![](/screenshots/368d0a62-c3e1-48e6-9887-397d29a00b7b.png)
config758loginvhost143127.lowhost.ru
Open in
urlscan Pro
195.128.123.215
Malicious Activity!
Public Scan
Submission: On January 27 via manual from IT
Summary
This is the only time config758loginvhost143127.lowhost.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
10 | 195.128.123.215 195.128.123.215 | 47196 (GARANT-PA...) (GARANT-PARK-INTERNET) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::200a | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 172.217.16.198 172.217.16.198 | 15169 (GOOGLE) (GOOGLE) | |
6 | 151.99.162.64 151.99.162.64 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
1 | 13.224.194.78 13.224.194.78 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:812::2004 | 15169 (GOOGLE) (GOOGLE) | |
20 | 6 |
ASN47196 (GARANT-PARK-INTERNET, RU)
config758loginvhost143127.lowhost.ru |
ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f198.1e100.net
9897221.fls.doubleclick.net |
ASN3269 (ASN-IBSNAZ, IT)
PTR: host-151-99-162-64.business.telecomitalia.it
www.nexi.it |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-194-78.fra2.r.cloudfront.net
vars.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
lowhost.ru
config758loginvhost143127.lowhost.ru |
2 MB |
6 |
nexi.it
www.nexi.it |
11 KB |
2 |
doubleclick.net
1 redirects
9897221.fls.doubleclick.net |
866 B |
1 |
google.com
www.google.com |
|
1 |
hotjar.com
vars.hotjar.com |
|
1 |
googleapis.com
fonts.googleapis.com |
740 B |
20 | 6 |
Domain | Requested by | |
---|---|---|
10 | config758loginvhost143127.lowhost.ru |
config758loginvhost143127.lowhost.ru
|
6 | www.nexi.it |
config758loginvhost143127.lowhost.ru
|
2 | 9897221.fls.doubleclick.net |
1 redirects
config758loginvhost143127.lowhost.ru
|
1 | www.google.com |
config758loginvhost143127.lowhost.ru
|
1 | vars.hotjar.com |
config758loginvhost143127.lowhost.ru
|
1 | fonts.googleapis.com |
config758loginvhost143127.lowhost.ru
|
20 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
upload.video.google.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2020-06-08 - 2021-07-25 |
a year | crt.sh |
*.hotjar.com Amazon |
2020-12-25 - 2022-01-23 |
a year | crt.sh |
www.google.com GTS CA 1O1 |
2021-01-05 - 2021-03-30 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
http://config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/
Frame ID: 398EF7657928AA93CC20E93B9472F27E
Requests: 17 HTTP requests in this frame
Frame:
http://9897221.fls.doubleclick.net/activityi;dc_pre=COCV-9i6vO4CFXqBUAYd3TkDEA;src=9897221;type=mc;cat=nexi_0;ord=674579496552;gtm=2wgal2;auiddc=1840360196.1604354757;u1=%2Flogin-titolari.html;u23=true;~oref=https%3A%2F%2Fwww.nexi.it%2Flogin-titolari.html
Frame ID: 6BEECD99450594C856E18C81B074C687
Requests: 1 HTTP requests in this frame
Frame:
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 3CA7C53C087F0F5DFE3129C4955FC024
Requests: 1 HTTP requests in this frame
Frame:
https://www.google.com/recaptcha/api2/bframe?hl=en&v=4lbq4vBYAu25DMtzZ7GGbfAF&k=6LdPdiUUAAAAABfWa8mIbptRJbXdX49uDu44M7Uw&cb=xc5v0rjiai66
Frame ID: 72D7FC78EFE08E9CF3975BF206AFB1C8
Requests: 1 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://9897221.fls.doubleclick.net/activityi;src=9897221;type=mc;cat=nexi_0;ord=674579496552;gtm=2wgal2;auiddc=1840360196.1604354757;u1=%2Flogin-titolari.html;u23=true;~oref=https%3A%2F%2Fwww.nexi.it%2Flogin-titolari.html HTTP 302
- http://9897221.fls.doubleclick.net/activityi;dc_pre=COCV-9i6vO4CFXqBUAYd3TkDEA;src=9897221;type=mc;cat=nexi_0;ord=674579496552;gtm=2wgal2;auiddc=1840360196.1604354757;u1=%2Flogin-titolari.html;u23=true;~oref=https%3A%2F%2Fwww.nexi.it%2Flogin-titolari.html
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/ |
302 KB 302 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/cs/ |
18 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/cs/ |
567 KB 568 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 740 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/imgs/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
activityi;dc_pre=COCV-9i6vO4CFXqBUAYd3TkDEA;src=9897221;type=mc;cat=nexi_0;ord=674579496552;gtm=2wgal2;auiddc=1840360196.1604354757;u1=%2Flogin-titolari.html;u23=true;~oref=https%3A%2F%2Fwww.nexi.i...
9897221.fls.doubleclick.net/ Frame 6BEE Redirect Chain
|
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_store.svg
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/imgs/ |
15 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_play.svg
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/imgs/ |
25 KB 25 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone-warning-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-down-blue.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-blocked.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
935 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 3CA7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bframe
www.google.com/recaptcha/api2/ Frame 72D7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
placeholder_login_portale_privati.png
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/imgs/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-regular-webfont.woff
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/fonts/ |
24 KB 24 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-medium-webfont.woff
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/fonts/ |
24 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-semibold-webfont.woff
config758loginvhost143127.lowhost.ru/customia/Area-Cliente/informazioni/web/fonts/ |
24 KB 25 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doubleclick.net/ | Name: IDE Value: AHWqTUlFCZWpC9U1S2GEw9xldUNVvgKY0ITa89ZToP2bALijbszJ1Gs23PPoEhKM |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
9897221.fls.doubleclick.net
config758loginvhost143127.lowhost.ru
fonts.googleapis.com
vars.hotjar.com
www.google.com
www.nexi.it
13.224.194.78
151.99.162.64
172.217.16.198
195.128.123.215
2a00:1450:4001:812::2004
2a00:1450:4001:812::200a
04692f9d9b4bd8688ed094dc1ce99cf3b96d358d954a9b0ff89aca8331f89e7b
0548a34e1f94e73ba30c13a14a5c4351d28230779b06f1b6f6ea3e0e148ed7f9
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6b3318b8b2f4b3a58a85ffab1b3330ecc46f177dd1daf18dfe4e1844048f0855
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c