authenware.com
Open in
urlscan Pro
170.78.74.12
Malicious Activity!
Public Scan
URL:
https://authenware.com/
Submission: On January 18 via manual from IT — Scanned from IT
Submission: On January 18 via manual from IT — Scanned from IT
Summary
This website contacted 14 IPs
in 6 countries
across 13 domains to perform 41 HTTP transactions.
The main IP is 170.78.74.12, located in
Buenos Aires, Argentina and
belongs to InterBS S.R.L. BAEHOST, AR.
The main domain is authenware.com.
TLS certificate: Issued by R3 on January 6th 2022. Valid for: 3 months.
This is the only time authenware.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on January 6th 2022. Valid for: 3 months.
This is the only time authenware.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 170.78.74.12 170.78.74.12 | 61493 (InterBS S...) (InterBS S.R.L. BAEHOST) | |
| 2 | 2a02:26f0:710... 2a02:26f0:7100:1ab::1e80 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 12 | 185.198.118.126 185.198.118.126 | 35051 (NEXI-AS) (NEXI-AS) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82a::2008 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 52.211.244.253 52.211.244.253 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 34.251.243.172 34.251.243.172 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 52.50.54.3 52.50.54.3 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 34.252.166.160 34.252.166.160 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82b::200e | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 13.33.240.36 13.33.240.36 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:829::2004 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:831::2003 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700::68... 2606:4700::6810:7b60 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 15.188.95.229 15.188.95.229 | 16509 (AMAZON-02) (AMAZON-02) | |
| 41 | 14 |
1
170.78.74.12
(Buenos Aires, Argentina)
ASN61493 (InterBS S.R.L. BAEHOST, AR)
PTR: www7.baehost.com
ASN61493 (InterBS S.R.L. BAEHOST, AR)
PTR: www7.baehost.com
| authenware.com |
2
2a02:26f0:7100:1ab::1e80
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
ASN20940 (AKAMAI-ASN1, NL)
| assets.adobedtm.com |
1
2a00:1450:4001:82a::2008
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.googletagmanager.com |
2
52.211.244.253
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-244-253.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-244-253.eu-west-1.compute.amazonaws.com
| dpm.demdex.net |
1
34.251.243.172
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-243-172.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-243-172.eu-west-1.compute.amazonaws.com
| nexipayments.demdex.net |
1
52.50.54.3
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-54-3.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-54-3.eu-west-1.compute.amazonaws.com
| cm.everesttech.net |
1
34.252.166.160
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-166-160.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-166-160.eu-west-1.compute.amazonaws.com
| nexipayments.tt.omtrdc.net |
1
2a00:1450:4001:82b::200e
(Frankfurt am Main, Germany)
ASN15169 (GOOGLE, US)
ASN15169 (GOOGLE, US)
| www.google-analytics.com |
1
13.33.240.36
(United States)
ASN16509 (AMAZON-02, US)
PTR: server-13-33-240-36.hel50.r.cloudfront.net
ASN16509 (AMAZON-02, US)
PTR: server-13-33-240-36.hel50.r.cloudfront.net
| static.hotjar.com |
1
15.188.95.229
(Paris, France)
ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-95-229.eu-west-3.compute.amazonaws.com
| nexipayments.sc.omtrdc.net |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
nexi.it
www.nexi.it — Cisco Umbrella Rank: 536134 |
2 MB |
| 3 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 205 nexipayments.demdex.net — Cisco Umbrella Rank: 992582 |
5 KB |
| 2 |
omtrdc.net
nexipayments.tt.omtrdc.net — Cisco Umbrella Rank: 954502 nexipayments.sc.omtrdc.net |
983 B |
| 2 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 497 |
85 KB |
| 1 |
cloudflare.com
www.cloudflare.com — Cisco Umbrella Rank: 7077 |
432 B |
| 1 |
gstatic.com
www.gstatic.com |
140 KB |
| 1 |
google.com
www.google.com — Cisco Umbrella Rank: 13 |
966 B |
| 1 |
hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 644 |
|
| 1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 42 |
20 KB |
| 1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 992 |
517 B |
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78 |
75 KB |
| 1 |
authenware.com
authenware.com |
9 MB |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 41 | 13 |
| Domain | Requested by | |
|---|---|---|
| 12 | www.nexi.it |
authenware.com
www.nexi.it |
| 2 | dpm.demdex.net |
assets.adobedtm.com
authenware.com |
| 2 | assets.adobedtm.com |
authenware.com
assets.adobedtm.com |
| 1 | nexipayments.sc.omtrdc.net | |
| 1 | www.cloudflare.com |
www.nexi.it
|
| 1 | www.gstatic.com |
www.google.com
|
| 1 | www.google.com |
authenware.com
|
| 1 | static.hotjar.com |
www.googletagmanager.com
|
| 1 | www.google-analytics.com |
www.googletagmanager.com
|
| 1 | nexipayments.tt.omtrdc.net |
assets.adobedtm.com
|
