nikitaja.com Open in urlscan Pro
103.241.0.167 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://secure-web.cisco.com/1M9AOgynpKIz4xWnQFxJsM4JjR_JYVH3zgzyhOXNxBWXAUG98TYpa0BdgF_xp7b5UrpCjMBEYTiKBMHPzx5oEOYfCQpuX4hu...
Effective URL:
http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b4...
Submission: On August 22 via manual (August 22nd 2019, 11:05:20 am UTC) from US

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 5 domains to perform 19 HTTP transactions. The main IP is 103.241.0.167, located in Australia and belongs to DCWEST-AS-AU-AP DC West Pty. Ltd., AU. The main domain is nikitaja.com.

This is the only time nikitaja.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	2620:101:2005... 2620:101:2005:11f0::1001	16417 (IRONPORT-...) (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division)
1 1	153.19.161.184 153.19.161.184	5550 (TASK-AS G...) (TASK-AS Gdansk University of Technology)
1 2	103.241.0.167 103.241.0.167	38716 (DCWEST-AS...) (DCWEST-AS-AU-AP DC West Pty. Ltd.)
2	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
19	3

1 2620:101:2005:11f0::1001 (United States) 1 redirects

ASN16417 (IRONPORT-SYSTEMS-INC - Cisco Systems Ironport Division, US)

secure-web.cisco.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 153.19.161.184 (Gdańsk, Poland) 1 redirects

ASN5550 (TASK-AS Gdansk University of Technology, PL)
PTR: 161-184.apsl.edu.pl

student3.praktyka.apsl.edu.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.241.0.167 (Australia) 1 redirects

ASN38716 (DCWEST-AS-AU-AP DC West Pty. Ltd., AU)
PTR: vps-0-167.netorigin.net.au

nikitaja.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	google.com www.google.com	1 KB
2	nikitaja.com 1 redirects nikitaja.com	22 KB
1	apsl.edu.pl 1 redirects student3.praktyka.apsl.edu.pl	373 B
1	cisco.com 1 redirects secure-web.cisco.com	328 B
0	j2global.com Failed sassets.j2global.com Failed
19	5

	Domain	Requested by
2	www.google.com	nikitaja.com
2	nikitaja.com	1 redirects
1	student3.praktyka.apsl.edu.pl	1 redirects
1	secure-web.cisco.com	1 redirects
0	sassets.j2global.com Failed	nikitaja.com
19	5

This site contains no links.

Subject Issuer	Validity	Valid
www.google.com Google Internet Authority G3	`2019-07-29` - `2019-10-21`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com
Frame ID: 487C0D7A1E0DDF24CD616C5BB948D5C7
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://secure-web.cisco.com/1M9AOgynpKIz4xWnQFxJsM4JjR_JYVH3zgzyhOXNxBWXAUG98TYpa0BdgF_xp7b5UrpCjMBEYTiK... HTTP 302
http://student3.praktyka.apsl.edu.pl//wp-includes/efax/?login=scallihan@deloitte.com HTTP 302
http://nikitaja.com//wp-includes/js/crop/efax/?login=scallihan@deloitte.com HTTP 302
http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d... Page URL

Detected technologies

UNIX (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Unix/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

mod_ssl (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /mod_ssl(?:\/([\d.]+))?/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
headers server /mod_ssl(?:\/([\d.]+))?/i

Page Statistics

19
Requests

11 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

22 kB
Transfer

23 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://secure-web.cisco.com/1M9AOgynpKIz4xWnQFxJsM4JjR_JYVH3zgzyhOXNxBWXAUG98TYpa0BdgF_xp7b5UrpCjMBEYTiKBMHPzx5oEOYfCQpuX4huTZlSfTc4WpgHYc9Og-u9s6Dmtp2UYWglry_rRzeg14YVJ_kQ8fH7pIJgNSnsaPxz0jaKqj5cSbKZwvW5R0Ax4BrFHb_ebAI472NAhMhpyQ11zW-6HAVWIq_hZqP-WgJnxSFqeM21JpsKbW6GS_mNuvXY-v04HSY7Qeb1vqZr-h6Va_kb51PMGTkP0A8DNL0lJVxhZPFh93886bInYje1A3qfKD1pqniYCn1ioiBXBE97Bc8V2wNxif_1RtAPDUTND4Dwbidxe8dcQLxXIL4RstvAeutzrcgk9C2lMrLUna1LwlmjwegXigWwYQLG3PzzzeQn0giuC2wvh66VUo1w86eRebRZLP9VFGG-b_RDSGPjmx_7TKKpRvZn8vIEZEKp4ZlhjmnF0ICjFALTVhZISK1TRXoV3c0gg1yWN2ICc-B-qwhM3WnpqwA/http%3A%2F%2Fstudent3.praktyka.apsl.edu.pl%2F%2Fwp-includes%2Fefax%2F%3Flogin%3Dscallihan%40deloitte.com HTTP 302
http://student3.praktyka.apsl.edu.pl//wp-includes/efax/?login=scallihan@deloitte.com HTTP 302
http://nikitaja.com//wp-includes/js/crop/efax/?login=scallihan@deloitte.com HTTP 302
http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request immotbm45jbjxxoxax2qj58p.php Show response
nikitaja.com//wp-includes/js/crop/efax/
Redirect Chain

http://secure-web.cisco.com/1M9AOgynpKIz4xWnQFxJsM4JjR_JYVH3zgzyhOXNxBWXAUG98TYpa0BdgF_xp7b5UrpCjMBEYTiKBMHPzx5oEOYfCQpuX4huTZlSfTc4WpgHYc9Og-u9s6Dmtp2UYWglry_rRzeg14YVJ_kQ8fH7pIJgNSnsaPxz0jaKqj5cS...
http://student3.praktyka.apsl.edu.pl//wp-includes/efax/?login=scallihan@deloitte.com
http://nikitaja.com//wp-includes/js/crop/efax/?login=scallihan@deloitte.com
http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d...

