www.nexi-accountcliente.it Open in urlscan Pro
89.46.107.26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://134.209.181.152/index1.php
Effective URL:
https://www.nexi-accountcliente.it/servizio/
Submission: On June 03 via manual (June 3rd 2020, 7:50:13 am UTC) from IT

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 89.46.107.26, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.nexi-accountcliente.it.
TLS certificate: Issued by Actalis Domain Validation Server CA G2 on June 1st 2020. Valid for: a year.

This is the only time www.nexi-accountcliente.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	134.209.181.152 134.209.181.152	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 11	89.46.107.26 89.46.107.26	31034 (ARUBA-ASN) (ARUBA-ASN)
2	151.99.162.64 151.99.162.64	3269 (ASN-IBSNAZ) (ASN-IBSNAZ)
13	3

1 134.209.181.152 (London, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)

134.209.181.152	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 89.46.107.26 (Arezzo, Italy) 1 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: webx1223.aruba.it

nexi-accountcliente.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nexi-accountcliente.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.99.162.64 (Italy)

ASN3269 (ASN-IBSNAZ, IT)

nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	nexi-accountcliente.it 1 redirects nexi-accountcliente.it www.nexi-accountcliente.it	138 KB
2	nexi.it nexi.it www.nexi.it	1 MB
13	2

	Domain	Requested by
10	www.nexi-accountcliente.it	www.nexi-accountcliente.it
1	www.nexi.it	www.nexi-accountcliente.it
1	nexi.it	www.nexi-accountcliente.it
1	nexi-accountcliente.it	1 redirects
13	4

This site contains no links.

Subject Issuer	Validity	Valid
*.nexi-accountcliente.it Actalis Domain Validation Server CA G2	`2020-06-01` - `2021-06-01`	a year	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2019-12-18` - `2020-06-24`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.nexi-accountcliente.it/servizio/
Frame ID: FE70647E7C75ED30643C461AB676F594
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://134.209.181.152/index1.php Page URL
https://nexi-accountcliente.it/servizio/ HTTP 301
https://www.nexi-accountcliente.it/servizio/ Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Ubuntu (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Ubuntu/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