| 1 | cm.everesttech.net | 1 redirects |
| 1 | nexipayments.demdex.net |
assets.adobedtm.com
|
| 1 | www.googletagmanager.com |
authenware.com
|
| 1 | authenware.com | |
| 0 | www.nexi.ithttps Failed |
authenware.com
|
| 41 | 15 |
This site contains links to these domains. Also see Links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.authenware.com R3 |
2022-01-06 - 2022-04-06 |
3 months | crt.sh |
| assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1 |
2021-09-10 - 2022-09-10 |
a year | crt.sh |
| www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2021-06-23 - 2022-07-25 |
a year | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
| *.demdex.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-19 - 2022-11-19 |
a year | crt.sh |
| *.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2021-10-11 - 2022-10-12 |
a year | crt.sh |
| *.hotjar.com Amazon |
2021-11-25 - 2022-12-23 |
a year | crt.sh |
| www.google.com GTS CA 1C3 |
2021-12-08 - 2022-03-02 |
3 months | crt.sh |
| *.gstatic.com GTS CA 1C3 |
2021-12-27 - 2022-03-21 |
3 months | crt.sh |
| www.cloudflare.com Cloudflare Inc ECC CA-3 |
2021-09-18 - 2022-09-17 |
a year | crt.sh |
| *.sc.omtrdc.net DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2021-10-05 - 2022-03-04 |
5 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://authenware.com/
Frame ID: EEE5001F68006A8C4D827CBB5591C2D7
Requests: 39 HTTP requests in this frame
Frame:
https://nexipayments.demdex.net/dest5.html?d_nsid=0
Frame ID: 9226848C2FBE69592908929D68C2039E
Requests: 1 HTTP requests in this frame
Screenshot
Page Title
Area Personaleicon/white/frecciaicon/white/frecciaDetected technologies
Adobe Experience Manager
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /etc/designs/
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- <!-- (?:End )?Google Tag Manager -->
- googletagmanager\.com/gtm\.js
Hotjar
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //static\.hotjar\.com/
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
reCAPTCHA
(Captchas)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /recaptcha/api\.js
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
URL: https://policies.google.com/privacy
Title: Google.analytics.com
Title: Google.analytics.com
Search URL Search Domain Scan URL
URL: https://www.hotjar.com/privacy
Title: Hotjar.com
Title: Hotjar.com
Search URL Search Domain Scan URL
URL: https://support.microsoft.com/en-us/topic/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Title: Internet Explorer
Title: Internet Explorer
Search URL Search Domain Scan URL
URL: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09#:~:text=Open%20Microsoft%20Edge%20and%20select%20Settings%20and%20more,Delete%20cookies%20every%20time%20you%20close%20the%20browser
Title: Edge
Title: Edge
Search URL Search Domain Scan URL
URL: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox?redirectslug=delete-cookies-remove-info-websites-stored&redirectlocale=en-US
Title: Firefox
Title: Firefox
Search URL Search Domain Scan URL
URL: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en-GB
Title: Google Chrome
Title: Google Chrome
Search URL Search Domain Scan URL
URL: https://support.apple.com/en-gb/HT201265
Title: Safari
Title: Safari
Search URL Search Domain Scan URL
URL: https://apps.apple.com/it/app/nexi-pay/id518695175
Search URL Search Domain Scan URL
URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it
Search URL Search Domain Scan URL
URL: https://appgallery.huawei.com/#/app/C101454369
Search URL Search Domain Scan URL
URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI
Title: REGISTRATI
Search URL Search Domain Scan URL
URL: https://www.nexi.it/content/dam/nexi/new-login-2019/informativa_privacy.pdf
Title: Privacy
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 15- https://cm.everesttech.net/cm/dd?d_uuid=10466052902530779924497729981263593722 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=YebgMAAAAHtb7AO1
41 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
authenware.com/ |
9 MB 9 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
launch-a40afd213c32.min.js
assets.adobedtm.com/9dd8bdfc74c3/cd37bd923e2c/ |
228 KB 73 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
www.nexi.it/etc/designs/nexi/clientlib-node/ |
537 KB 101 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-3.5.1.min.js
www.nexi.it/etc/designs/icbpi-common/libs/ |
87 KB 39 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo--light-double.svg
www.nexi.it/content/dam/nexi/new-login-2019/loghi/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
gtm.js
www.googletagmanager.com/ |
227 KB 75 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
id
dpm.demdex.net/ |
371 B 1 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP40e3bec801244c59a61bf06eb622a63c/ |
33 KB 12 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
app_store.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ |
15 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
google_play.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ |
25 KB 19 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
