookies

21 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!