52.31.115.142 Open in urlscan Pro
52.31.115.142 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://52.31.115.142/
Submission: On May 13 via automatic, source openphish (May 13th 2023, 1:27:05 pm UTC) — Scanned from DE

Summary HTTP 41 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 12 IPs in 4 countries across 9 domains to perform 41 HTTP transactions. The main IP is 52.31.115.142, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is 52.31.115.142.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on May 10th 2023. Valid for: 3 months.

This is the only time 52.31.115.142 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
22	52.31.115.142 52.31.115.142	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700:20:... 2606:4700:20::681a:407	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	52.18.161.223 52.18.161.223	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:350... 2a02:26f0:3500:591::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	185.198.117.126 185.198.117.126	35051 (NEXI-AS) (NEXI-AS)
2	2606:4700:21:... 2606:4700:21::8d65:780b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:4aab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 1	52.16.185.84 52.16.185.84	16509 (AMAZON-02) (AMAZON-02)
1	52.48.197.14 52.48.197.14	16509 (AMAZON-02) (AMAZON-02)
1	172.64.151.83 172.64.151.83	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.140.62.160 63.140.62.160	15224 (OMNITURE) (OMNITURE)
5	67.202.105.34 67.202.105.34	32748 (STEADFAST) (STEADFAST)
1	67.202.105.32 67.202.105.32	32748 (STEADFAST) (STEADFAST)
41	12

22 52.31.115.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com

52.31.115.142	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:407 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.18.161.223 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-18-161-223.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nexipayments.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:591::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.198.117.126 (Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:21::8d65:780b (United States)

ASN13335 (CLOUDFLARENET, US)

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:4aab (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.185.84 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-185-84.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.197.14 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-197-14.eu-west-1.compute.amazonaws.com

nexipayments.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.83 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.160 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-160.data.adobedc.net

nexipayments.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 67.202.105.34 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip34.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.32 (Palos Park, United States)

ASN32748 (STEADFAST, US)
PTR: ip32.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 12336 ic.tynt.com — Cisco Umbrella Rank: 7854 de.tynt.com — Cisco Umbrella Rank: 1722	8 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 220 nexipayments.demdex.net	5 KB
2	omtrdc.net nexipayments.tt.omtrdc.net nexipayments.sc.omtrdc.net	1 KB
2	amung.us whos.amung.us — Cisco Umbrella Rank: 12114 widgets.amung.us — Cisco Umbrella Rank: 17593	4 KB
2	dtscout.com t.dtscout.com — Cisco Umbrella Rank: 12561	2 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1174	517 B
1	nexi.it www.nexi.it — Cisco Umbrella Rank: 562020	423 KB
1	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 438	12 KB
1	waust.at waust.at — Cisco Umbrella Rank: 38979	3 KB
41	9

	Domain	Requested by
5	ic.tynt.com	52.31.115.142
2	t.dtscout.com	waust.at t.dtscout.com
2	dpm.demdex.net	52.31.115.142
1	de.tynt.com	cdn.tynt.com
1	nexipayments.sc.omtrdc.net	52.31.115.142
1	widgets.amung.us	52.31.115.142
1	cdn.tynt.com	waust.at
1	nexipayments.tt.omtrdc.net	52.31.115.142
1	cm.everesttech.net	1 redirects
1	nexipayments.demdex.net	52.31.115.142
1	whos.amung.us	waust.at
1	www.nexi.it	52.31.115.142
1	assets.adobedtm.com	52.31.115.142
1	waust.at	52.31.115.142
41	14

This site contains links to these domains. Also see Links.

