5.twizer.co Open in urlscan Pro
2606:4700:30::681b:8547 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://5.twizer.co/no-atm-card.html
Submission: On March 18 via manual (March 18th 2019, 6:34:43 pm UTC) from US

Summary HTTP 25 Redirects Behaviour Indicators

Summary

This website contacted 19 IPs in 5 countries across 19 domains to perform 25 HTTP transactions. The main IP is 2606:4700:30::681b:8547, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is 5.twizer.co.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 18th 2019. Valid for: a year.

This is the only time 5.twizer.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Banking (Banking)

Domain & IP information

	IP Address	AS Autonomous System
3	2606:4700:30:... 2606:4700:30::681b:8547	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	193.105.145.148 193.105.145.148	56778 (PURETELEC...) (PURETELECOM-IE-NET)
2	95.100.68.182 95.100.68.182	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	2a00:1450:400... 2a00:1450:4001:817::2016	15169 (GOOGLE) (GOOGLE - Google LLC)
1	45.60.13.91 45.60.13.91	19551 (INCAPSULA) (INCAPSULA - Incapsula Inc)
1	104.111.226.20 104.111.226.20	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	143.204.214.100 143.204.214.100	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:819::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a02:fe80:101... 2a02:fe80:1010::4:7	30148 (SUCURI-SEC) (SUCURI-SEC - Sucuri)
1 2	23.43.115.47 23.43.115.47	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 1	2606:4700:30:... 2606:4700:30::681c:1e32	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:30:... 2606:4700:30::681c:1f32	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:30:... 2606:4700:30::681b:bd49	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700:20:... 2606:4700:20::681a:8b8	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	144.168.39.233 144.168.39.233	54540 (INCERO-HVVC) (INCERO-HVVC - HIVELOCITY)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
1	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	205.185.208.52 205.185.208.52	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1	2606:4700::68... 2606:4700::6813:c597	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
25	19

3 2606:4700:30::681b:8547 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

5.twizer.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

stackpath.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.105.145.148 (Ireland)

ASN56778 (PURETELECOM-IE-NET, IE)

taxback-usa-atm-card-1.ssl443.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 95.100.68.182 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a95-100-68-182.deploy.static.akamaitechnologies.com

www.usbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::2016 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 45.60.13.91 (Redwood City, United States)

ASN19551 (INCAPSULA - Incapsula Inc, US)

www.serve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.226.20 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-226-20.deploy.static.akamaitechnologies.com

usa.visa.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.214.100 (Wilmington, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-214-100.fra53.r.cloudfront.net

www.nerdwallet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2001 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fe80:1010::4:7 (United Kingdom)

ASN30148 (SUCURI-SEC - Sucuri, US)

uquid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.43.115.47 (Amsterdam, Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-43-115-47.deploy.static.akamaitechnologies.com

www.ocbc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:1e32 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bhatt.id.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681c:1f32 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.bhatt.id.au	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681b:bd49 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.weusecoins.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:8b8 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.affordablecebu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 144.168.39.233 (Austin, United States)

ASN54540 (INCERO-HVVC - HIVELOCITY, Inc., US)
PTR: 144-168-39-233-customer-incero.com

www.knowzy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: i1.wp.com

i2.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::200e (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 205.185.208.52 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip052.ssl.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:c597 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	ytimg.com i.ytimg.com	290 KB
3	twizer.co 5.twizer.co	25 KB
2	bhatt.id.au 1 redirects www.bhatt.id.au	41 KB
2	ocbc.com 1 redirects www.ocbc.com	68 KB
2	usbank.com www.usbank.com	319 KB
2	bootstrapcdn.com stackpath.bootstrapcdn.com	34 KB
1	cloudflare.com cdnjs.cloudflare.com	7 KB
1	jquery.com code.jquery.com	24 KB
1	gstatic.com encrypted-tbn0.gstatic.com	6 KB
1	wp.com i2.wp.com	8 KB
1	knowzy.com www.knowzy.com	88 KB
1	affordablecebu.com www.affordablecebu.com	72 KB
1	weusecoins.com www.weusecoins.com	111 KB
1	uquid.com uquid.com	49 KB
1	blogspot.com 1.bp.blogspot.com	31 KB
1	nerdwallet.com www.nerdwallet.com	19 KB
1	visa.com usa.visa.com	39 KB
1	serve.com www.serve.com	41 KB
1	ssl443.net taxback-usa-atm-card-1.ssl443.net	22 KB
25	19