1504 kB
Transfer

2173 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://134.209.181.152/index1.php Page URL
https://nexi-accountcliente.it/servizio/ HTTP 301
https://www.nexi-accountcliente.it/servizio/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	index1.php Show response 134.209.181.152/	122 B 381 B	124ms 92ms	Document text/html	134.209.181.152 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL http://134.209.181.152/index1.php Protocol HTTP/1.1 Server 134.209.181.152 London, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software Apache/2.4.29 (Ubuntu) / Resource Hash `bdc6006dabb8772de35790d1279b248e9ee16b6d11b23f8700042f9425d28d9e` Request headers Host 134.209.181.152 Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 03 Jun 2020 07:49:35 GMT Server Apache/2.4.29 (Ubuntu) Last-Modified Tue, 02 Jun 2020 01:01:25 GMT ETag "7a-5a70f73574340" Accept-Ranges bytes Content-Length 122 Keep-Alive timeout=5, max=100 Connection Keep-Alive
GET H2	200	Primary Request / Show response www.nexi-accountcliente.it/servizio/ Redirect Chain https://nexi-accountcliente.it/servizio/ https://www.nexi-accountcliente.it/servizio/	9 KB 3 KB	135ms 92ms	Document text/html	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `b417489f23cc7df7637f54c6d41aeaf2798b2e795471ee65c5805285d18fc1d8` Request headers :method GET :authority www.nexi-accountcliente.it :scheme https :path /servizio/ pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site cross-site sec-fetch-mode navigate sec-fetch-dest document referer http://134.209.181.152/index1.php accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://134.209.181.152/index1.php Response headers status 200 server aruba-proxy date Wed, 03 Jun 2020 07:49:36 GMT content-type text/html vary Accept-Encoding x-servername ipvsproxy111.ad.aruba.it content-encoding gzip Redirect headers status 301 server aruba-proxy date Wed, 03 Jun 2020 07:49:35 GMT content-type text/html location https://www.nexi-accountcliente.it/servizio/ x-servername ipvsproxy111.ad.aruba.it
GET H/1.1	200 OK	style.css nexi.it/etc/designs/nexi/clientlib-node/	555 KB 103 KB	474ms 190ms	Stylesheet text/css	151.99.162.64 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Full URL https://nexi.it/etc/designs/nexi/clientlib-node/style.css Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 151.99.162.64 , Italy, ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash `54466dfe7a775e83a59173a3dddd4f3b4389018346c98d1cb6b73638d0c89a8f` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 03 Jun 2020 07:49:36 GMT Content-Encoding gzip Last-Modified Wed, 06 May 2020 12:42:16 GMT ETag "8aa56-5a4fa1811d665-gzip" Vary Accept-Encoding Access-Control-Allow-Methods GET, HEAD P3P policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT" Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Content-Type text/css Keep-Alive timeout=5, max=95
GET H2	200	style.css www.nexi-accountcliente.it/servizio/LogNexi_files/	220 KB 33 KB	101ms 100ms	Stylesheet text/css	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/style.css Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `1b09ba179e71a03e07515234958e24211d657d38eee4aa0b74e604c05d6afc3d` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip last-modified Tue, 02 Jun 2020 00:14:29 GMT server aruba-proxy etag W/"37088-5a70ecb8ce0bf" vary Accept-Encoding content-type text/css status 200
GET H2	200	eva1.css www.nexi-accountcliente.it/servizio/LogNexi_files/	14 KB 3 KB	95ms 95ms	Stylesheet text/css	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/eva1.css Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `131f0c09495af402c878938ec20d55682580642bcbde1d56c6442603760d5a53` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip last-modified Tue, 02 Jun 2020 00:14:29 GMT server aruba-proxy etag W/"3765-5a70ecb889342" vary Accept-Encoding content-type text/css status 200
GET H2	200	logo--light-double.svg www.nexi-accountcliente.it/servizio/LogNexi_files/	1 KB 979 B	99ms 97ms	Image image/svg+xml	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/logo--light-double.svg Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip last-modified Tue, 02 Jun 2020 00:14:29 GMT server aruba-proxy etag W/"5c4-5a70ecb8c6b6b" vary Accept-Encoding content-type image/svg+xml status 200
GET H2	200	app_store.svg www.nexi-accountcliente.it/servizio/LogNexi_files/	15 KB 7 KB	106ms 104ms	Image image/svg+xml	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/app_store.svg Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip last-modified Tue, 02 Jun 2020 00:14:29 GMT server aruba-proxy etag W/"3dc8-5a70ecb88839e" vary Accept-Encoding content-type image/svg+xml status 200
GET H2	200	google_play.svg www.nexi-accountcliente.it/servizio/LogNexi_files/	25 KB 19 KB	201ms 199ms	Image image/svg+xml	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/google_play.svg Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip last-modified Tue, 02 Jun 2020 00:14:29 GMT server aruba-proxy etag W/"62ff-5a70ecb88f511" vary Accept-Encoding content-type image/svg+xml status 200
GET H2	404	icon-blocked.svg www.nexi-accountcliente.it/servizio/LogNexi_files/	196 B 196 B	192ms 191ms	Image text/html	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/icon-blocked.svg Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 404 date Wed, 03 Jun 2020 07:49:36 GMT content-encoding gzip server aruba-proxy vary Accept-Encoding content-type text/html; charset=iso-8859-1
GET H/1.1	200 OK	placeholder_login_portale_privati.png www.nexi.it//content/dam/nexi/new-login-2019/img/	1 MB 1 MB	368ms 84ms	Image image/png	151.99.162.64 ASN-IBSNAZ
General Check archive.org Show headers Download Go to Show image Full URL https://www.nexi.it//content/dam/nexi/new-login-2019/img/placeholder_login_portale_privati.png Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 151.99.162.64 , Italy, ASN3269 (ASN-IBSNAZ, IT), Reverse DNS Software / Resource Hash `861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b` Request headers Referer https://www.nexi-accountcliente.it/servizio/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Wed, 03 Jun 2020 07:49:36 GMT Last-Modified Wed, 06 May 2020 12:41:22 GMT ETag "13b53f-5a4fa14e2d389" Access-Control-Allow-Methods GET, HEAD P3P policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT" Connection Keep-Alive Accept-Ranges bytes Content-Type image/png Keep-Alive timeout=5, max=90 Content-Length 1291583
GET H2	200	karbon-medium-webfont.woff www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/	24 KB 25 KB	101ms 100ms	Font font/woff	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/karbon-medium-webfont.woff Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.nexi-accountcliente.it/servizio/LogNexi_files/style.css Origin https://www.nexi-accountcliente.it Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT last-modified Tue, 02 Jun 2020 00:14:31 GMT server aruba-proxy etag "617c-5a70ecba9329c" content-type font/woff status 200 accept-ranges bytes content-length 24956
GET H2	200	karbon-regular-webfont.woff www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/	24 KB 24 KB	101ms 100ms	Font font/woff	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/karbon-regular-webfont.woff Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.nexi-accountcliente.it/servizio/LogNexi_files/style.css Origin https://www.nexi-accountcliente.it Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT last-modified Tue, 02 Jun 2020 00:14:31 GMT server aruba-proxy etag "5ef4-5a70ecba94620" content-type font/woff status 200 accept-ranges bytes content-length 24308
GET H2	200	karbon-semibold-webfont.woff www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/	24 KB 25 KB	200ms 200ms	Font font/woff	89.46.107.26 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.nexi-accountcliente.it/servizio/LogNexi_files/fonts/karbon-semibold-webfont.woff Requested by Host: www.nexi-accountcliente.it URL: https://www.nexi-accountcliente.it/servizio/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 89.46.107.26 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1223.aruba.it Software aruba-proxy / Resource Hash `0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://www.nexi-accountcliente.it/servizio/LogNexi_files/style.css Origin https://www.nexi-accountcliente.it Response headers x-servername ipvsproxy111.ad.aruba.it date Wed, 03 Jun 2020 07:49:36 GMT last-modified Tue, 02 Jun 2020 00:14:31 GMT server aruba-proxy etag "61c8-5a70ecba95605" content-type font/woff status 200 accept-ranges bytes content-length 25032

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nexi-accountcliente.it
nexi.it
www.nexi-accountcliente.it
www.nexi.it
134.209.181.152
151.99.162.64
89.46.107.26
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
131f0c09495af402c878938ec20d55682580642bcbde1d56c6442603760d5a53
1b09ba179e71a03e07515234958e24211d657d38eee4aa0b74e604c05d6afc3d
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
54466dfe7a775e83a59173a3dddd4f3b4389018346c98d1cb6b73638d0c89a8f
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
b417489f23cc7df7637f54c6d41aeaf2798b2e795471ee65c5805285d18fc1d8
bdc6006dabb8772de35790d1279b248e9ee16b6d11b23f8700042f9425d28d9e
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

www.nexi-accountcliente.it Open in urlscan Pro 89.46.107.26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

92 %HTTPS

0 %IPv6

2 Domains

4 Subdomains

3 IPs

2 Countries

1504 kBTransfer

2173 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

Indicators

www.nexi-accountcliente.it Open in urlscan Pro
89.46.107.26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

92 %
HTTPS

0 %
IPv6

2
Domains

4
Subdomains

3
IPs

2
Countries

1504 kB
Transfer

2173 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!