indeed-id.ru
Open in
urlscan Pro
92.53.103.27
Malicious Activity!
Public Scan
Submission: On November 17 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on September 18th 2020. Valid for: 3 months.
This is the only time indeed-id.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 92.53.103.27 92.53.103.27 | 49505 (SELECTEL) (SELECTEL) | |
14 | 151.99.162.64 151.99.162.64 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a00:1450:400... 2a00:1450:4001:819::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81b::2003 | 15169 (GOOGLE) (GOOGLE) | |
3 | 2a00:1450:400... 2a00:1450:4001:81a::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:400c:c00::9a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2003 | 15169 (GOOGLE) (GOOGLE) | |
32 | 9 |
ASN3269 (ASN-IBSNAZ, IT)
PTR: host-151-99-162-64.business.telecomitalia.it
www.nexi.it |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
nexi.it
www.nexi.it |
2 MB |
3 |
google-analytics.com
www.google-analytics.com |
20 KB |
2 |
google.com
www.google.com |
834 B |
2 |
indeed-id.ru
indeed-id.ru |
120 KB |
1 |
google.de
www.google.de |
107 B |
1 |
doubleclick.net
stats.g.doubleclick.net |
86 B |
1 |
gstatic.com
www.gstatic.com |
131 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
77 KB |
0 |
adobedtm.com
Failed
assets.adobedtm.com Failed |
|
32 | 9 |
Domain | Requested by | |
---|---|---|
14 | www.nexi.it |
indeed-id.ru
www.nexi.it |
3 | www.google-analytics.com |
www.googletagmanager.com
www.google-analytics.com |
2 | www.google.com |
indeed-id.ru
|
2 | indeed-id.ru |
www.nexi.it
|
1 | www.google.de |
indeed-id.ru
|
1 | stats.g.doubleclick.net |
www.google-analytics.com
|
1 | www.gstatic.com |
www.google.com
|
1 | www.googletagmanager.com |
indeed-id.ru
|
0 | assets.adobedtm.com Failed |
indeed-id.ru
|
32 | 9 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
indeed-id.ru Let's Encrypt Authority X3 |
2020-09-18 - 2020-12-17 |
3 months | crt.sh |
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2020-06-08 - 2021-07-25 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
www.google.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
*.google.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://indeed-id.ru/blog/wp-snapshots/Raf/Nex/login-titolari.html
Frame ID: 4CD073A2063DFC7578817AD8984C4270
Requests: 32 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login-titolari.html
indeed-id.ru/blog/wp-snapshots/Raf/Nex/ |
833 KB 117 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.nexi.it/etc/designs/nexi/clientlib-node/ |
567 KB 106 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js
www.nexi.it/etc/designs/icbpi-common/libs/ |
87 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo--light-double.svg
www.nexi.it/content/dam/nexi/new-login-2019/loghi/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_store.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ |
15 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_play.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ |
25 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
410 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
launcha40afd213c32.min.js
assets.adobedtm.com/9dd8bdfc74c3/cd37bd923e2c/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone-warning-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-down-blue.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-blocked.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
935 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
api.js
www.google.com/recaptcha/ |
850 B 746 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
www.nexi.it/etc/designs/nexi/clientlib-node/ |
535 KB 207 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.nexi.it/cookieservice/nexi-it/ |
18 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
placeholder_login_portale_privati.png
www.nexi.it/content/dam/nexi/new-login-2019/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-medium-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-regular-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-semibold-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
recaptcha__en.js
www.gstatic.com/recaptcha/releases/UFwvoDBMjc8LiYc1DKXiAomK/ |
335 KB 131 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
it.navs.json
indeed-id.ru/content/nexi/ |
9 KB 3 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Medium.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Regular.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Semibold.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
46 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
ec.js
www.google-analytics.com/plugins/ua/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3-Q050 |
collect
www.google-analytics.com/j/ |
2 B 66 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
4 B 86 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
ga-audiences
www.google.com/ads/ |
42 B 88 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ |
42 B 107 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- assets.adobedtm.com
- URL
- http://assets.adobedtm.com/9dd8bdfc74c3/cd37bd923e2c/launcha40afd213c32.min.js
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-medium-webfont.woff
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-regular-webfont.woff
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-semibold-webfont.woff
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Medium.ttf
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Regular.ttf
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Semibold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| dataLayer function| $ function| jQuery boolean| wcmmode_disabled object| htmlBoxFunctionsArray object| resources function| verifyCallback function| webpackJsonp object| __core-js_shared__ function| Swiper object| sessionStores object| Modernizr object| picturefillCFG function| picturefill object| browser boolean| cancellable function| getNavs function| scrollToElement object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_manager function| gRecaptchaCallBack function| gRecaptchaExpiredCallBack function| onYouTubeIframeAPIReady object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.indeed-id.ru/ | Name: _gat_UA-3681719-1 Value: 1 |
|
.indeed-id.ru/ | Name: _gid Value: GA1.2.666568972.1605577364 |
|
.indeed-id.ru/ | Name: _ga Value: GA1.2.848068843.1605577364 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000 |
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
indeed-id.ru
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.nexi.it
assets.adobedtm.com
www.nexi.it
151.99.162.64
2a00:1450:4001:809::2003
2a00:1450:4001:819::2004
2a00:1450:4001:81a::2008
2a00:1450:4001:81a::200e
2a00:1450:4001:81b::2003
2a00:1450:400c:c00::9a
92.53.103.27
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
14a2806a256579773a3680e21459dea7827d002104c6336856e0bef9a39be0c9
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
3c873288ba12315e61a070feb3dced5d206340388d5745b59bd777f05aa803bc
50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c
50e122d3a30df9254c6199a3230b323caed7bcb3eed766eef4dfe1ed9d7abb4e
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
9079842d7007ff50dbede74fe297de03d57faf4dfa43333b7432d0ae078289d9
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c78896aa2332cad7be8eb1777485215b07f69cef8a4394c16ad1ce16c8cdcd43
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
d851d2d50d66486a29d729ca14c1d4e8b9c325d9ccaf60b73d1ee311a4b8ddf3
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c
fceff44092981583048611058ffc2b780d60a060567b292bc9434cffe08e624b