21 KB
21 KB

503ms
503ms

Document
text/html

103.241.0.167
DCWEST-AS-AU-AP D...

General

Check archive.org

Show headers Download Go to

Full URL: http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com
Protocol: HTTP/1.1
Server: 103.241.0.167 , Australia, ASN38716 (DCWEST-AS-AU-AP DC West Pty. Ltd., AU),
Reverse DNS: vps-0-167.netorigin.net.au
Software: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 / PHP/5.4.40
Resource Hash: d45206bd7794189bf6bd834d3c6b2dd153bd5c6a9b7730cb024e892e728c6d1b

Request headers

Host: nikitaja.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Thu, 22 Aug 2019 11:04:45 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.40
Content-Length: 21503
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html

Redirect headers

Date: Thu, 22 Aug 2019 11:04:44 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
X-Powered-By: PHP/5.4.40
Location: immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

GET jquery-ui-1.8.16.custom.css
sassets.j2global.com/www.corporate.com/myaccount/css/ 0
0

GET login.css
sassets.j2global.com/www.corporate.com/myaccount/css/ 0
0

GET corporate.css
sassets.j2global.com/www.corporate.com/myaccount/css/ 0
0

GET e-fax.css
sassets.j2global.com/www.corporate.com/myaccount/css/ 0
0

GET cookie-banner.css
sassets.j2global.com/www.corporate.com/myaccount/css/ 0
0

GET jquery-1.7.2.min.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET jquery-ui-1.8.16.custom.min.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET formValidateUtil.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET commonJqueryScripts.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET scripts-min.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET jquery.cookie.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET easyResponsiveTabs.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET corpAdmin.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 796 B
547 B 41ms
28ms Script
text/javascript 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LeW5ZoUAAAAAMjj9Bes22uGyvW7o6ELUUpLgOxV

Requested by

Host: nikitaja.com
URL: http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

cebca871cf1af68383cefc4edef569d9af20eec265e2cb77df1bfb1ad0784478

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 22 Aug 2019 11:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 477
x-xss-protection: 1; mode=block
expires: Thu, 22 Aug 2019 11:04:45 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 762 B
697 B 29ms
16ms Script
text/javascript 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?hl=en

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

b66dc825d69c41352634d28a517cde3f4c958b8d38a79dbbe35e6906133ed13b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://nikitaja.com//wp-includes/js/crop/efax/immotbm45jbjxxoxax2qj58p.php?2i47Fe1566471884e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35e929d85a5d6ec78637c0ae6b43b0ee35&login=scallihan@deloitte.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 22 Aug 2019 11:04:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=300
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 447
x-xss-protection: 1; mode=block
expires: Thu, 22 Aug 2019 11:04:45 GMT

GET default-en-corpLogoMyAccount.gif
sassets.j2global.com/home.efax.com/CBD/500/default/ 0
0

GET corpLogin.js
sassets.j2global.com/www.corporate.com/myaccount/js/ 0
0

GET footer-img.png
sassets.j2global.com/www.corporate.com/myaccount/images/corporate/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/css/jquery-ui-1.8.16.custom.css?av=%2FE

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/css/login.css?av=9gW%

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/css/corporate.css?av=IvBD

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/css/e-fax.css?av=adPj

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/css/cookie-banner.css?av=ElF8

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/jquery-1.7.2.min.js?av=eYYE

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/jquery-ui-1.8.16.custom.min.js?av=yPg4

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/formValidateUtil.js?av=fE4f

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/commonJqueryScripts.js?av=HLvY

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/scripts-min.js?av=VOta

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/jquery.cookie.js?av=n40L

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/easyResponsiveTabs.js?av=50Fv

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/corpAdmin.js?av=4y%2

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/home.efax.com/CBD/500/default/default-en-corpLogoMyAccount.gif

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/js/corpLogin.js?av=M7YZ

Domain: sassets.j2global.com
URL: https://sassets.j2global.com/www.corporate.com/myaccount/images/corporate/footer-img.png?av=VH%2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nikitaja.com
sassets.j2global.com
secure-web.cisco.com
student3.praktyka.apsl.edu.pl
www.google.com
sassets.j2global.com
103.241.0.167
153.19.161.184
2620:101:2005:11f0::1001
2a00:1450:4001:81d::2004
b66dc825d69c41352634d28a517cde3f4c958b8d38a79dbbe35e6906133ed13b
cebca871cf1af68383cefc4edef569d9af20eec265e2cb77df1bfb1ad0784478
d45206bd7794189bf6bd834d3c6b2dd153bd5c6a9b7730cb024e892e728c6d1b

nikitaja.com Open in urlscan Pro 103.241.0.167 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

11 %HTTPS

50 %IPv6

5 Domains

5 Subdomains

3 IPs

4 Countries

22 kBTransfer

23 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

0 Cookies

Indicators

nikitaja.com Open in urlscan Pro
103.241.0.167 Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

11 %
HTTPS

50 %
IPv6

5
Domains

5
Subdomains

3
IPs

4
Countries

22 kB
Transfer

23 kB
Size

0
Cookies

19 HTTP transactions
0 data transactions