nx.13-48-145-58.cprapid.com Open in urlscan Pro
13.48.145.58 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nx.13-48-145-58.cprapid.com/
Effective URL:
https://nx.13-48-145-58.cprapid.com/
Submission: On October 18 via automatic, source openphish (October 18th 2023, 1:34:36 pm UTC) — Scanned from SE

Summary HTTP 28 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 7 IPs in 5 countries across 6 domains to perform 28 HTTP transactions. The main IP is 13.48.145.58, located in Stockholm, Sweden and belongs to AMAZON-02, US. The main domain is nx.13-48-145-58.cprapid.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on October 18th 2023. Valid for: 3 months.

This is the only time nx.13-48-145-58.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 22	13.48.145.58 13.48.145.58	16509 (AMAZON-02) (AMAZON-02)
1	185.198.118.126 185.198.118.126	35051 (NEXI-AS) (NEXI-AS)
2	34.247.108.36 34.247.108.36	16509 (AMAZON-02) (AMAZON-02)
1	23.32.184.226 23.32.184.226	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.31.123.248 52.31.123.248	16509 (AMAZON-02) (AMAZON-02)
1 1	63.33.173.25 63.33.173.25	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.152 66.235.152.152	16509 (AMAZON-02) (AMAZON-02)
1	63.140.62.135 63.140.62.135	16509 (AMAZON-02) (AMAZON-02)
28	7

22 13.48.145.58 (Stockholm, Sweden) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com

nx.13-48-145-58.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.198.118.126 (Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.247.108.36 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-108-36.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.32.184.226 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-32-184-226.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.123.248 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-123-248.eu-west-1.compute.amazonaws.com

nexipayments.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.33.173.25 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-173-25.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.152 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-66-235-152-152.data.adobedc.net

nexipayments.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.135 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-135.data.adobedc.net

nexipayments.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	cprapid.com 1 redirects nx.13-48-145-58.cprapid.com	2 MB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 242 nexipayments.demdex.net	5 KB
2	omtrdc.net nexipayments.tt.omtrdc.net nexipayments.sc.omtrdc.net	1 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1318	517 B
1	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 468	12 KB
1	nexi.it www.nexi.it	423 KB
28	6

	Domain	Requested by
22	nx.13-48-145-58.cprapid.com	1 redirects nx.13-48-145-58.cprapid.com
2	dpm.demdex.net	nx.13-48-145-58.cprapid.com
1	nexipayments.sc.omtrdc.net	nx.13-48-145-58.cprapid.com
1	nexipayments.tt.omtrdc.net	nx.13-48-145-58.cprapid.com
1	cm.everesttech.net	1 redirects
1	nexipayments.demdex.net	nx.13-48-145-58.cprapid.com
1	assets.adobedtm.com	nx.13-48-145-58.cprapid.com
1	www.nexi.it	nx.13-48-145-58.cprapid.com
28	8

This site contains links to these domains. Also see Links.

Domain
www.nexi.it
apps.apple.com
play.google.com
appgallery.huawei.com
privati.nexi.it

Subject Issuer	Validity	Valid
nx.13-48-145-58.cprapid.com ZeroSSL RSA Domain Secure Site CA	`2023-10-18` - `2024-01-16`	3 months	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2023-08-04` - `2024-08-21`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
*.sc.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-03-08`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://nx.13-48-145-58.cprapid.com/
Frame ID: 18D3BBAFC17DE822F5E033017ADE1954
Requests: 23 HTTP requests in this frame

Frame: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Frame ID: CFBF89AE7A8BA893FDA1999506894001
Requests: 1 HTTP requests in this frame

Frame: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
Frame ID: 3F311C6FC11597053317018507CC5B7A
Requests: 3 HTTP requests in this frame

Frame: https://nexipayments.demdex.net/dest5.html?d_nsid=0
Frame ID: EBCB7BCCBB78D8B1D382248D2B532686
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Page URL History Show full URLs

http://nx.13-48-145-58.cprapid.com/ HTTP 301
https://nx.13-48-145-58.cprapid.com/ Page URL

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

28
Requests

96 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

7
IPs

5
Countries

2085 kB
Transfer

2102 kB
Size

9
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.nexi.it/

Search URL Search Domain Scan URL

URL: https://www.nexi.it/accedi.html
Title: Cambia portale

Search URL Search Domain Scan URL

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C101454369

Search URL Search Domain Scan URL

URL: https://www.nexi.it/login-titolari.html
Title: Non sei tu?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/recovery/intro
Title: Hai dimenticato le credenziali?

