na-citiprepaid-salaryatsea.tk Open in urlscan Pro
2606:4700:30::6818:6ce1 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://na-citiprepaid-salaryatsea.tk/
Submission: On April 17 via automatic, source certstream-suspicious (April 17th 2019, 6:58:06 pm UTC)

Summary HTTP 40 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 40 HTTP transactions. The main IP is 2606:4700:30::6818:6ce1, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is na-citiprepaid-salaryatsea.tk.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on April 17th 2019. Valid for: a year.

This is the only time na-citiprepaid-salaryatsea.tk was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Northlane (Financial)

Domain & IP information

	IP Address	AS Autonomous System
21	2606:4700:30:... 2606:4700:30::6818:6ce1	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
16	204.141.49.30 204.141.49.30	2914 (NTT-COMMU...) (NTT-COMMUNICATIONS-2914 - NTT America)
1	2606:4700:10:... 2606:4700:10::6814:432e	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
40	5

21 2606:4700:30::6818:6ce1 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

na-citiprepaid-salaryatsea.tk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 204.141.49.30 (Englewood, United States)

ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US)

login.wirecard.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:432e (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.000webhost.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	na-citiprepaid-salaryatsea.tk na-citiprepaid-salaryatsea.tk	35 KB
16	wirecard.com login.wirecard.com	103 KB
1	000webhost.com cdn.000webhost.com	2 KB
1	googletagmanager.com www.googletagmanager.com	24 KB
40	4

	Domain	Requested by
21	na-citiprepaid-salaryatsea.tk	na-citiprepaid-salaryatsea.tk
16	login.wirecard.com	na-citiprepaid-salaryatsea.tk
1	cdn.000webhost.com	na-citiprepaid-salaryatsea.tk
1	www.googletagmanager.com	na-citiprepaid-salaryatsea.tk
40	4

This site contains links to these domains. Also see Links.

Domain
login.wirecard.com
www.wirecard.us
www.000webhost.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2019-04-17` - `2020-04-17`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
www.login.wirecard.com DigiCert Global CA G2	`2019-01-25` - `2021-01-25`	2 years	crt.sh
*.000webhost.com COMODO RSA Domain Validation Secure Server CA	`2018-10-19` - `2020-12-17`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://na-citiprepaid-salaryatsea.tk/
Frame ID: A66689EE6B1AEB6F4A718A74632D4496
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /cloudflare/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

List.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^List$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery.*\.js/i
env /^jQuery$/i

Page Statistics

40
Requests

98 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

164 kB
Transfer

326 kB
Size

1
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://login.wirecard.com/xContent/content/op/program/privacy_cookies.html
Title: Privacy and Cookie Policy

Search URL Search Domain Scan URL

URL: https://www.wirecard.us/

Search URL Search Domain Scan URL

URL: https://www.000webhost.com/?utm_source=000webhostapp&utm_campaign=000_logo&utm_medium=website&utm_content=footer_img

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
na-citiprepaid-salaryatsea.tk/ 34 KB
7 KB 354ms
322ms Document
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b40531ff429a80ddf433ab5ae55c0c7e152a0e4aa78f0f2b02c4b0e0fc78c9d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: na-citiprepaid-salaryatsea.tk
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
date: Wed, 17 Apr 2019 18:57:50 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469; expires=Thu, 16-Apr-20 18:57:49 GMT; path=/; domain=.na-citiprepaid-salaryatsea.tk; HttpOnly
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-request-id: 068c1ce80c51ca7ca9219aa72686a2df
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4c90a07eff0a96e2-FRA
content-encoding: br

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 63 KB
24 KB 21ms
17ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GA_TRACKING_ID

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:808::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

cf021325ea664dbbb89407d59735733e0519b95344dcd8f791f0a254002423a9

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 24715
x-xss-protection: 0
expires: Wed, 17 Apr 2019 18:57:50 GMT

