145.104-168-101-28.cprapid.com Open in urlscan Pro
104.168.101.28 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://145.104-168-101-28.cprapid.com/Nexi/
Submission Tags: @ecarlesi threat phishing nexipayments Search All
Submission: On May 22 via api (May 22nd 2024, 9:27:20 am UTC) from IT — Scanned from IT

Summary HTTP 29 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 29 HTTP transactions. The main IP is 104.168.101.28, located in Buffalo, United States and belongs to AS-COLOCROSSING, US. The main domain is 145.104-168-101-28.cprapid.com.
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.

This is the only time 145.104-168-101-28.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
22	104.168.101.28 104.168.101.28	36352 (AS-COLOCR...) (AS-COLOCROSSING)
2	185.198.118.126 185.198.118.126	35051 (NEXI-AS) (NEXI-AS)
2	52.16.8.109 52.16.8.109	16509 (AMAZON-02) (AMAZON-02)
1	23.35.236.237 23.35.236.237	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.16.115.188 52.16.115.188	16509 (AMAZON-02) (AMAZON-02)
1 1	52.209.221.170 52.209.221.170	16509 (AMAZON-02) (AMAZON-02)
1	63.140.62.17 63.140.62.17	16509 (AMAZON-02) (AMAZON-02)
29	6

22 104.168.101.28 (Buffalo, United States)

ASN36352 (AS-COLOCROSSING, US)
PTR: 104-168-101-28-host.colocrossing.com

145.104-168-101-28.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.198.118.126 (Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.16.8.109 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-8-109.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.236.237 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-237.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.115.188 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-115-188.eu-west-1.compute.amazonaws.com

nexipayments.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.209.221.170 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-221-170.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-17.data.adobedc.net

nexipayments.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	cprapid.com 145.104-168-101-28.cprapid.com	2 MB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 243 nexipayments.demdex.net	2 KB
2	nexi.it www.nexi.it	428 KB
1	omtrdc.net nexipayments.sc.omtrdc.net	345 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1317	517 B
1	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 425	12 KB
29	6

	Domain	Requested by
22	145.104-168-101-28.cprapid.com	145.104-168-101-28.cprapid.com
2	dpm.demdex.net	145.104-168-101-28.cprapid.com
2	www.nexi.it	145.104-168-101-28.cprapid.com
1	nexipayments.sc.omtrdc.net
1	cm.everesttech.net	1 redirects
1	nexipayments.demdex.net	145.104-168-101-28.cprapid.com
1	assets.adobedtm.com	145.104-168-101-28.cprapid.com
29	7

This site contains links to these domains. Also see Links.

Domain
www.nexi.it
apps.apple.com
play.google.com
appgallery.huawei.com
privati.nexi.it

Subject Issuer	Validity	Valid
cpcontacts.145.104-168-101-28.cprapid.com R3	`2024-05-22` - `2024-08-20`	3 months	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2023-08-04` - `2024-08-21`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
*.sc.omtrdc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-07` - `2025-03-09`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://145.104-168-101-28.cprapid.com/Nexi/
Frame ID: 6C4B57CF4C5A997F2646715BEB5E0740
Requests: 24 HTTP requests in this frame

Frame: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: 641A52D961EF583DD7267B5BF9A17429
Requests: 1 HTTP requests in this frame

Frame: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Frame ID: E0BD0B3D7481A329AEEBF455E889465D
Requests: 3 HTTP requests in this frame

Frame: https://nexipayments.demdex.net/dest5.html?d_nsid=0
Frame ID: 8023BFAEEB390E8E7A07069E5B65616B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

29
Requests

97 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

4
Countries

2086 kB
Transfer

2123 kB
Size

6
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nexi.it/

Search URL Search Domain Scan URL

URL: https://www.nexi.it/accedi.html
Title: Cambia portale

Search URL Search Domain Scan URL

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C101454369

Search URL Search Domain Scan URL

URL: https://www.nexi.it/login-titolari.html
Title: Non sei tu?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/recovery/intro
Title: Hai dimenticato le credenziali?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI

Search URL Search Domain Scan URL

URL: https://www.nexi.it/content/dam/nexi/new-login-2019/informativa_privacy.pdf
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25

https://cm.everesttech.net/cm/dd?d_uuid=65872721522681645440359340372318342821 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5

29 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
145.104-168-101-28.cprapid.com/Nexi/ 298 KB
299 KB 429ms
146ms Document
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: e23d948465486170b59683bfa6dbb7913be2420d5e1448f98faae185d7f9fca4

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 22 May 2024 09:27:14 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK launch-a40afd213c32.min.js.download Show response
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 228 KB
228 KB 463ms
115ms Script
text/javascript 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/launch-a40afd213c32.min.js.download
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 233400

GET
H/1.1 200
OK style.css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 537 KB
537 KB 345ms
115ms Stylesheet
text/css 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:14 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 550012

GET
H/1.1 200
OK jquery-3.5.1.min.js.download Show response
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 87 KB
88 KB 360ms
121ms Script
text/javascript 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/jquery-3.5.1.min.js.download
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:14 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 89475