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI

Search URL Search Domain Scan URL

URL: https://www.nexi.it/content/dam/nexi/new-login-2019/informativa_privacy.pdf
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nx.13-48-145-58.cprapid.com/ HTTP 301
https://nx.13-48-145-58.cprapid.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24

https://cm.everesttech.net/cm/dd?d_uuid=80002623493127723170746619789267490356 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZS-e5gAAANhj2QN6

28 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
nx.13-48-145-58.cprapid.com/
Redirect Chain

http://nx.13-48-145-58.cprapid.com/
https://nx.13-48-145-58.cprapid.com/

298 KB
299 KB

121ms
55ms

Document
text/html

13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: f6f0ebe89c349e4737f7ea9d30a3e12abb5a39e0830d0e0848aab87856d1b978

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Wed, 18 Oct 2023 13:34:29 GMT
Keep-Alive: timeout=5, max=100
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Connection: Keep-Alive
Content-Length: 244
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 18 Oct 2023 13:34:29 GMT
Keep-Alive: timeout=5, max=100
Location: https://nx.13-48-145-58.cprapid.com/
Server: Apache

GET
H/1.1 200
OK launch-a40afd213c32.min.js.download Show response
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 228 KB
228 KB 132ms
34ms Script
application/javascript 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/launch-a40afd213c32.min.js.download
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 233400

GET
H/1.1 200
OK style.css
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 537 KB
537 KB 93ms
30ms Stylesheet
text/css 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 550012

GET
H/1.1 200
OK jquery-3.5.1.min.js.download Show response
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 87 KB
88 KB 97ms
30ms Script
application/javascript 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/jquery-3.5.1.min.js.download
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 89475

GET
H/1.1 200
OK style(1).css
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 17 KB
17 KB 95ms
30ms Stylesheet
text/css 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style(1).css
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 17116

GET
H/1.1 404
Not Found stylepop.css
nx.13-48-145-58.cprapid.com/ 0
0 96ms
30ms Stylesheet
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/stylepop.css
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK logo--light-double.svg
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 1 KB
2 KB 109ms
30ms Image
image/svg+xml 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/logo--light-double.svg
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 1476

GET
H/1.1 200
OK app_store.svg
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 15 KB
16 KB 43ms
30ms Image
image/svg+xml 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/app_store.svg
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 15816

GET
H/1.1 200
OK google_play.svg
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 25 KB
25 KB 35ms
30ms Image
image/svg+xml 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/google_play.svg
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 25343

GET
H/1.1 200
OK huawei-store.svg
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 22 KB
22 KB 30ms
30ms Image
image/svg+xml 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/huawei-store.svg
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:29 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:14 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 22133

GET
H/1.1 200
OK logo--dark-double.svg
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ 1 KB
2 KB 32ms
31ms Image
image/svg+xml 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/logo--dark-double.svg
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:16 GMT
Server: Apache
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 1480

GET
H/1.1 200
OK box-a1ae2079824d1c48aa9ce06efb256f18.html Show response
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ Frame CFBF 3 KB
3 KB 30ms
30ms Document
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/box-a1ae2079824d1c48aa9ce06efb256f18.html
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 2572
Content-Type: text/html
Date: Wed, 18 Oct 2023 13:34:30 GMT
Keep-Alive: timeout=5, max=98
Last-Modified: Sun, 05 Dec 2021 02:57:16 GMT
Server: Apache

GET
H/1.1 200
OK login_pt_background_02.jpg
www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/ 422 KB
423 KB 972ms
687ms Image
image/jpeg 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/portale-titolari/pagine-login/portale-titolari/login_pt_background_02.jpg

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

dc50ef7f80147b0a2407f5a560125db8b36c799d5a5a32b17d83fea8f03492e5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 01 Aug 2023 11:01:34 GMT
ETag: "69983-601da785dd48e"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET, HEAD
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=300, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 432515

GET
H/1.1 404
Not Found karbon-medium-webfont.woff
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 32ms
32ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-medium-webfont.woff
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-regular-webfont.woff
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 33ms
32ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-regular-webfont.woff
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found karbon-semibold-webfont.woff
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 35ms
35ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-semibold-webfont.woff
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK bframe.html Show response
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ Frame 3F31 8 KB
9 KB 30ms
30ms Document
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 8502
Content-Type: text/html
Date: Wed, 18 Oct 2023 13:34:30 GMT
Keep-Alive: timeout=5, max=97
Last-Modified: Sun, 05 Dec 2021 02:57:16 GMT
Server: Apache