	Domain	Requested by
3	i.ytimg.com	5.twizer.co
3	5.twizer.co	5.twizer.co
2	www.bhatt.id.au	1 redirects 5.twizer.co
2	www.ocbc.com	1 redirects 5.twizer.co
2	www.usbank.com	5.twizer.co
2	stackpath.bootstrapcdn.com	5.twizer.co
1	cdnjs.cloudflare.com	5.twizer.co
1	code.jquery.com	5.twizer.co
1	encrypted-tbn0.gstatic.com	5.twizer.co
1	i2.wp.com	5.twizer.co
1	www.knowzy.com	5.twizer.co
1	www.affordablecebu.com	5.twizer.co
1	www.weusecoins.com	5.twizer.co
1	uquid.com	5.twizer.co
1	1.bp.blogspot.com	5.twizer.co
1	www.nerdwallet.com	5.twizer.co
1	usa.visa.com	5.twizer.co
1	www.serve.com	5.twizer.co
1	taxback-usa-atm-card-1.ssl443.net	5.twizer.co
25	19

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-02-18` - `2020-02-18`	a year	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.ssl443.net RapidSSL RSA CA 2018	`2018-06-06` - `2019-06-20`	a year	crt.sh
www.usbank.com Entrust Certification Authority - L1M	`2017-08-01` - `2019-08-01`	2 years	crt.sh
edgestatic.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
secure.serve.com Entrust Certification Authority - L1M	`2018-09-10` - `2020-09-10`	2 years	crt.sh
www.visa.com GeoTrust RSA CA 2018	`2018-11-01` - `2020-01-31`	a year	crt.sh
*.nerdwallet.com Amazon	`2018-04-30` - `2019-05-30`	a year	crt.sh
*.googleusercontent.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.uquid.com COMODO RSA Domain Validation Secure Server CA	`2018-01-05` - `2021-01-04`	3 years	crt.sh
www.ocbc.com DigiCert SHA2 Secure Server CA	`2019-01-09` - `2020-01-31`	a year	crt.sh
sni103599.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-02-27` - `2019-09-05`	6 months	crt.sh
affordablecebu.com CloudFlare Inc ECC CA-2	`2018-04-30` - `2019-04-30`	a year	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
ssl412106.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-03-02` - `2019-09-08`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://5.twizer.co/no-atm-card.html
Frame ID: A9D07D691AF238E121BF63DD76F56B57
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Twitter Bootstrap () Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i

Page Statistics

25
Requests

96 %
HTTPS

50 %
IPv6

19
Domains

19
Subdomains

19
IPs

5
Countries

1292 kB
Transfer

1521 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.ocbc.com/assets/images/uploads/Help%20and%20Support/card-replacement/old-atm-card.png HTTP 301
https://www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/old-atm-card.png

Request Chain 11

http://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg HTTP 301
https://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request no-atm-card.html Show response
5.twizer.co/ 31 KB
7 KB 377ms
334ms Document
text/html 2606:4700:30::681b:8547
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:8547 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82e8e94c4c96f3bd05b711799fb6202662042f93eb2b50bffa87e4a38910b0c7

Request headers

:method: GET
:authority: 5.twizer.co
:scheme: https
:path: /no-atm-card.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Mon, 18 Mar 2019 18:34:24 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dbd08a21d791588a1cf1ff6078e530a921552934063; expires=Tue, 17-Mar-20 18:34:23 GMT; path=/; domain=.twizer.co; HttpOnly; Secure
vary: Accept-Encoding
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4b994ceb4c7e9712-FRA
content-encoding: br

GET
H2 200 bootstrap.min.css
stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/ 138 KB
21 KB 36ms
19ms Stylesheet
text/css 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: 7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://5.twizer.co/no-atm-card.html
Origin: https://5.twizer.co

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:34:11 GMT
access-control-allow-origin: *
etag: "1544639651"
vary: Accept-Encoding
x-cache: HIT
content-type: text/css; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 21050