Domain
www.nexi.it
apps.apple.com
play.google.com
appgallery.huawei.com
privati.nexi.it

Subject Issuer	Validity	Valid
web.52-31-115-142.cprapid.com ZeroSSL RSA Domain Secure Site CA	`2023-05-10` - `2023-08-08`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-07-04` - `2023-07-04`	a year	crt.sh
*.demdex.com DigiCert TLS RSA SHA256 2020 CA1	`2022-09-26` - `2023-10-27`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2022-07-19` - `2023-08-19`	a year	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2022-07-05` - `2023-08-06`	a year	crt.sh
*.dtscout.com GTS CA 1P5	`2023-03-29` - `2023-06-27`	3 months	crt.sh
*.amung.us Sectigo RSA Domain Validation Secure Server CA	`2022-05-18` - `2023-06-17`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-09-01`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-07` - `2023-09-30`	a year	crt.sh
*.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-03-08`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://52.31.115.142/
Frame ID: 58D65F46EDAC6B8E9D6AEE935F4ABEB3
Requests: 36 HTTP requests in this frame

Frame: https://52.31.115.142/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: 9FA354320FB2086F3D39669D32DDF163
Requests: 1 HTTP requests in this frame

Frame: https://52.31.115.142/Area%20Personale_files/bframe.html
Frame ID: 16F8530F54F7EC2E5D044E33982820A0
Requests: 3 HTTP requests in this frame

Frame: https://nexipayments.demdex.net/dest5.html?d_nsid=0
Frame ID: 03984655BCB9AECE2268D7A32AE18D2C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

41
Requests

44 %
HTTPS

31 %
IPv6

9
Domains

14
Subdomains

12
IPs

4
Countries

2104 kB
Transfer

2135 kB
Size

11
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nexi.it/

Search URL Search Domain Scan URL

URL: https://www.nexi.it/accedi.html
Title: Cambia portale

Search URL Search Domain Scan URL

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C101454369

Search URL Search Domain Scan URL

URL: https://www.nexi.it/login-titolari.html
Title: Non sei tu?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/recovery/intro
Title: Hai dimenticato le credenziali?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI

Search URL Search Domain Scan URL

URL: https://www.nexi.it/content/dam/nexi/new-login-2019/informativa_privacy.pdf
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28

https://cm.everesttech.net/cm/dd?d_uuid=25457600582549013323173959292052892239 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZF_QIwAAAMDfYQMx

41 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
52.31.115.142/ 298 KB
299 KB 168ms
69ms Document
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 26dd4de2c16294f91bf911500d6c0112d9d9e289aa4b3f311b95f7d677c2b496

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Sat, 13 May 2023 13:26:58 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK launch-a40afd213c32.min.js.download Show response
52.31.115.142/Area%20Personale_files/ 228 KB
228 KB 143ms
47ms Script
application/javascript 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/launch-a40afd213c32.min.js.download
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 233400

GET
H/1.1 200
OK style.css
52.31.115.142/Area%20Personale_files/ 537 KB
537 KB 135ms
43ms Stylesheet
text/css 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/style.css
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 550012

GET
H/1.1 200
OK jquery-3.5.1.min.js.download Show response
52.31.115.142/Area%20Personale_files/ 87 KB
88 KB 142ms
46ms Script
application/javascript 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/jquery-3.5.1.min.js.download
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 89475

GET
H/1.1 200
OK style(1).css
52.31.115.142/Area%20Personale_files/ 17 KB
17 KB 135ms
44ms Stylesheet
text/css 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/style(1).css
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 17116

GET
H/1.1 200
OK stylepop.css
52.31.115.142/ 805 B
1 KB 141ms
47ms Stylesheet
text/css 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/stylepop.css
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 9c61f60b366129bf27c265686c20b261c28d540dbbe03cbe5723e30c1b801b88

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Mon, 03 Jan 2022 19:40:28 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 805

GET
H/1.1 200
OK logo--light-double.svg
52.31.115.142/Area%20Personale_files/ 1 KB
2 KB 49ms
49ms Image
image/svg+xml 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://52.31.115.142/Area%20Personale_files/logo--light-double.svg
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 1476

GET
H/1.1 200
OK app_store.svg
52.31.115.142/Area%20Personale_files/ 15 KB
16 KB 44ms
43ms Image
image/svg+xml 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://52.31.115.142/Area%20Personale_files/app_store.svg
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15816