GET
H/1.1 200
OK style(1).css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 17 KB
17 KB 345ms
116ms Stylesheet
text/css 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style(1).css
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:14 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 17116

GET
H/1.1 404
Not Found stylepop.css
145.104-168-101-28.cprapid.com/Nexi/ 0
0 346ms
115ms Stylesheet
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/stylepop.css
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:14 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK logo--light-double.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 1 KB
2 KB 376ms
127ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/logo--light-double.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:14 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1476

GET
H/1.1 200
OK app_store.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 15 KB
16 KB 157ms
127ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/app_store.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15816

GET
H/1.1 200
OK google_play.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 25 KB
25 KB 155ms
121ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/google_play.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 25343

GET
H/1.1 200
OK huawei-store.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 22 KB
22 KB 121ms
121ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/huawei-store.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 22133

GET
H/1.1 200
OK logo--dark-double.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 1 KB
2 KB 114ms
114ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/logo--dark-double.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1480

GET
H/1.1 200
OK google_play.svg
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ 25 KB
0 0ms
0ms Image
image/svg+xml 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/google_play.svg
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:14 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 25343
Content-Type: image/svg+xml

GET
H/1.1 200
OK box-a1ae2079824d1c48aa9ce06efb256f18.html Show response
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame 641A 3 KB
3 KB 121ms
121ms Document
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 2572
Content-Type: text/html
Date: Wed, 22 May 2024 09:27:15 GMT
Keep-Alive: timeout=5, max=97
Last-Modified: Sun, 05 Dec 2021 06:57:16 GMT
Server: Apache

GET
H/1.1 200
OK bframe.html Show response
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD 8 KB
9 KB 128ms
128ms Document
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://145.104-168-101-28.cprapid.com/Nexi/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 8502
Content-Type: text/html
Date: Wed, 22 May 2024 09:27:15 GMT
Keep-Alive: timeout=5, max=98
Last-Modified: Sun, 05 Dec 2021 06:57:16 GMT
Server: Apache

GET
H/1.1 200
OK login_pt_background_02.jpg
www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/ 425 KB
427 KB 225ms
54ms Image
image/jpeg 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/login_pt_background_02.jpg

Requested by

Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

aaf2d655b312cd798f4446994d77ac4ffd47be8ff539449e2daaed898dd21e49

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Mon, 06 May 2024 07:08:23 GMT
ETag: "6a3fc-617c3bc2c787b"
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=5

GET
H/1.1 404
Not Found karbon-medium-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 116ms
115ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-medium-webfont.woff
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-regular-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 119ms
118ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-regular-webfont.woff
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-semibold-webfont.woff
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 114ms
113ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-semibold-webfont.woff
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 id Show response
dpm.demdex.net/ 371 B
926 B 163ms
54ms XHR
application/json 52.16.8.109
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&d_nsid=0&ts=1716370035574

Requested by

Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.16.8.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-8-109.eu-west-1.compute.amazonaws.com

Software

Resource Hash

a3180d51fd18781a8478d8c201f7c4c951909d3d24e6fab1a57b659666120fa1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://145.104-168-101-28.cprapid.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v061-086c8aaf8.edge-irl1.demdex.com 3 ms
pragma: no-cache
date: Wed, 22 May 2024 09:27:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: saVsxoLJSjk=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://145.104-168-101-28.cprapid.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 311
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ 33 KB
12 KB 85ms
28ms Script
application/x-javascript 23.35.236.237
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/launch-a40afd213c32.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.236.237 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-237.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 22 May 2024 09:27:15 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 21:04:01 GMT
server: AkamaiNetStorage
etag: "4635bffccc756e9a52eae8011adb9137:1629320641.842128"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://145.104-168-101-28.cprapid.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12188
expires: Wed, 22 May 2024 10:27:15 GMT

GET
H/1.1 200
OK styles__ltr.css
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD 51 KB
51 KB 129ms
128ms Stylesheet
text/css 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/styles__ltr.css
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 52368

GET
H/1.1 200
OK recaptcha__it.js.download Show response
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/ Frame E0BD 345 KB
345 KB 121ms
121ms Script
text/javascript 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/recaptcha__it.js.download
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash: 5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Last-Modified: Sun, 05 Dec 2021 06:57:12 GMT
Server: Apache
Content-Type: text/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 353475

GET
H/1.1 404
Not Found KarbonApp-Semibold.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 114ms
114ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Medium.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 117ms
117ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Medium.ttf
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Regular.ttf
145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/ 0
0 119ms
119ms Font
text/html 104.168.101.28
AS-COLOCROSSING

General

Check archive.org

Show headers Download Go to

Full URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Regular.ttf
Requested by: Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 104.168.101.28 Buffalo, United States, ASN36352 (AS-COLOCROSSING, US),
Reverse DNS: 104-168-101-28-host.colocrossing.com
Software: Apache /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/style.css
Origin: https://145.104-168-101-28.cprapid.com
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H2 200 dest5.html
nexipayments.demdex.net/ Frame 8023 0
0 156ms
51ms Document
text/html 52.16.115.188
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nexipayments.demdex.net/dest5.html?d_nsid=0