GET
H/1.1 200
OK jquery-new.js Show response
login.wirecard.com/xContent/content/op/j/ 85 KB
30 KB 644ms
140ms Script
application/javascript 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/j/jquery-new.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 22 May 2017 08:17:42 GMT
Server: Microsoft-IIS/8.5
ETag: "01713e2d3d2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 30217

GET
H/1.1 200
OK sw.css
login.wirecard.com/xContent/content/op/c/ 40 KB
9 KB 555ms
139ms Stylesheet
text/css 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/c/sw.css

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

2370732a156a968661f91dfba46adc245ea58cfdc93bc05c45a0e196872cb3b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 25 Apr 2018 15:35:58 GMT
Server: Microsoft-IIS/8.5
ETag: "0c3551babdcd31:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 9000

GET
H/1.1 200
OK partner.css
login.wirecard.com/xContent/content/op/c/ 6 KB
2 KB 592ms
138ms Stylesheet
text/css 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/c/partner.css

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

69f5a1490b99d6b6ad09b80da45e4f5d6590a02062ff81b3babdd75de05271f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 21 Mar 2017 15:45:18 GMT
Server: Microsoft-IIS/8.5
ETag: "0fbe2235aa2d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1623

GET
H/1.1 200
OK niftycube.js Show response
login.wirecard.com/xContent/content/op/j/ 9 KB
3 KB 797ms
239ms Script
application/javascript 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/j/niftycube.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

1b878d72995050c82973b146fee4642c234e396c0c57e2467e8e26f7215bde8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:46:02 GMT
Server: Microsoft-IIS/8.5
ETag: "09e5392138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2779

GET
H/1.1 200
OK niftyLayout.js Show response
login.wirecard.com/xContent/content/op/j/ 474 B
771 B 702ms
144ms Script
application/javascript 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/j/niftyLayout.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

d77628d93eb16fa2fcf16e51d21d6815c85d96ba8120edfbd2876afe8016da3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:46:02 GMT
Server: Microsoft-IIS/8.5
ETag: "09e5392138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 474

GET
H/1.1 200
OK layers.js Show response
login.wirecard.com/xContent/content/op/j/ 6 KB
1 KB 656ms
98ms Script
application/javascript 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/j/layers.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

4deea112d4fa663b5ac8f9758746409d57b7ddeea89323fd175d1aa5f8a667fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:46:02 GMT
Server: Microsoft-IIS/8.5
ETag: "09e5392138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 1142

GET
H/1.1 200
OK switch.js Show response
login.wirecard.com/xContent/content/op/j/ 701 B
998 B 797ms
235ms Script
application/javascript 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to

Full URL

https://login.wirecard.com/xContent/content/op/j/switch.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

b855be742958956f4ecee4bc3dc06920b51a468729e65ca7930509254112e61e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:46:02 GMT
Server: Microsoft-IIS/8.5
ETag: "09e5392138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 701

GET
H2 404 tokenprocessor.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 322ms
320ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/tokenprocessor.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/tokenprocessor.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0811aa996e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 87663fcc998127c4b32867b922d64c9f
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H2 404 commonva.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 322ms
321ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/commonva.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/commonva.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0811aac96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: c2840db581cdd6ef5e9992f736b935d4
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H2 404 default-partner.gif
na-citiprepaid-salaryatsea.tk/ 14 KB
14 KB 351ms
350ms Image
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://na-citiprepaid-salaryatsea.tk/default-partner.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

627c2fd168c193d82811b4247102557da92730def9b89cf66f8b2b050bd2b6e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /default-partner.gif
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0811aae96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 9d510ece536afa76cd8236e02f252c91
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H/1.1 200
OK default-cards.gif
login.wirecard.com/xContent/content/op/i/ 38 KB
38 KB 102ms
100ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/default-cards.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

947d74d1edc23b9c5c33b661c03d9f106a96554ff64e032b4010b2b1c68d3604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 28 Feb 2017 21:24:40 GMT
Server: Microsoft-IIS/8.5
ETag: "0dce811992d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 38648