GET
H/1.1 200
OK google_play.svg
52.31.115.142/Area%20Personale_files/ 25 KB
25 KB 47ms
46ms Image
image/svg+xml 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://52.31.115.142/Area%20Personale_files/google_play.svg
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 25343

GET
H/1.1 200
OK huawei-store.svg
52.31.115.142/Area%20Personale_files/ 22 KB
22 KB 48ms
47ms Image
image/svg+xml 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://52.31.115.142/Area%20Personale_files/huawei-store.svg
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 22133

GET
H/1.1 200
OK logo--dark-double.svg
52.31.115.142/Area%20Personale_files/ 1 KB
2 KB 45ms
44ms Image
image/svg+xml 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://52.31.115.142/Area%20Personale_files/logo--dark-double.svg
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1480

GET
H/1.1 200
OK app.js Show response
52.31.115.142/ 522 B
776 B 47ms
47ms Script
application/javascript 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/app.js
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 7364dc66b30fac131c57fb24f1addde4ff79b344855fa6d79c451ff8d6dbc6a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Last-Modified: Tue, 09 Nov 2021 02:10:56 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 522

GET
H2 200 co.js Show response
waust.at/ 8 KB
3 KB 98ms
36ms Script
application/x-javascript 2606:4700:20::681a:407
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://waust.at/co.js
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:407 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27ca5125c219441002caaa068a4e81147e6bb6554f2e6a0a09ffb1e8b4df79af

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 12 Jan 2023 17:19:26 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 3448
etag: W/"63c0411e-2194"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N49hVPqHNc849248QpgdbdLZc%2BXUcNLbeNhkB8NFhbPBkRvzQKZxNT0pmewWq61LmXT4%2FHZY9iKknTGKIE98htnikD8PPoEaQxv%2B9W2%2BT5AOR7N2wvw95YjYGmNuvYGwj17g6ON4"}],"group":"cf-nel","max_age":604800}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 7c6b3c7aec631970-FRA
expires: Sun, 14 May 2023 12:29:31 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 371 B
1 KB 201ms
50ms XHR
application/json 52.18.161.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&d_nsid=0&ts=1683984418887

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.18.161.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-161-223.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3e1c59a823bd5edce290092b1a3ed56989e8c540d2177b8cff582372e6a2a0ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://52.31.115.142/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-2-v048-04f30eb4e.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: MKspE4VBS4g=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://52.31.115.142
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 313
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ 33 KB
12 KB 144ms
33ms Script
application/x-javascript 2a02:26f0:3500:591::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/launch-a40afd213c32.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

unused62: 8096267
date: Sat, 13 May 2023 13:26:59 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 21:04:01 GMT
server: AkamaiNetStorage
etag: "4635bffccc756e9a52eae8011adb9137:1629320641.842128"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://52.31.115.142
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12188
expires: Sat, 13 May 2023 14:26:59 GMT

GET
H/1.1 200
OK login_pt_background_02.jpg
www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/ 422 KB
423 KB 348ms
54ms Image
image/jpeg 185.198.117.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/login_pt_background_02.jpg

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.117.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

dc50ef7f80147b0a2407f5a560125db8b36c799d5a5a32b17d83fea8f03492e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Wed, 10 May 2023 11:12:39 GMT
ETag: "69983-5fb54f33077b6"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET, HEAD
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=300, public
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=68

GET
H/1.1 404
Not Found karbon-medium-webfont.woff
52.31.115.142/Area%20Personale_files/fonts/ 0
0 49ms
48ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-medium-webfont.woff
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-regular-webfont.woff
52.31.115.142/Area%20Personale_files/fonts/ 0
0 47ms
46ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-regular-webfont.woff
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:58 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-semibold-webfont.woff
52.31.115.142/Area%20Personale_files/fonts/ 0
0 56ms
43ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-semibold-webfont.woff
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK box-a1ae2079824d1c48aa9ce06efb256f18.html Show response
52.31.115.142/Area%20Personale_files/ Frame 9FA3 3 KB
3 KB 54ms
45ms Document
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d