GET
H2 200 style.css
5.twizer.co/templates/3/ 203 B
281 B 322ms
320ms Stylesheet
text/css 2606:4700:30::681b:8547
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://5.twizer.co/templates/3/style.css
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:8547 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 111ab2118eeac10488fc7571a2aca2242f088edc3de2e78b5d62d83fdea374bd

Request headers

:path: /templates/3/style.css
pragma: no-cache
cookie: __cfduid=dbd08a21d791588a1cf1ff6078e530a921552934063
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: 5.twizer.co
referer: https://5.twizer.co/no-atm-card.html
:scheme: https
:method: GET
Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
content-encoding: br
cf-cache-status: REVALIDATED
last-modified: Sun, 17 Feb 2019 21:56:45 GMT
server: cloudflare
etag: W/"cb-5821e158f32c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
status: 200
cache-control: public, max-age=14400
cf-ray: 4b994ced793d9712-FRA
expires: Mon, 18 Mar 2019 22:34:24 GMT

GET
H/1.1 200
OK debit_card.jpg
taxback-usa-atm-card-1.ssl443.net/images/ssl443/ 22 KB
22 KB 208ms
33ms Image
image/jpeg 193.105.145.148
PURETELECOM-IE-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://taxback-usa-atm-card-1.ssl443.net/images/ssl443/debit_card.jpg
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 193.105.145.148 , Ireland, ASN56778 (PURETELECOM-IE-NET, IE),
Reverse DNS
Software: Apache /
Resource Hash: 7425d5e516d348f364079c56b6757ebadc21a511fba89d94baf0207656063fbc

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 18 Mar 2019 18:34:24 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Jun 2010 10:37:28 GMT
Server: Apache
ETag: "590f-488967e0b8a00-gzip"
Vary: Accept-Encoding
Content-Type: image/jpeg
Cache-Control: max-age=14400
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 21662
Expires: Mon, 18 Mar 2019 22:34:24 GMT

GET
H/1.1 200
OK debit-800x514-2px-outline.jpg
www.usbank.com/dam/images/pid7937/ 89 KB
89 KB 147ms
29ms Image
image/jpeg 95.100.68.182
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usbank.com/dam/images/pid7937/debit-800x514-2px-outline.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.68.182 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a95-100-68-182.deploy.static.akamaitechnologies.com

Software

/ ASP.NET

Resource Hash

8f465da2b482953a1448b5e6b49ee1230b0c2b29495fae842c01c1f841bb8b6f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosnif

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosnif
Last-Modified: Thu, 28 Feb 2019 02:26:29 GMT
Server
X-Powered-By: ASP.NET
Content-Type: image/jpeg
Cache-Control: max-age=63038
Date: Mon, 18 Mar 2019 18:34:24 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 90711
ETag: "cd2173dcfd41:0"

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/T7-dcS9vTNU/ 67 KB
67 KB 53ms
42ms Image
image/jpeg 2a00:1450:4001:817::2016
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/T7-dcS9vTNU/maxresdefault.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:817::2016 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9b9373b30576e4d9e813436eb154709a3597050dbe5c4014b553ce7b5c8e81be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "1504286122"
content-type: image/jpeg
status: 200
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: https://imasdk.googleapis.com
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 68608
x-xss-protection: 1; mode=block
expires: Mon, 18 Mar 2019 20:34:24 GMT

GET
H/1.1 200
OK SKU-3_Update_phones.jpg
www.serve.com/assets/img/customer/ 40 KB
41 KB 771ms
578ms Image
image/jpeg 45.60.13.91
Incapsula Inc

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.serve.com/assets/img/customer/SKU-3_Update_phones.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.13.91 Redwood City, United States, ASN19551 (INCAPSULA - Incapsula Inc, US),

Reverse DNS

Software

Resource Hash

2c673053c5d632573d9ec21ec84537ab9b4686d816aa72336c4f37a4cfc06631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 18 Mar 2019 18:34:24 GMT
Last-Modified: Wed, 13 Mar 2019 13:27:16 GMT
X-CDN: Incapsula
Etag: "092ad79a0d9d41:0"
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Type: image/jpeg
X-Iinfo: 14-1442489-1432292 2VNN RT(1552934063457 29) q(0 1 1 46) r(6 6)
Cache-Control: max-age=1800, public
Content-Length: 41381
Expires: Mon, 18 Mar 2019 19:04:24 GMT

