n3plcpnl0262.prod.ams3.secureserver.net
Open in
urlscan Pro
160.153.155.18
Malicious Activity!
Public Scan
Submission: On February 06 via automatic, source openphish
Summary
TLS certificate: Issued by Starfield Secure Certificate Authorit... on April 16th 2018. Valid for: 2 years.
This is the only time n3plcpnl0262.prod.ams3.secureserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 160.153.155.18 160.153.155.18 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:821::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 37.157.6.246 37.157.6.246 | 198622 (ADFORM) (ADFORM) | |
2 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 147.75.205.43 147.75.205.43 | 54825 (PACKET) (PACKET - Packet Host) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 147.75.80.178 147.75.80.178 | 54825 (PACKET) (PACKET - Packet Host) | |
3 | 185.198.116.51 185.198.116.51 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
1 | 151.99.162.64 151.99.162.64 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
16 | 10 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: n3plcpnl0262.prod.ams3.secureserver.net
n3plcpnl0262.prod.ams3.secureserver.net |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-31
static.hotjar.com |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-25
script.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
nexi.it
privati.nexi.it www.nexi.it |
15 KB |
3 |
hotjar.com
static.hotjar.com script.hotjar.com |
166 KB |
3 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
39 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
2 |
secureserver.net
n3plcpnl0262.prod.ams3.secureserver.net |
82 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
46 KB |
1 |
adform.net
track.adform.net |
30 KB |
16 | 7 |
Domain | Requested by | |
---|---|---|
3 | privati.nexi.it |
n3plcpnl0262.prod.ams3.secureserver.net
|
2 | script.hotjar.com |
n3plcpnl0262.prod.ams3.secureserver.net
static.hotjar.com |
2 | ajax.googleapis.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
2 | www.google-analytics.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
2 | n3plcpnl0262.prod.ams3.secureserver.net |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | www.nexi.it |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | fonts.googleapis.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | static.hotjar.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | www.googletagmanager.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | track.adform.net |
n3plcpnl0262.prod.ams3.secureserver.net
|
16 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.prod.ams3.secureserver.net Starfield Secure Certificate Authority - G2 |
2018-04-16 - 2020-04-16 |
2 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-01-15 - 2019-04-09 |
3 months | crt.sh |
track.adform.net DigiCert SHA2 Secure Server CA |
2018-02-02 - 2019-10-02 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2019-01-15 - 2019-04-09 |
3 months | crt.sh |
static.hotjar.com Let's Encrypt Authority X3 |
2018-12-10 - 2019-03-10 |
3 months | crt.sh |
script.hotjar.com Let's Encrypt Authority X3 |
2018-12-10 - 2019-03-10 |
3 months | crt.sh |
privati.nexi.it DigiCert SHA2 Extended Validation Server CA |
2018-06-18 - 2019-06-19 |
a year | crt.sh |
www.nexi.it DigiCert SHA2 Extended Validation Server CA |
2018-06-25 - 2019-06-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/card.php
Frame ID: 293147EA793D07B9EFDFD309550D9496
Requests: 16 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
- script /googleapis\.com\/.+webfont/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
Hotjar (Analytics) Expand
Detected patterns
- script /^\/\/static\.hotjar\.com\/c\/hotjar-/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
card.php
n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ec.js
www.google-analytics.com/plugins/ua/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/serving/scripts/trackpoint/async/ |
76 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
256 KB 46 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-643217.js
static.hotjar.com/c/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ |
93 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 699 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-79263abf7d750edcf2ac9b3f61c10e5a.js
script.hotjar.com/ |
400 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.222d70f6d6e470a9d211755bfbc35f22.css
privati.nexi.it/ |
14 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.976106247a3e6ce08a12fe8c08f86176.css
privati.nexi.it/ |
0 2 KB |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_dark.svg
privati.nexi.it/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nexipay-tablet-688x468.jpg
n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/6ea77/img/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.nexi.it/cookieservice/titolari-it/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-ab5ba0ccf53ded68dfc9bbcb1e84cd7b.js
script.hotjar.com/ |
409 KB 84 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| gaplugins function| ga function| $ function| jQuery object| google_tag_data object| WebFont object| google_tag_manager object| dataLayer object| Adform object| KJUR object| adf object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| hj object| _hjSettings1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
n3plcpnl0262.prod.ams3.secureserver.net/ | Name: PHPSESSID Value: a9a59cf15e7101efb280c656f365fb06 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fonts.googleapis.com
n3plcpnl0262.prod.ams3.secureserver.net
privati.nexi.it
script.hotjar.com
static.hotjar.com
track.adform.net
www.google-analytics.com
www.googletagmanager.com
www.nexi.it
147.75.205.43
147.75.80.178
151.99.162.64
160.153.155.18
185.198.116.51
2a00:1450:4001:808::200a
2a00:1450:4001:81a::2008
2a00:1450:4001:81c::200a
2a00:1450:4001:821::200e
37.157.6.246
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
10525ac208d522b0bffcd016b342de2d8ebe00971c3d6727fec5e7047d11dbf5
260f59a0f3ec205735c10ed1b28b0b42871437fa0f466bf61a386e6150ac4239
29063041526d23cf877e63e2404cbe900e909e9e4301b7173e57feed32f944b7
2ba20f95f1f9e59dced89ead82577dc71a3c0c7d9fa6b7dd9d1b3c0d638cf193
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4c9151ec30fd2126494b4e022b181ec87b46a1839450d31a7afa00269983022c
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
916fb1152dbc9efc7ef54039655e7c5e86bca3fde2b51f0e4a19eb21a17b3282
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
ae4697824881a6a6b5fe690d5652d24fbacae1586d0afa90213d7b2c18162938
b15e7144c955c393a5d8f9dbe7935fc296336808b0a25e86240fbde6f6644c4b
bd759d4216d20d9caf196f86e0e4673bbff01042bf542ecad35a0bc363fa029c
d67f12c2477d3da4230bc85d5bc40f813d93ca6ebd3a7befc6599a02f157dfdd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855