Requested by

Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.16.115.188 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-115-188.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://145.104-168-101-28.cprapid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 22 May 2024 09:27:15 GMT
dcs: dcs-prod-irl1-2-v061-0c9211916.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 9 May 2024 12:26:52 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: 5ZRP9os4TeQ=

GET
H2

200

ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=65872721522681645440359340372318342821
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5

42 B
717 B

53ms
53ms

Image
image/gif

52.16.8.109
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5

Requested by

Host: 145.104-168-101-28.cprapid.com
URL: https://145.104-168-101-28.cprapid.com/Nexi/

Protocol

Server

52.16.8.109 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-16-8-109.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Referer: https://145.104-168-101-28.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v061-0d40ae434.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Wed, 22 May 2024 09:27:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: ylSvYI45QmY=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Zk26cwAAAB5u_AO5
Date: Wed, 22 May 2024 09:27:15 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK favicon-32x32.png
www.nexi.it/etc/designs/nexi/favicon/ 502 B
1 KB 58ms
58ms Other
image/png 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nexi.it/etc/designs/nexi/favicon/favicon-32x32.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

b537732673b775e0ae91ae05d6191112b12426038cf9259d38e699e6c885ce75

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 22 May 2024 09:27:16 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 23 Apr 2024 22:16:44 GMT
ETag: "1f6-616cae8c12ea4"
X-Frame-Options: SAMEORIGIN
Vary: Origin, Accept-Encoding
Content-Type: image/png
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 502

GET
H2 200 s39411260121518
nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/ 43 B
345 B 128ms
40ms Image
image/gif 63.140.62.17
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/s39411260121518?AQB=1&ndh=1&pf=1&t=22%2F4%2F2024%2011%3A27%3A18%203%20-120&mid=59619948087053853430948941781555347482&aamlh=6&ce=UTF-8&pageName=%2Fnexi%2F&g=https%3A%2F%2F145.104-168-101-28.cprapid.com%2FNexi%2F&cc=EUR&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v4=%2Fnexi%2F&s=1600x1200&c=24&j=1.6&v=N&k=N&bw=1600&bh=1200&mcorgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://145.104-168-101-28.cprapid.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 22 May 2024 09:27:18 GMT
x-content-type-options: nosniff
last-modified: Thu, 23 May 2024 09:27:18 GMT
server: jag
etag: 3685876592493592576-4618396486472859061
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 21 May 2024 09:27:18 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
145.104-168-101-28.cprapid.com/Nexi	1970-01-21 06:22:10	Name: COOKIE_KEY Value: 171637003429
.demdex.net/	1970-01-21 01:05:22	Name: demdex Value: 65872721522681645440359340372318342821
.145.104-168-101-28.cprapid.com/	1969-12-31 23:59:59	Name: AMCVS_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: 1
.everesttech.net/	1970-01-21 05:31:46	Name: everest_g_v2 Value: g_surferid~Zk26cwAAAB5u_AO5
.dpm.demdex.net/	1970-01-21 01:05:22	Name: dpm Value: 65872721522681645440359340372318342821
.145.104-168-101-28.cprapid.com/	1970-01-21 06:22:10	Name: AMCV_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19866%7CMCMID%7C59619948087053853430948941781555347482%7CMCAAMLH-1716974835%7C6%7CMCAAMB-1716974835%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716377235s%7CNONE%7CMCSYNCSOP%7C411-19873%7CvVersion%7C5.2.0

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/stylepop.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/bframe.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-medium-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/karbon-regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Medium.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://145.104-168-101-28.cprapid.com/Nexi/Area%20Personale_files/fonts/KarbonApp-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://145.104-168-101-28.cprapid.com/Nexi/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

145.104-168-101-28.cprapid.com
assets.adobedtm.com
cm.everesttech.net
dpm.demdex.net
nexipayments.demdex.net
nexipayments.sc.omtrdc.net
www.nexi.it
104.168.101.28
185.198.118.126
23.35.236.237
52.16.115.188
52.16.8.109
52.209.221.170
63.140.62.17
0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d
0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762
86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d
8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
a3180d51fd18781a8478d8c201f7c4c951909d3d24e6fab1a57b659666120fa1
aaf2d655b312cd798f4446994d77ac4ffd47be8ff539449e2daaed898dd21e49
b537732673b775e0ae91ae05d6191112b12426038cf9259d38e699e6c885ce75
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266
e23d948465486170b59683bfa6dbb7913be2420d5e1448f98faae185d7f9fca4
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

145.104-168-101-28.cprapid.com Open in urlscan Pro 104.168.101.28 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

29 Requests

97 %HTTPS

0 %IPv6

6 Domains

7 Subdomains

6 IPs

4 Countries

2086 kBTransfer

2123 kBSize

6 Cookies

9 Outgoing links

Redirected requests

29 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

145.104-168-101-28.cprapid.com Open in urlscan Pro
104.168.101.28 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

29
Requests

97 %
HTTPS

0 %
IPv6

6
Domains

7
Subdomains

6
IPs

4
Countries

2086 kB
Transfer

2123 kB
Size

6
Cookies

29 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!