GET
H2 200 new-kroger-rewards-800x450.png
usa.visa.com/content/dam/VCOM/vca/revised_card_images/ 38 KB
39 KB 186ms
65ms Image
image/webp 104.111.226.20
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usa.visa.com/content/dam/VCOM/vca/revised_card_images/new-kroger-rewards-800x450.png
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.226.20 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-226-20.deploy.static.akamaitechnologies.com
Software: Akamai Image Manager /
Resource Hash: 64231c6f6bfca422503957bfbe192e109e1bd4224f6473fd1e59cc999cc510b8

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
last-modified: Mon, 18 Mar 2019 10:39:16 GMT
server: Akamai Image Manager
p3p
status: 200
cache-control: private, no-transform, max-age=43200
content-type: image/webp
content-length: 39392
expires: Tue, 19 Mar 2019 06:34:24 GMT

GET
H2 200 Test-GettingCashATMWithoutACard_Final-770x336.png
www.nerdwallet.com/assets/blog/wp-content/uploads/2017/08/ 18 KB
19 KB 725ms
631ms Image
image/png 143.204.214.100
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.nerdwallet.com/assets/blog/wp-content/uploads/2017/08/Test-GettingCashATMWithoutACard_Final-770x336.png
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.214.100 Wilmington, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-214-100.fra53.r.cloudfront.net
Software: /
Resource Hash: 991f3bd0199d558e2f7b3ecc961ef0589d64ce9b141c753e5bc80e4514917ca7

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 11 Mar 2019 16:26:37 GMT
via: 1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
age: 612467
x-cache: Hit from cloudfront
status: 200
x-amz-replication-status: COMPLETED
content-length: 18911
last-modified: Wed, 02 Aug 2017 21:01:31 GMT
etag: "08285020e98a17f29c0cf8000eae14ad"
x-amz-version-id: Sidak8UK5ztxMcM3LbvSWHiFZ9rwOti_
cache-control: max-age=31536000
accept-ranges: bytes
content-type: image/png
x-amz-cf-id: aesxBsJHoXvyjNoQ5m7HwCdTqxVUSMDXKw0DRQJfqb8fO3fSm6R5_A==
x-nerd: Edge
expires: Thu, 02 Aug 2018 21:01:29 GMT

GET
H2 200 perfect%2Bmoney%2Batm%2Bcard1.jpg
1.bp.blogspot.com/-UGIBG0vTTtE/VWMRPmjYqBI/AAAAAAAAADE/iEJrQoYi6iY/s400/ 31 KB
31 KB 622ms
598ms Image
image/jpeg 2a00:1450:4001:819::2001
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-UGIBG0vTTtE/VWMRPmjYqBI/AAAAAAAAADE/iEJrQoYi6iY/s400/perfect%2Bmoney%2Batm%2Bcard1.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:819::2001 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

fife /

Resource Hash

6e8aaee14e6817dbeb2d9de124830edf94b864cf6a80fd4fb07456526f4a8ba0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
status: 200
content-disposition: inline;filename="perfect money atm card1.jpg"
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 31524
x-xss-protection: 1; mode=block
server: fife
etag: "v32"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 19 Mar 2019 18:34:24 GMT

GET
H2 200 8.png
uquid.com/addons/shared_addons/themes/uquid/img/2016/bitcoin-debit-card/ 49 KB
49 KB 90ms
7ms Image
image/png 2a02:fe80:1010::4:7
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uquid.com/addons/shared_addons/themes/uquid/img/2016/bitcoin-debit-card/8.png

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::4:7 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

087f50849fdafacc4e07a040c91504c80bc259572ccf18b5aa295e0b4aa387aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
x-nginx-cache-status: REVALIDATED
status: 200
x-sucuri-cache: HIT
x-server-powered-by: Uquid
content-length: 49887
x-xss-protection: 1; mode=block
pragma: public
last-modified: Sat, 13 Jan 2018 16:32:56 GMT
server: nginx
content-type: image/png
cache-control: max-age=315360000
x-sucuri-id: 15004
accept-ranges: bytes
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1