Request headers

Referer: https://52.31.115.142/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 2572
Content-Type: text/html
Date: Sat, 13 May 2023 13:26:59 GMT
Keep-Alive: timeout=5, max=98
Last-Modified: Sun, 05 Dec 2021 00:57:16 GMT
Server: Apache

GET
H/1.1 200
OK bframe.html Show response
52.31.115.142/Area%20Personale_files/ Frame 16F8 8 KB
9 KB 55ms
46ms Document
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/bframe.html
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d

Request headers

Referer: https://52.31.115.142/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 8502
Content-Type: text/html
Date: Sat, 13 May 2023 13:26:59 GMT
Keep-Alive: timeout=5, max=98
Last-Modified: Sun, 05 Dec 2021 00:57:16 GMT
Server: Apache

GET
H/1.1 404
Not Found KarbonApp-Regular.ttf
52.31.115.142/Area%20Personale_files/fonts/ 0
0 47ms
47ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Regular.ttf
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Medium.ttf
52.31.115.142/Area%20Personale_files/fonts/ 0
0 47ms
46ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Medium.ttf
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Semibold.ttf
52.31.115.142/Area%20Personale_files/fonts/ 0
0 43ms
43ms Font
text/html 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://52.31.115.142/Area%20Personale_files/style.css
Origin: https://52.31.115.142
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK styles__ltr.css
52.31.115.142/Area%20Personale_files/ Frame 16F8 51 KB
51 KB 47ms
46ms Stylesheet
text/css 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/styles__ltr.css
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/Area%20Personale_files/bframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 52368

GET
H/1.1 200
OK recaptcha__it.js.download Show response
52.31.115.142/Area%20Personale_files/ Frame 16F8 345 KB
345 KB 45ms
44ms Script
application/javascript 52.31.115.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://52.31.115.142/Area%20Personale_files/recaptcha__it.js.download
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.31.115.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-115-142.eu-west-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/Area%20Personale_files/bframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

Date: Sat, 13 May 2023 13:26:59 GMT
Last-Modified: Sun, 05 Dec 2021 00:57:12 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 353475

GET
H2 200 / Show response
t.dtscout.com/i/ 2 KB
2 KB 283ms
220ms Script
application/javascript 2606:4700:21::8d65:780b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/i/?l=https%3A%2F%2F52.31.115.142%2F&j=
Requested by: Host: waust.at
URL: https://waust.at/co.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::8d65:780b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
x-t: 0.6
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c%2FwjseRS9P%2BRslyans5J3eP5lWVTahrtpVqXB5D6ba9Q%2F0T%2FtXft67FxVPOnRMW1B2NEym2oJBlF6LzbgKlxP915qUPF%2BpjQX3Mboqh%2BXzTj1Ss%2BwS1nVtqA6XK%2BBqKhiHC3Bb6ilBN8RTo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache
x-s: mtl3
cf-ray: 7c6b3c7bad241ca1-FRA
expires: Sat, 13 May 2023 13:26:58 GMT

GET
H2 200 / Show response
whos.amung.us/pingjs/ 28 B
182 B 199ms
145ms Script
text/javascript 2606:4700:10::6816:4aab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://whos.amung.us/pingjs/?k=1j5h5amprz&t=Area%20Personale&c=u&x=https%3A%2F%2F52.31.115.142%2F&y=&a=0&d=0.645&v=27&r=3344
Requested by: Host: waust.at
URL: https://waust.at/co.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4d537546afe4ec01fb8c6c1f716586566a746b3542ec553f61372bc0add98515

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7c6b3c7b9811905b-FRA
content-type: text/javascript;charset=UTF-8

GET
H/1.1 200
OK dest5.html Show response
nexipayments.demdex.net/ Frame 0398 7 KB
3 KB 213ms
50ms Document
text/html 52.18.161.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nexipayments.demdex.net/dest5.html?d_nsid=0