GET
H2 404 AC_OETags.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 355ms
354ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/AC_OETags.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/AC_OETags.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0812ae096e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 871208126ea4f3e6de379248873c5b86
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H2 404 security.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 355ms
355ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/security.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/security.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0834ee396e2-FRA
x-xss-protection: 1; mode=block
x-request-id: a2b8f04b4b5cdde981902839c6b20f11
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H2 404 hashtable.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 323ms
323ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/hashtable.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/hashtable.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:50 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0836f1c96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: c6812097b1c8b0366fdaa2655c0a2f5b
expires: Wed, 17 Apr 2019 22:57:50 GMT

GET
H2 404 rsa.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 376ms
375ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/rsa.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/rsa.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0856b1196e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 5ae175241e7da09a8a99b4889d8e5687
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 common.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 357ms
357ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/common.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/common.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0857b2496e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 848206389c65aebbf50b6cae5915228b
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H/1.1 200
OK card-exp.gif
login.wirecard.com/xContent/content/op/i/ 9 KB
9 KB 249ms
247ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/card-exp.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

c0dba0a57004561ffc4ac16a986f01a3df1dbfa7181f2c3e0c8c4e33993218ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:45:56 GMT
Server: Microsoft-IIS/8.5
ETag: "08251362138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 8777

GET
H2 404 simpleCaptcha.png
na-citiprepaid-salaryatsea.tk/ 14 KB
14 KB 371ms
368ms Image
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://na-citiprepaid-salaryatsea.tk/simpleCaptcha.png

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

627c2fd168c193d82811b4247102557da92730def9b89cf66f8b2b050bd2b6e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /simpleCaptcha.png
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: MISS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a086cda496e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 0c50eb1b41e2bc091423184cea070dbc
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H/1.1 200
OK refresh.png
login.wirecard.com/xContent/content/op/i/ 832 B
1 KB 176ms
175ms Image
image/png 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/refresh.png

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

29bd1c38eac0fe866ac0d9ecf82beb2733a74a567c04ffaab3dc069644b59590

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 18 Sep 2012 11:01:42 GMT
Server: Microsoft-IIS/8.5
ETag: "0af8fc8c95cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 832

GET
H/1.1 200
OK login-new.gif
login.wirecard.com/xContent/content/op/i/ 1 KB
2 KB 100ms
98ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/login-new.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

b07f051617d90d44328457b84da2e10f7e8ee49ac31685e99c184524cf7a4473

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Jan 2017 22:03:12 GMT
Server: Microsoft-IIS/8.5
ETag: "0d0dbfd6873d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1358

GET
H/1.1 200
OK login-fast.gif
login.wirecard.com/xContent/content/op/i/ 1 KB
2 KB 103ms
101ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/login-fast.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

7d49eca3b8d462e084a216b0db4eaf99f30750e361bc2c731f9dccb4233f6707

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Jan 2017 20:32:50 GMT
Server: Microsoft-IIS/8.5
ETag: "045185e5c73d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1408

GET
H/1.1 200
OK user.gif
login.wirecard.com/xContent/content/op/i/ 81 B
365 B 103ms
102ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/user.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

3933dbae00516a2490e3cae73851a9c78c0032003ca0afe8eb77783271969506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 16 May 2016 19:28:24 GMT
Server: Microsoft-IIS/8.5
ETag: "0bceb1ca9afd11:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 81

GET
H/1.1 200
OK login-reward.gif
login.wirecard.com/xContent/content/op/i/ 1 KB
2 KB 99ms
99ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/login-reward.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

8fe86683b6cb60c2a00a65fd4eb014208471c8018f53300301c72da21da2f95c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 20 Jan 2017 22:08:50 GMT
Server: Microsoft-IIS/8.5
ETag: "08552c76973d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 1385

GET
H2 200 footer-powered-by-000webhost-white2.png
cdn.000webhost.com/000webhost/logo/ 2 KB
2 KB 49ms
18ms Image
image/webp 2606:4700:10::6814:432e
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.000webhost.com/000webhost/logo/footer-powered-by-000webhost-white2.png
Requested by: Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6814:432e , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5