200
OK

old-atm-card.png
www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/
Redirect Chain

https://www.ocbc.com/assets/images/uploads/Help%20and%20Support/card-replacement/old-atm-card.png
https://www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/old-atm-card.png

67 KB
67 KB

44ms
35ms

Image
image/png

23.43.115.47
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ocbc.com/assets/images/uploads/help%20and%20support/card-replacement/old-atm-card.png

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.43.115.47 Amsterdam, Netherlands, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

a23-43-115-47.deploy.static.akamaitechnologies.com

Software

Resource Hash

5300550742c5850fcb90ac3fdcf39ffbffa31516b613ad8c25622256b685e1ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Xss-Protection	value=1;mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 23 Jan 2014 03:11:36 GMT
X-Permitted-Cross-Domain-Policies: none
ETag: "0a42fd3e817cf1:0"
Content-Type: image/png
Date: Mon, 18 Mar 2019 18:34:24 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68378
X-XSS-Protection: value=1;mode=block

Redirect headers

Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
Date: Mon, 18 Mar 2019 18:34:24 GMT
Content-Type: text/html; charset=UTF-8
Location: https://www.ocbc.com/assets/images/uploads/help and support/card-replacement/old-atm-card.png
Connection: keep-alive
Content-Length: 216
X-XSS-Protection: value=1;mode=block

GET
H2

200

citibank-visa-plus-debit-card.jpg
www.bhatt.id.au/blogimg/
Redirect Chain

http://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg
https://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg

40 KB
40 KB

1416ms
1366ms

Image
image/jpeg

2606:4700:30::681c:1f32
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681c:1f32 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 525b919b55b89e589483ee1f375ed9f441fd122c7484dbc142548e1932f96135

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:25 GMT
cf-cache-status: MISS
last-modified: Tue, 29 Nov 2016 06:57:24 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=2678400
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 4b994cee6c6296b2-FRA
content-length: 40676
expires: Thu, 18 Apr 2019 18:34:25 GMT

Redirect headers

Date: Mon, 18 Mar 2019 18:34:24 GMT
Server: cloudflare
Vary: Accept-Encoding
Location: https://www.bhatt.id.au/blogimg/citibank-visa-plus-debit-card.jpg
Cache-Control: max-age=3600
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 4b994cedeee0bec6-FRA
Expires: Mon, 18 Mar 2019 19:34:24 GMT

GET
H2 200 spectrocoin-debit-card.png
www.weusecoins.com/images/ 110 KB
111 KB 213ms
121ms Image
image/png 2606:4700:30::681b:bd49
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.weusecoins.com/images/spectrocoin-debit-card.png
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:bd49 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a805ec40fbdc7d338e64b1d1863a332c09b20e297ccdd36f9b923405e5cd773a

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-fastly-request-id: f1ee84d6f66e0d5d9f4090d2e4cfc265620aad13
date: Mon, 18 Mar 2019 18:34:24 GMT
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-cache: MISS
status: 200
content-length: 112925
x-served-by: cache-hhn1532-HHN
last-modified: Sat, 09 Mar 2019 16:08:13 GMT
server: cloudflare
x-github-request-id: 4C56:38EC:8E0A3B:BC8D5E:5C8E78B4
x-timer: S1552840885.670316,VS0,VE95
etag: "5c83e4ed-1b91d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
expires: Sat, 23 Mar 2019 18:34:24 GMT
cache-control: public, max-age=432000
accept-ranges: bytes
cf-ray: 4b994cee7c5764d5-FRA
x-cache-hits: 0

GET
H2 200 New_BDO_ATM_back.jpg
www.affordablecebu.com/pictures/articles/banking_4/ 72 KB
72 KB 181ms
112ms Image
image/jpeg 2606:4700:20::681a:8b8
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.affordablecebu.com/pictures/articles/banking_4/New_BDO_ATM_back.jpg
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:8b8 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cc522feb50e50c55b864277344b1309500b054ce0b055f9a809ba126e77d7602