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.18.161.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-161-223.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://52.31.115.142/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-2-v048-0e78ca5d4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: m1Dt6od4SzU=
content-encoding: gzip
date: Sat, 13 May 2023 13:26:59 GMT
last-modified: Wed, 10 May 2023 10:46:09 GMT
vary: accept-encoding

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZF_QIwAAAMDfYQMx
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=25457600582549013323173959292052892239
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZF_QIwAAAMDfYQMx

42 B
942 B

50ms
50ms

Image
image/gif

52.18.161.223
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZF_QIwAAAMDfYQMx

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/

Protocol

HTTP/1.1

Server

52.18.161.223 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-18-161-223.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v048-034cd99df.edge-irl1.demdex.com 1 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: iQ9W+SCzSRM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZF_QIwAAAMDfYQMx
Date: Sat, 13 May 2023 13:26:59 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
nexipayments.tt.omtrdc.net/rest/v1/ 355 B
847 B 162ms
49ms XHR
application/json 52.48.197.14
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nexipayments.tt.omtrdc.net/rest/v1/delivery?client=nexipayments&sessionId=e5c6b5b81ee246898765148ad689e990&version=2.6.1

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.48.197.14 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-48-197-14.eu-west-1.compute.amazonaws.com

Software

Resource Hash

10b9a3d19f4abb25b2e48e9f0c2a6fdbd17e7e297603ed53e1dc25159b0402d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://52.31.115.142/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36
Content-Type: text/plain

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://52.31.115.142
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 00c347632159acf35c2490a84b0bf953

GET
H2 200 tc.js Show response
cdn.tynt.com/ 18 KB
7 KB 117ms
32ms Script
application/javascript 172.64.151.83
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/tc.js
Requested by: Host: waust.at
URL: https://waust.at/co.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.151.83 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1804777ba20dafab3f354093af8b20442bec0eb61b2d34ea8a735a3bfefa278

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 14 Mar 2023 15:48:11 GMT
server: cloudflare
age: 236157
etag: W/"6410973b-4750"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 7c6b3c7d19dcbbb3-FRA
expires: Tue, 16 May 2023 13:26:59 GMT

GET
H2 200 /
widgets.amung.us/colwid/ 3 KB
3 KB 53ms
43ms Image
image/png 2606:4700:10::6816:4aab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.amung.us/colwid/?c=73dcff000000
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:4aab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 131addda5379692aff3f337f4ccb4c051171dd38fc75a0cdfca1095db3345c7b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
cf-cache-status: HIT
last-modified: Fri, 12 May 2023 15:51:13 GMT
server: cloudflare
age: 77746
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2678400
content-disposition: filename=wau-widget.png
cf-ray: 7c6b3c7c98d8905b-FRA
expires: Sat, 13 May 2023 15:51:13 GMT

GET
H2 200 / Show response
t.dtscout.com/pv/ 51 B
341 B 216ms
216ms Script
application/javascript 2606:4700:21::8d65:780b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/pv/?_a=v&_h=52.31.115.142&_ss=2p87icktj3&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=6smu&_cb=_dtspv.c
Requested by: Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=https%3A%2F%2F52.31.115.142%2F&j=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:21::8d65:780b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f79acb48525635b8b031200a1dadad66cdc51685ff83c50c0276b05a8ceae0b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

date: Sat, 13 May 2023 13:26:59 GMT
x-t: 0.144
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wcwvkpyFoB3tRPZFPwYkGEh23RfLfwLcHsISakV22hNgceyev5YKASZNvght6DIiKiTsFr2X5Tak3QFqB0rID2tcuSVYM6gCh8%2B4oE3u%2FCYOrqfJCsxLFDe%2BXKs5ejLRjWE0uQhIbBi5qEc%3D"}],"group":"cf-nel","max_age":604800}
x-c: 0
content-type: application/javascript
cache-control: no-cache
cf-ray: 7c6b3c7d1f0e1ca1-FRA
expires: Sat, 13 May 2023 13:26:58 GMT