Request headers

Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
cf-cache-status: HIT
cf-polished: origFmt=png, origSize=2046
status: 200
content-disposition: inline; filename="footer-powered-by-000webhost-white2.webp"
cf-bgj: imgq:100
x-hostinger-datacenter: srv
content-length: 1696
last-modified: Wed, 17 Apr 2019 08:30:22 GMT
server: cloudflare
etag: "5cb6e41e-7fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
cache-control: public, max-age=14400
x-hostinger-node: nl-srv-cdn1
accept-ranges: bytes
cf-ray: 4c90a086fedd96e8-FRA
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET print.css
na-citiprepaid-salaryatsea.tk/ 0
0

GET
H2 404 tokenprocessor.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 13ms
13ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/tokenprocessor.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/tokenprocessor.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a086ad4d96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 87663fcc998127c4b32867b922d64c9f
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 commonva.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 11ms
10ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/commonva.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/commonva.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a086bd7d96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: c2840db581cdd6ef5e9992f736b935d4
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 AC_OETags.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 12ms
11ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/AC_OETags.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/AC_OETags.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a086ddbe96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 871208126ea4f3e6de379248873c5b86
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H/1.1 200
OK bg-communication.gif
login.wirecard.com/xContent/content/op/i/ 100 B
385 B 177ms
97ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/bg-communication.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

133ffba3c6d5383813eeabf52b44c086aa10424d60ae15f3fd5952972cb0b904

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://login.wirecard.com/xContent/content/op/c/sw.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 May 2012 13:45:58 GMT
Server: Microsoft-IIS/8.5
ETag: "0af82372138cd1:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 100

GET
H2 404 security.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 11ms
10ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/security.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/security.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a086fddf96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: a2b8f04b4b5cdde981902839c6b20f11
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 hashtable.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 12ms
12ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/hashtable.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/hashtable.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0870e0096e2-FRA
x-xss-protection: 1; mode=block
x-request-id: c6812097b1c8b0366fdaa2655c0a2f5b
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 common.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 11ms
11ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/common.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/common.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a087cf1296e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 848206389c65aebbf50b6cae5915228b
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 hashtable.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 16ms
16ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/hashtable.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/hashtable.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a087df3496e2-FRA
x-xss-protection: 1; mode=block
x-request-id: c6812097b1c8b0366fdaa2655c0a2f5b
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 rsa.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 16ms
15ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/rsa.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/rsa.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0880f6f96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 5ae175241e7da09a8a99b4889d8e5687
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 AC_OETags.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 11ms
11ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/AC_OETags.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/AC_OETags.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0881f8c96e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 871208126ea4f3e6de379248873c5b86
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 security.js
na-citiprepaid-salaryatsea.tk/scripts/js/security/ 0
0 10ms
10ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/security/security.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/security/security.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0882fa296e2-FRA
x-xss-protection: 1; mode=block
x-request-id: a2b8f04b4b5cdde981902839c6b20f11
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H2 404 common.js
na-citiprepaid-salaryatsea.tk/scripts/js/common/ 0
0 11ms
10ms Script
text/html 2606:4700:30::6818:6ce1
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://na-citiprepaid-salaryatsea.tk/scripts/js/common/common.js

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::6818:6ce1 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /scripts/js/common/common.js
pragma: no-cache
cookie: __cfduid=d5c34d7f139211fd32730e1a982bf8a831555527469
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: na-citiprepaid-salaryatsea.tk
referer: https://na-citiprepaid-salaryatsea.tk/
:scheme: https
:method: GET
Referer: https://na-citiprepaid-salaryatsea.tk/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Wed, 17 Apr 2019 18:57:51 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
status: 404
cache-control: public, max-age=14400
cf-ray: 4c90a0884fc496e2-FRA
x-xss-protection: 1; mode=block
x-request-id: 848206389c65aebbf50b6cae5915228b
expires: Wed, 17 Apr 2019 22:57:51 GMT