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
cf-cache-status: MISS
last-modified: Tue, 03 Jul 2018 08:47:15 GMT
server: cloudflare
etag: "5b3b3813-12015"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 4b994ceeaed0c2ba-FRA
content-length: 73749
expires: Tue, 17 Mar 2020 18:34:24 GMT

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/f0CEeGjROQ4/ 185 KB
185 KB 65ms
64ms Image
image/jpeg 2a00:1450:4001:817::2016
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/f0CEeGjROQ4/maxresdefault.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:817::2016 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9cc1868c9dc4dd4ba7e65a2705ee6eb417e93812031fe54157760934fdf7fbdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
server: sffe
age: 0
etag: "1491722862"
content-type: image/jpeg
status: 200
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: https://imasdk.googleapis.com
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 189471
x-xss-protection: 1; mode=block
expires: Mon, 18 Mar 2019 20:34:24 GMT

GET
H/1.1 200
OK ARCO_Debit_MasterCard-Receipt_Showing_Unactivated_Purchase-Activation_Confirmation_EMail-Orig.jpg
www.knowzy.com/Images/ 88 KB
88 KB 609ms
161ms Image
image/jpeg 144.168.39.233
HIVELOCITY

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.knowzy.com/Images/ARCO_Debit_MasterCard-Receipt_Showing_Unactivated_Purchase-Activation_Confirmation_EMail-Orig.jpg
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: HTTP/1.1
Server: 144.168.39.233 Austin, United States, ASN54540 (INCERO-HVVC - HIVELOCITY, Inc., US),
Reverse DNS: 144-168-39-233-customer-incero.com
Software: Microsoft-IIS/8.5 /
Resource Hash: e7eac0834ee5e4858a627d323927478261826ab2e96ece57e65ffeaa6703fb37

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Mon, 18 Mar 2019 18:34:27 GMT
Last-Modified: Thu, 24 Aug 2017 06:13:40 GMT
Server: Microsoft-IIS/8.5
Accept-Ranges: bytes
ETag: "0822021a01cd31:0"
Content-Length: 90079
Content-Type: image/jpeg

GET
H2 200 maxresdefault.jpg
i.ytimg.com/vi/-6UaB4lMD4w/ 38 KB
38 KB 60ms
60ms Image
image/jpeg 2a00:1450:4001:817::2016
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/-6UaB4lMD4w/maxresdefault.jpg

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:817::2016 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4b0224633817932e09f6502b2a45653be92f3fd925686ac2caeb13dbb149291e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
server: sffe
etag: "1430927415"
content-type: image/jpeg
status: 200
cache-control: public, max-age=7200
accept-ranges: bytes
timing-allow-origin: https://imasdk.googleapis.com
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 38596
x-xss-protection: 1; mode=block
expires: Mon, 18 Mar 2019 20:34:24 GMT

GET
H/1.1 200
OK 1496360428187.png
www.usbank.com/bank-accounts/checking-accounts/debit-cards/_jcr_content/leftPar/containercomp/containercomp/textimage_1974858654_1320309054/image.img.png/ 229 KB
230 KB 57ms
56ms Image
image/png 95.100.68.182
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usbank.com/bank-accounts/checking-accounts/debit-cards/_jcr_content/leftPar/containercomp/containercomp/textimage_1974858654_1320309054/image.img.png/1496360428187.png

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

95.100.68.182 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a95-100-68-182.deploy.static.akamaitechnologies.com

Software

/ Jetty(9.2.9.v20150224), ASP.NET

Resource Hash

617f32fa644c530329738d4c17f64ca7deb827251ce9ca2b529a476d42a6aaad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff, nosnif

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff, nosnif
Last-Modified: Thu, 27 Apr 2017 19:53:43 GMT
Server
X-Powered-By: Jetty(9.2.9.v20150224), ASP.NET
Content-Type: image/png
Cache-Control: max-age=61540
Date: Mon, 18 Mar 2019 18:34:24 GMT
Connection: keep-alive
Content-Length: 234694

GET
H2 200 schwab-e1435077460536.jpg
i2.wp.com/www.uscreditcardguide.com/wp-content/uploads/2014/10/ 8 KB
8 KB 94ms
63ms Image
image/webp 192.0.77.2
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.wp.com/www.uscreditcardguide.com/wp-content/uploads/2014/10/schwab-e1435077460536.jpg?fit\u003d300%2C194\u0026ssl\u003d1