GET
H2 200 s43575344174613
nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/ 43 B
345 B 131ms
36ms Image
image/gif 63.140.62.160
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/s43575344174613?AQB=1&ndh=1&pf=1&t=13%2F4%2F2023%2013%3A26%3A59%206%200&sdid=1D73FD81940A4D43-4CDC5801131A147D&mid=30634778819846837552728012073652135152&aamlh=6&ce=UTF-8&pageName=%2F&g=https%3A%2F%2F52.31.115.142%2F&cc=EUR&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v4=%2F&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&AQE=1

Requested by

Host: 52.31.115.142
URL: https://52.31.115.142/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.160 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-160.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 13 May 2023 13:26:59 GMT
x-content-type-options: nosniff
last-modified: Sun, 14 May 2023 13:26:59 GMT
server: jag
etag: 3616329004433539072-4619808455533601928
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Fri, 12 May 2023 13:26:59 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
228 B 563ms
120ms Image
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!1j5h5amprz&lm=0&ts=1683984419464&dn=TC&iso=0&pu=https%3A%2F%2F52.31.115.142%2F&t=Area%20Personale&chmob=0
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: "Sat, 26 Jul 1997 05:00:00 GMT"
date: Sat, 13 May 2023 13:26:59 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
327 B 396ms
123ms Script
application/javascript 67.202.105.32
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=w!1j5h5amprz&dn=TC&cc=1&chmob=0&r=&pu=https%3A%2F%2F52.31.115.142%2F
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.32 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip32.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
date: Sat, 13 May 2023 13:27:00 GMT
cache-control: max-age=86400
content-type: application/javascript
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
content-length: 4
expires: Sun, 14 May 2023 13:27:00 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 121ms
120ms Image
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!1j5h5amprz&lm=0&ts=1683984419464&dn=TC&iso=0&pu=https%3A%2F%2F52.31.115.142%2F&t=Area%20Personale
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: "Sat, 26 Jul 1997 05:00:00 GMT"
date: Sat, 13 May 2023 13:27:00 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 121ms
121ms Image
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!1j5h5amprz&lm=0&ts=1683984419464&dn=TC&iso=0&pu=https%3A%2F%2F52.31.115.142%2F
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: "Sat, 26 Jul 1997 05:00:00 GMT"
date: Sat, 13 May 2023 13:27:00 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 124ms
122ms Image
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!1j5h5amprz&lm=0&ts=1683984419464&dn=TC&iso=0&pu=https%3A%2F%2F52.31.115.142%2F
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: "Sat, 26 Jul 1997 05:00:00 GMT"
date: Sat, 13 May 2023 13:27:00 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 127ms
121ms Image
text/plain 67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!1j5h5amprz&lm=0&ts=1683984419464&dn=TC&iso=0&pu=https%3A%2F%2F52.31.115.142%2F
Requested by: Host: 52.31.115.142
URL: https://52.31.115.142/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Palos Park, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://52.31.115.142/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.92 Safari/537.36

Response headers

expires: "Sat, 26 Jul 1997 05:00:00 GMT"
date: Sat, 13 May 2023 13:27:00 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
52.31.115.142/	1969-12-31 23:59:59	Name: PHPSESSID Value: d6f5f52f0e61d07974b4dcd48e93246d
.demdex.net/	1970-01-20 16:05:36	Name: demdex Value: 25457600582549013323173959292052892239
52.31.115.142/	1969-12-31 23:59:59	Name: AMCVS_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: 1
52.31.115.142/	1970-01-20 21:22:24	Name: mbox Value: session#e5c6b5b81ee246898765148ad689e990#1683986280\|PC#e5c6b5b81ee246898765148ad689e990.37_0#1747229220
.everesttech.net/	1970-01-20 20:32:00	Name: everest_g_v2 Value: g_surferid~ZF_QIwAAAMDfYQMx
.dtscout.com/	1970-01-20 11:46:29	Name: m Value: 1
.dtscout.com/	1970-01-20 11:46:38	Name: oa Value: 1
.dtscout.com/	1970-01-20 14:10:24	Name: df Value: 1683984419
.dpm.demdex.net/	1970-01-20 16:05:36	Name: dpm Value: 25457600582549013323173959292052892239
52.31.115.142/	1970-01-20 21:22:24	Name: AMCV_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19491%7CMCMID%7C30634778819846837552728012073652135152%7CMCAAMLH-1684589219%7C6%7CMCAAMB-1684589219%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1683991619s%7CNONE%7CMCSYNCSOP%7C411-19498%7CvVersion%7C5.2.0
52.31.115.142/	1969-12-31 23:59:59	Name: s_cc Value: true

