![](/screenshots/bf3e49b3-dbcd-431f-b802-a9a83923fe47.png)
145.104-168-101-28.cprapid.com
Open in
urlscan Pro
104.168.101.28
Malicious Activity!
Public Scan
Submission Tags: @ecarlesi threat phishing nexipayments Search All
Submission: On May 22 via api from IT — Scanned from IT
Summary
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.
This is the only time 145.104-168-101-28.cprapid.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
22 | 104.168.101.28 104.168.101.28 | 36352 (AS-COLOCR...) (AS-COLOCROSSING) | |
2 | 185.198.118.126 185.198.118.126 | 35051 (NEXI-AS) (NEXI-AS) | |
2 | 52.16.8.109 52.16.8.109 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 23.35.236.237 23.35.236.237 | 16625 (AKAMAI-AS) (AKAMAI-AS) | |
1 | 52.16.115.188 52.16.115.188 | 16509 (AMAZON-02) (AMAZON-02) | |
1 1 | 52.209.221.170 52.209.221.170 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 63.140.62.17 63.140.62.17 | 16509 (AMAZON-02) (AMAZON-02) | |
29 | 6 |
ASN36352 (AS-COLOCROSSING, US)
PTR: 104-168-101-28-host.colocrossing.com
145.104-168-101-28.cprapid.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-8-109.eu-west-1.compute.amazonaws.com
dpm.demdex.net |
ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-237.deploy.static.akamaitechnologies.com
assets.adobedtm.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-115-188.eu-west-1.compute.amazonaws.com
nexipayments.demdex.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-221-170.eu-west-1.compute.amazonaws.com
cm.everesttech.net |
ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-17.data.adobedc.net
nexipayments.sc.omtrdc.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
cprapid.com
145.104-168-101-28.cprapid.com |
2 MB |
3 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 243 nexipayments.demdex.net |
2 KB |
2 |
nexi.it
www.nexi.it |
428 KB |
1 |
omtrdc.net
nexipayments.sc.omtrdc.net |
345 B |
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1317 |
517 B |
1 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 425 |
12 KB |
29 | 6 |
Domain | Requested by | |
---|---|---|
22 | 145.104-168-101-28.cprapid.com |
145.104-168-101-28.cprapid.com
|
2 | dpm.demdex.net |
145.104-168-101-28.cprapid.com
|
2 | www.nexi.it |
145.104-168-101-28.cprapid.com
|
1 | nexipayments.sc.omtrdc.net | |
1 | cm.everesttech.net | 1 redirects |
1 | nexipayments.demdex.net |
145.104-168-101-28.cprapid.com
|
1 | assets.adobedtm.com |
145.104-168-101-28.cprapid.com
|
29 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nexi.it |
apps.apple.com |
play.google.com |
appgallery.huawei.com |
privati.nexi.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cpcontacts.145.104-168-101-28.cprapid.com R3 |
2024-05-22 - 2024-08-20 |
3 months | crt.sh |
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2023-08-04 - 2024-08-21 |
a year | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-09-26 - 2024-10-26 |
a year | crt.sh |
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2023-07-11 - 2024-08-10 |
a year | crt.sh |
*.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-02-07 - 2025-03-09 |
a year | crt.sh |
This page contains 4 frames:
Primary Page:
https://145.104-168-101-28.cprapid.com/Nexi/
Frame ID: 6C4B57CF4C5A997F2646715BEB5E0740
Requests: 24 HTTP requests in this frame
Frame:
https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: 641A52D961EF583DD7267B5BF9A17429
Requests: 1 HTTP requests in this frame
Frame:
https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Frame ID: E0BD0B3D7481A329AEEBF455E889465D
Requests: 3 HTTP requests in this frame
Frame:
https://nexipayments.demdex.net/dest5.html?d_nsid=0
Frame ID: 8023BFAEEB390E8E7A07069E5B65616B
Requests: 1 HTTP requests in this frame
Screenshot
![](/screenshots/bf3e49b3-dbcd-431f-b802-a9a83923fe47.png)
Page Title
Area PersonaleDetected technologies
Detected patterns
- /etc/designs/
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
9 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Cambia portale
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Non sei tu?
Search URL Search Domain Scan URL
Title: Hai dimenticato le credenziali?
Search URL Search Domain Scan URL
Title: REGISTRATI
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 25- https://cm.everesttech.net/cm/dd?d_uuid=65872721522681645440359340372318342821 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
145.104-168-101-28.cprapid.com/Nexi/ |
298 KB 299 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
launch-a40afd213c32.min.js.download
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
228 KB 228 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
537 KB 537 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.5.1.min.js.download
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
87 KB 88 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style(1).css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
17 KB 17 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
stylepop.css
145.104-168-101-28.cprapid.com/Nexi/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo--light-double.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_store.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
15 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_play.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
25 KB 25 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
huawei-store.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
22 KB 22 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo--dark-double.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_play.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ |
25 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
box-a1ae2079824d1c48aa9ce06efb256f18.html
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame 641A |
3 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bframe.html
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD |
8 KB 9 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_pt_background_02.jpg
www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/ |
425 KB 427 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-medium-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-regular-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
karbon-semibold-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
id
dpm.demdex.net/ |
371 B 926 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles__ltr.css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD |
51 KB 51 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
recaptcha__it.js.download
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD |
345 KB 345 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KarbonApp-Semibold.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KarbonApp-Medium.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
KarbonApp-Regular.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
dest5.html
nexipayments.demdex.net/ Frame 8023 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5
dpm.demdex.net/ Redirect Chain
|
42 B 717 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon-32x32.png
www.nexi.it/etc/designs/nexi/favicon/ |
502 B 1 KB |
Other
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s39411260121518
nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/ |
43 B 345 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 function| $ function| jQuery object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| s_i_nexipayments.production6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
145.104-168-101-28.cprapid.com/Nexi | Name: COOKIE_KEY Value: 171637003429 |
|
.demdex.net/ | Name: demdex Value: 65872721522681645440359340372318342821 |
|
.145.104-168-101-28.cprapid.com/ | Name: AMCVS_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: 1 |
|
.everesttech.net/ | Name: everest_g_v2 Value: g_surferid~Zk26cwAAAB5u_AO5 |
|
.dpm.demdex.net/ | Name: dpm Value: 65872721522681645440359340372318342821 |
|
.145.104-168-101-28.cprapid.com/ | Name: AMCV_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19866%7CMCMID%7C59619948087053853430948941781555347482%7CMCAAMLH-1716974835%7C6%7CMCAAMB-1716974835%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716377235s%7CNONE%7CMCSYNCSOP%7C411-19873%7CvVersion%7C5.2.0 |
17 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
145.104-168-101-28.cprapid.com
assets.adobedtm.com
cm.everesttech.net
dpm.demdex.net
nexipayments.demdex.net
nexipayments.sc.omtrdc.net
www.nexi.it
104.168.101.28
185.198.118.126
23.35.236.237
52.16.115.188
52.16.8.109
52.209.221.170
63.140.62.17
0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d
0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762
86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d
8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
a3180d51fd18781a8478d8c201f7c4c951909d3d24e6fab1a57b659666120fa1
aaf2d655b312cd798f4446994d77ac4ffd47be8ff539449e2daaed898dd21e49
b537732673b775e0ae91ae05d6191112b12426038cf9259d38e699e6c885ce75
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266
e23d948465486170b59683bfa6dbb7913be2420d5e1448f98faae185d7f9fca4
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629