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

6c744ee44735399281e20d6dbbe82d5664104d48a47aac1016792eb9f2118897

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-nc: MISS fra 20
date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
x-bytes-saved: 7992
last-modified: Mon, 18 Mar 2019 18:34:24 GMT
server: nginx
etag: "3aab363681d53390"
vary: Accept
content-type: image/webp
status: 200
cache-control: public, max-age=63115200
link: <http://www.uscreditcardguide.com/wp-content/uploads/2014/10/schwab-e1435077460536.jpg>; rel="canonical"
content-length: 7904
expires: Thu, 18 Mar 2021 06:34:24 GMT

GET
H2 200 images
encrypted-tbn0.gstatic.com/ 6 KB
6 KB 104ms
84ms Image
image/jpeg 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTleqez9Wnv4b8igHy2wXUgvY1kBhwqYIzfX4l_HsQz9b4AMRsVUA

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:81e::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

6ad89c745186c7b235cbf25f833016066b5b78e49678506d5d03a5844af1f33a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 25 Aug 2017 11:14:39 GMT
server: sffe
access-control-allow-origin: *
content-type: image/jpeg
status: 200
cache-control: public, max-age=31536000
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 5686
x-xss-protection: 1; mode=block
expires: Tue, 17 Mar 2020 18:34:24 GMT

GET
H2 200 lock.png
5.twizer.co/assets/images/ 18 KB
18 KB 336ms
333ms Image
image/png 2606:4700:30::681b:8547
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5.twizer.co/assets/images/lock.png
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:30::681b:8547 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43

Request headers

:path: /assets/images/lock.png
pragma: no-cache
cookie: __cfduid=dbd08a21d791588a1cf1ff6078e530a921552934063
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: 5.twizer.co
referer: https://5.twizer.co/no-atm-card.html
:scheme: https
:method: GET
Referer: https://5.twizer.co/no-atm-card.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
cf-cache-status: REVALIDATED
last-modified: Thu, 20 Dec 2018 23:11:18 GMT
server: cloudflare
etag: "4614-57d7c3f7b1180"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
status: 200
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 4b994ced89719712-FRA
content-length: 17940
expires: Mon, 18 Mar 2019 22:34:24 GMT

GET
H/1.1 200
OK jquery-3.3.1.slim.min.js Show response
code.jquery.com/ 68 KB
24 KB 67ms
18ms Script
application/javascript 205.185.208.52
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.3.1.slim.min.js
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 205.185.208.52 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip052.ssl.hwcdn.net
Software: nginx /
Resource Hash: dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://5.twizer.co/no-atm-card.html
Origin: https://5.twizer.co

Response headers

Date: Mon, 18 Mar 2019 18:34:24 GMT
Content-Encoding: gzip
Last-Modified: Sat, 20 Jan 2018 17:26:44 GMT
Server: nginx
ETag: "5a637bd4-1111d"
Vary: Accept-Encoding
X-HW: 1552934064.dop007.pa1.shc,1552934064.dop007.pa1.t,1552934064.cds032.pa1.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 24038

GET
H2 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/ 20 KB
7 KB 16ms
16ms Script
application/javascript 2606:4700::6813:c597
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.3/umd/popper.min.js

Requested by

Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:c597 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://5.twizer.co/no-atm-card.html
Origin: https://5.twizer.co

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
content-encoding: br
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
last-modified: Thu, 17 May 2018 09:25:14 GMT
server: cloudflare
etag: W/"5afd4a7a-4f71"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
expires: Sat, 07 Mar 2020 18:34:24 GMT
cache-control: public, max-age=30672000
cf-ray: 4b994ced7c6597ce-FRA
served-in-seconds: 0.001

GET
H2 200 bootstrap.min.js Show response
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
14 KB 30ms
18ms Script
text/javascript 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Requested by: Host: 5.twizer.co
URL: https://5.twizer.co/no-atm-card.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://5.twizer.co/no-atm-card.html
Origin: https://5.twizer.co

Response headers

date: Mon, 18 Mar 2019 18:34:24 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:33:54 GMT
access-control-allow-origin: *
etag: "1544639634"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript; charset=utf-8
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 14090