GET
H/1.1 404
Not Found KarbonApp-Medium.ttf
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 31ms
31ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Medium.ttf
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Regular.ttf
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 31ms
31ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Regular.ttf
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found KarbonApp-Semibold.ttf
nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/ 0
0 30ms
30ms Font
text/html 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/style.css
Origin: https://nx.13-48-145-58.cprapid.com
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK styles__ltr.css
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ Frame 3F31 51 KB
51 KB 30ms
30ms Stylesheet
text/css 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/styles__ltr.css
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:12 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 52368

GET
H/1.1 200
OK recaptcha__it.js.download Show response
nx.13-48-145-58.cprapid.com/Area%20Personale_files/ Frame 3F31 345 KB
345 KB 31ms
30ms Script
application/javascript 13.48.145.58
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/recaptcha__it.js.download
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.48.145.58 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-48-145-58.eu-north-1.compute.amazonaws.com
Software: Apache /
Resource Hash: 5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Wed, 18 Oct 2023 13:34:30 GMT
Last-Modified: Sun, 05 Dec 2021 02:57:12 GMT
Server: Apache
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 353475

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 371 B
1 KB 294ms
65ms XHR
application/json 34.247.108.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&d_nsid=0&ts=1697636070311

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.247.108.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-108-36.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d2898bbd86622284f1ae78ca884001f19b95d76de895e88444567dc258ade6e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-1-v052-082ef38eb.edge-irl1.demdex.com 2 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 9KbORyR5RSU=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://nx.13-48-145-58.cprapid.com
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 313
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ 33 KB
12 KB 184ms
55ms Script
application/x-javascript 23.32.184.226
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/AppMeasurement.min.js
Requested by: Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/launch-a40afd213c32.min.js.download
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.32.184.226 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-32-184-226.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Wed, 18 Oct 2023 13:34:30 GMT
content-encoding: gzip
last-modified: Wed, 18 Aug 2021 21:04:01 GMT
server: AkamaiNetStorage
etag: "4635bffccc756e9a52eae8011adb9137:1629320641.842128"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://nx.13-48-145-58.cprapid.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12188
expires: Wed, 18 Oct 2023 14:34:30 GMT

GET
H/1.1 200
OK dest5.html Show response
nexipayments.demdex.net/ Frame EBCB 7 KB
3 KB 279ms
64ms Document
text/html 52.31.123.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nexipayments.demdex.net/dest5.html?d_nsid=0

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.31.123.248 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-31-123-248.eu-west-1.compute.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: se-SE,se;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-irl1-1-v052-04489e9b3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Xp9yPjuQQYM=
content-encoding: gzip
date: Wed, 18 Oct 2023 13:34:30 GMT
last-modified: Mon, 9 Oct 2023 09:23:23 GMT
transfer-encoding: chunked
vary: accept-encoding

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=ZS-e5gAAANhj2QN6
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=80002623493127723170746619789267490356
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZS-e5gAAANhj2QN6

42 B
942 B

71ms
70ms

Image
image/gif

34.247.108.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZS-e5gAAANhj2QN6

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/

Protocol

HTTP/1.1

Server

34.247.108.36 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-247-108-36.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v052-040c0227e.edge-irl1.demdex.com 7 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: S6Z45bM1S4o=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZS-e5gAAANhj2QN6
Date: Wed, 18 Oct 2023 13:34:30 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
nexipayments.tt.omtrdc.net/rest/v1/ 355 B
858 B 222ms
75ms XHR
application/json 66.235.152.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://nexipayments.tt.omtrdc.net/rest/v1/delivery?client=nexipayments&sessionId=e334ea84d340408da70e5630e78b1106&version=2.6.1

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/launch-a40afd213c32.min.js.download

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.152 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-152.data.adobedc.net

Software

jag /

Resource Hash

5d934e49edfd21bd88dbaec548faeb0d01cc873cb910ae116984fe889cde36c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://nx.13-48-145-58.cprapid.com/
accept-language: se-SE,se;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 18 Oct 2023 13:34:30 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://nx.13-48-145-58.cprapid.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 256c26ff-9495-4718-a49c-9ffc7a34f4f4