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	URL: https://52.31.115.142/ Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/logo--light-double.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/ Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/app_store.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/ Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/google_play.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/ Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/huawei-store.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/ Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/logo--dark-double.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/(Line 141) Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/logo--light-double.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/(Line 256) Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/app_store.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/(Line 259) Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/google_play.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/(Line 262) Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/huawei-store.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security	warning	URL: https://52.31.115.142/(Line 8763) Message: Mixed Content: The page at 'https://52.31.115.142/' was loaded over HTTPS, but requested an insecure element 'https://52.31.115.142/Area%20Personale_files/logo--dark-double.svg'. This request was not upgraded to HTTPS because its URL's host is an IP address.
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-medium-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/karbon-semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	warning	URL: https://52.31.115.142/Area%20Personale_files/bframe.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Medium.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://52.31.115.142/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cdn.tynt.com
cm.everesttech.net
de.tynt.com
dpm.demdex.net
ic.tynt.com
nexipayments.demdex.net
nexipayments.sc.omtrdc.net
nexipayments.tt.omtrdc.net
t.dtscout.com
waust.at
whos.amung.us
widgets.amung.us
www.nexi.it
172.64.151.83
185.198.117.126
2606:4700:10::6816:4aab
2606:4700:20::681a:407
2606:4700:21::8d65:780b
2a02:26f0:3500:591::1e80
52.16.185.84
52.18.161.223
52.31.115.142
52.48.197.14
63.140.62.160
67.202.105.32
67.202.105.34
0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d
0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338
10b9a3d19f4abb25b2e48e9f0c2a6fdbd17e7e297603ed53e1dc25159b0402d7
131addda5379692aff3f337f4ccb4c051171dd38fc75a0cdfca1095db3345c7b
26dd4de2c16294f91bf911500d6c0112d9d9e289aa4b3f311b95f7d677c2b496
27ca5125c219441002caaa068a4e81147e6bb6554f2e6a0a09ffb1e8b4df79af
3e1c59a823bd5edce290092b1a3ed56989e8c540d2177b8cff582372e6a2a0ac
4d537546afe4ec01fb8c6c1f716586566a746b3542ec553f61372bc0add98515
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762
7364dc66b30fac131c57fb24f1addde4ff79b344855fa6d79c451ff8d6dbc6a0
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d
8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
9c61f60b366129bf27c265686c20b261c28d540dbbe03cbe5723e30c1b801b88
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
b1804777ba20dafab3f354093af8b20442bec0eb61b2d34ea8a735a3bfefa278
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
dc50ef7f80147b0a2407f5a560125db8b36c799d5a5a32b17d83fea8f03492e5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f79acb48525635b8b031200a1dadad66cdc51685ff83c50c0276b05a8ceae0b0

52.31.115.142 Open in urlscan Pro 52.31.115.142 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

41 Requests

44 %HTTPS

31 %IPv6

9 Domains

14 Subdomains

12 IPs

4 Countries

2104 kBTransfer

2135 kBSize

11 Cookies

9 Outgoing links

Redirected requests

41 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

52.31.115.142 Open in urlscan Pro
52.31.115.142 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

41
Requests

44 %
HTTPS

31 %
IPv6

9
Domains

14
Subdomains

12
IPs

4
Countries

2104 kB
Transfer

2135 kB
Size

11
Cookies

41 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!