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Banking (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.twizer.co/	1970-01-19 08:07:50	Name: __cfduid Value: dbd08a21d791588a1cf1ff6078e530a921552934063

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
5.twizer.co
cdnjs.cloudflare.com
code.jquery.com
encrypted-tbn0.gstatic.com
i.ytimg.com
i2.wp.com
stackpath.bootstrapcdn.com
taxback-usa-atm-card-1.ssl443.net
uquid.com
usa.visa.com
www.affordablecebu.com
www.bhatt.id.au
www.knowzy.com
www.nerdwallet.com
www.ocbc.com
www.serve.com
www.usbank.com
www.weusecoins.com
104.111.226.20
143.204.214.100
144.168.39.233
192.0.77.2
193.105.145.148
205.185.208.52
209.197.3.15
23.43.115.47
2606:4700:20::681a:8b8
2606:4700:30::681b:8547
2606:4700:30::681b:bd49
2606:4700:30::681c:1e32
2606:4700:30::681c:1f32
2606:4700::6813:c597
2a00:1450:4001:817::2016
2a00:1450:4001:819::2001
2a00:1450:4001:81e::200e
2a02:fe80:1010::4:7
45.60.13.91
95.100.68.182
087f50849fdafacc4e07a040c91504c80bc259572ccf18b5aa295e0b4aa387aa
111ab2118eeac10488fc7571a2aca2242f088edc3de2e78b5d62d83fdea374bd
2c673053c5d632573d9ec21ec84537ab9b4686d816aa72336c4f37a4cfc06631
4b0224633817932e09f6502b2a45653be92f3fd925686ac2caeb13dbb149291e
525b919b55b89e589483ee1f375ed9f441fd122c7484dbc142548e1932f96135
5300550742c5850fcb90ac3fdcf39ffbffa31516b613ad8c25622256b685e1ee
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
590f387b0eb98f9507c0697fc62872b8f4047201e2daa1c4dd3169fdc5614d43
617f32fa644c530329738d4c17f64ca7deb827251ce9ca2b529a476d42a6aaad
64231c6f6bfca422503957bfbe192e109e1bd4224f6473fd1e59cc999cc510b8
6ad89c745186c7b235cbf25f833016066b5b78e49678506d5d03a5844af1f33a
6c744ee44735399281e20d6dbbe82d5664104d48a47aac1016792eb9f2118897
6e8aaee14e6817dbeb2d9de124830edf94b864cf6a80fd4fb07456526f4a8ba0
7425d5e516d348f364079c56b6757ebadc21a511fba89d94baf0207656063fbc
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
82e8e94c4c96f3bd05b711799fb6202662042f93eb2b50bffa87e4a38910b0c7
8f465da2b482953a1448b5e6b49ee1230b0c2b29495fae842c01c1f841bb8b6f
991f3bd0199d558e2f7b3ecc961ef0589d64ce9b141c753e5bc80e4514917ca7
9b9373b30576e4d9e813436eb154709a3597050dbe5c4014b553ce7b5c8e81be
9cc1868c9dc4dd4ba7e65a2705ee6eb417e93812031fe54157760934fdf7fbdc
a805ec40fbdc7d338e64b1d1863a332c09b20e297ccdd36f9b923405e5cd773a
cc522feb50e50c55b864277344b1309500b054ce0b055f9a809ba126e77d7602
dde76b9b2b90d30eb97fc81f06caa8c338c97b688cea7d2729c88f529f32fbb1
e7eac0834ee5e4858a627d323927478261826ab2e96ece57e65ffeaa6703fb37
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

5.twizer.co Open in urlscan Pro 2606:4700:30::681b:8547 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

25 Requests

96 %HTTPS

50 %IPv6

19 Domains

19 Subdomains

19 IPs

5 Countries

1292 kBTransfer

1521 kBSize

1 Cookies

0 Outgoing links

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Indicators

5.twizer.co Open in urlscan Pro
2606:4700:30::681b:8547 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

96 %
HTTPS

50 %
IPv6

19
Domains

19
Subdomains

19
IPs

5
Countries

1292 kB
Transfer

1521 kB
Size

1
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!