GET
H/1.1 200
OK default-footer.gif
login.wirecard.com/xContent/content/op/i/ 2 KB
3 KB 106ms
106ms Image
image/gif 204.141.49.30
NTT America

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://login.wirecard.com/xContent/content/op/i/default-footer.gif

Requested by

Host: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

204.141.49.30 Englewood, United States, ASN2914 (NTT-COMMUNICATIONS-2914 - NTT America, Inc., US),

Reverse DNS

Software

Microsoft-IIS/8.5 /

Resource Hash

1760462baef734bd33fc41b1c4da2d7f9601eaa0e859451536ad80d3e0815f51

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://login.wirecard.com/xContent/content/op/c/sw.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Wed, 17 Apr 2019 18:57:50 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 07 Dec 2016 21:33:20 GMT
Server: Microsoft-IIS/8.5
ETag: "0509187d150d21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/gif
Accept-Ranges: bytes
Content-Length: 2405

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: na-citiprepaid-salaryatsea.tk
URL: https://na-citiprepaid-salaryatsea.tk/print.css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Northlane (Financial)

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.na-citiprepaid-salaryatsea.tk/	1970-01-19 08:51:03	Name: __cfduid Value: d5c34d7f139211fd32730e1a982bf8a831555527469

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.000webhost.com
login.wirecard.com
na-citiprepaid-salaryatsea.tk
www.googletagmanager.com
na-citiprepaid-salaryatsea.tk
204.141.49.30
2606:4700:10::6814:432e
2606:4700:30::6818:6ce1
2a00:1450:4001:808::2008
133ffba3c6d5383813eeabf52b44c086aa10424d60ae15f3fd5952972cb0b904
1760462baef734bd33fc41b1c4da2d7f9601eaa0e859451536ad80d3e0815f51
1b878d72995050c82973b146fee4642c234e396c0c57e2467e8e26f7215bde8f
2370732a156a968661f91dfba46adc245ea58cfdc93bc05c45a0e196872cb3b3
29bd1c38eac0fe866ac0d9ecf82beb2733a74a567c04ffaab3dc069644b59590
3933dbae00516a2490e3cae73851a9c78c0032003ca0afe8eb77783271969506
4deea112d4fa663b5ac8f9758746409d57b7ddeea89323fd175d1aa5f8a667fd
627c2fd168c193d82811b4247102557da92730def9b89cf66f8b2b050bd2b6e5
69f5a1490b99d6b6ad09b80da45e4f5d6590a02062ff81b3babdd75de05271f5
7d49eca3b8d462e084a216b0db4eaf99f30750e361bc2c731f9dccb4233f6707
86f2673ec74a632865109a76b2232f4f5b3587daa219e07a17ef1d9c76a0fda5
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
8fe86683b6cb60c2a00a65fd4eb014208471c8018f53300301c72da21da2f95c
947d74d1edc23b9c5c33b661c03d9f106a96554ff64e032b4010b2b1c68d3604
b07f051617d90d44328457b84da2e10f7e8ee49ac31685e99c184524cf7a4473
b40531ff429a80ddf433ab5ae55c0c7e152a0e4aa78f0f2b02c4b0e0fc78c9d7
b855be742958956f4ecee4bc3dc06920b51a468729e65ca7930509254112e61e
c0dba0a57004561ffc4ac16a986f01a3df1dbfa7181f2c3e0c8c4e33993218ed
cf021325ea664dbbb89407d59735733e0519b95344dcd8f791f0a254002423a9
d77628d93eb16fa2fcf16e51d21d6815c85d96ba8120edfbd2876afe8016da3c

na-citiprepaid-salaryatsea.tk Open in urlscan Pro 2606:4700:30::6818:6ce1 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

40 Requests

98 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

164 kBTransfer

326 kBSize

1 Cookies

3 Outgoing links

Redirected requests

40 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

na-citiprepaid-salaryatsea.tk Open in urlscan Pro
2606:4700:30::6818:6ce1 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

40
Requests

98 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

164 kB
Transfer

326 kB
Size

1
Cookies

40 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!