GET
H2 200 s8578116308399
nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/ 43 B
344 B 190ms
62ms Image
image/gif 63.140.62.135
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/s8578116308399?AQB=1&ndh=1&pf=1&t=18%2F9%2F2023%2015%3A34%3A30%203%20-120&sdid=5A71F71A4F798AD8-32571158F1F5A1D4&mid=74087991716751294420255426524026443915&aamlh=6&ce=UTF-8&pageName=%2F&g=https%3A%2F%2Fnx.13-48-145-58.cprapid.com%2F&cc=EUR&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v4=%2F&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=6A724E255ED5F2A60A495E0E%40AdobeOrg&AQE=1

Requested by

Host: nx.13-48-145-58.cprapid.com
URL: https://nx.13-48-145-58.cprapid.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.135 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-135.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: se-SE,se;q=0.9
Referer: https://nx.13-48-145-58.cprapid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 18 Oct 2023 13:34:31 GMT
x-content-type-options: nosniff
last-modified: Thu, 19 Oct 2023 13:34:31 GMT
server: jag
etag: 3645645703518683136-4617841541421451077
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 17 Oct 2023 13:34:31 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
nx.13-48-145-58.cprapid.com/	1970-01-21 01:09:56	Name: COOKIE_KEY Value: 169763606914
.cprapid.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-20 19:53:08	Name: demdex Value: 80002623493127723170746619789267490356
.cprapid.com/	1969-12-31 23:59:59	Name: AMCVS_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: 1
.cprapid.com/	1970-01-21 01:09:56	Name: mbox Value: session#e334ea84d340408da70e5630e78b1106#1697637931\|PC#e334ea84d340408da70e5630e78b1106.37_0#1760880871
.everesttech.net/	1970-01-21 00:19:32	Name: everest_g_v2 Value: g_surferid~ZS-e5gAAANhj2QN6
.dpm.demdex.net/	1970-01-20 19:53:08	Name: dpm Value: 80002623493127723170746619789267490356
.cprapid.com/	1970-01-21 01:09:56	Name: AMCV_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19649%7CMCMID%7C74087991716751294420255426524026443915%7CMCAAMLH-1698240870%7C6%7CMCAAMB-1698240870%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1697643270s%7CNONE%7CMCSYNCSOP%7C411-19656%7CvVersion%7C5.2.0
.cprapid.com/	1969-12-31 23:59:59	Name: s_cc Value: true

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://nx.13-48-145-58.cprapid.com/stylepop.css Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-medium-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/karbon-semibold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	warning	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/bframe.html Message: An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Semibold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Medium.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://nx.13-48-145-58.cprapid.com/Area%20Personale_files/fonts/KarbonApp-Regular.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
cm.everesttech.net
dpm.demdex.net
nexipayments.demdex.net
nexipayments.sc.omtrdc.net
nexipayments.tt.omtrdc.net
nx.13-48-145-58.cprapid.com
www.nexi.it
13.48.145.58
185.198.118.126
23.32.184.226
34.247.108.36
52.31.123.248
63.140.62.135
63.33.173.25
66.235.152.152
0814a79883b4070863f8185270ea202fbb53791a439b221fd73afb146b0ded5d
0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338
509bf9e83d3ca5add614196c02c8e0ce59731d3d1a10552c944b74d86019d866
5a9832e8fbf9271704a38054b70a3623cc10a16404d01d23133ea1708c470f28
5d934e49edfd21bd88dbaec548faeb0d01cc873cb910ae116984fe889cde36c8
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
86dbb95c983a9c81e1806afa854b9713ec33ee7e279712e6eee946c6b2e8f92d
8a328eaf97de4600f72891d5658426d62b7afff1cc12667968e8db621a38322c
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266
d2898bbd86622284f1ae78ca884001f19b95d76de895e88444567dc258ade6e2
dc50ef7f80147b0a2407f5a560125db8b36c799d5a5a32b17d83fea8f03492e5
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f6f0ebe89c349e4737f7ea9d30a3e12abb5a39e0830d0e0848aab87856d1b978

nx.13-48-145-58.cprapid.com Open in urlscan Pro 13.48.145.58 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

28 Requests

96 %HTTPS

0 %IPv6

6 Domains

8 Subdomains

7 IPs

5 Countries

2085 kBTransfer

2102 kBSize

9 Cookies

9 Outgoing links

Page URL History

Redirected requests

28 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

nx.13-48-145-58.cprapid.com Open in urlscan Pro
13.48.145.58 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

28
Requests

96 %
HTTPS

0 %
IPv6

6
Domains

8
Subdomains

7
IPs

5
Countries

2085 kB
Transfer

2102 kB
Size

9
Cookies

28 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!