huawei-store.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ |
22 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
www.nexi.it/cookieservice/nexi-it/ |
21 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
placeholder_login_portale_privati.png
www.nexi.it/content/dam/nexi/new-login-2019/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
karbon-medium-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
karbon-regular-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
dest5.html
nexipayments.demdex.net/ Frame 9226 |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ibs:dpid=411&dpuuid=YebgMAAAAHtb7AO1
dpm.demdex.net/ Redirect Chain
|
42 B 945 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
delivery
nexipayments.tt.omtrdc.net/rest/v1/ |
355 B 590 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
hotjar-undefined.js
static.hotjar.com/c/ |
0 0 |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
KarbonApp-Regular.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
KarbonApp-Medium.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-close.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-phone.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
karbon-semibold-webfont.woff
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-close.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-phone.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-close-white.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-phone-warning-white.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
ico-down-blue.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
icon-blocked.svg
www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
KarbonApp-Semibold.ttf
www.nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo--dark-double.svg
www.nexi.it/content/dam/nexi/new-login-2019/loghi/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
api.js
www.google.com/recaptcha/ |
850 B 966 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
bundle.js
www.nexi.it/etc/designs/nexi/clientlib-node/ |
1 MB 373 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
content.ckscript.js
www.nexi.it/cookieservice/nexi-it/ |
79 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
recaptcha__it.js
www.gstatic.com/recaptcha/releases/TDBxTlSsKAUm3tSIa0fwIqNu/ |
353 KB 140 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H/1.1 |
retrieve-cookie-policy
www.nexi.it/api/services/nexi-utilities-service/prelogin/ Frame |
0 0 |
Preflight
text/xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
trace
www.cloudflare.com/cdn-cgi/ |
284 B 432 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
retrieve-cookie-policy
www.nexi.it/api/services/nexi-utilities-service/prelogin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
s55522955600664
nexipayments.sc.omtrdc.net/b/ss/nexipayments.production/1/JS-2.22.1-LBWB/ |
43 B 393 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-medium-webfont.woff
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-regular-webfont.woff
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Regular.ttf
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Medium.ttf
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-close.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-phone.svg
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-semibold-webfont.woff
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-close.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-phone.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-close-white.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-phone-warning-white.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/ico-down-blue.svg
- Domain
- www.nexi.ithttps
- URL
- https://www.nexi.ithttps//www.nexi.it/content/dam/nexi/img/icone/svg/icon-blocked.svg
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Semibold.ttf
- Domain
- www.nexi.it
- URL
- https://www.nexi.it/api/services/nexi-utilities-service/prelogin/retrieve-cookie-policy
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)89 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| dataLayer object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| $ function| jQuery boolean| wcmmode_disabled object| htmlBoxFunctionsArray function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings function| myFunc number| myTimeout object| gaplugins object| gaGlobal object| gaData function| verifyCallback function| login object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| regeneratorRuntime function| Swiper object| sessionStores object| Modernizr object| picturefillCFG function| picturefill object| browser object| _cookieLawObj function| ownKeys function| _objectSpread function| _defineProperty function| _createForOfIteratorHelper function| _slicedToArray function| _nonIterableRest function| _unsupportedIterableToArray function| _arrayLikeToArray function| _iterableToArrayLimit function| _arrayWithHoles object| MOBILE_REGEX_ONE object| MOBILE_REGEX_TWO number| EXPIRATION_TIME string| INSTALLED_DOMAIN string| COOKIE_DOMAIN string| COOKIE_TITLE_1 string| COOKIE_TITLE_2 string| COOKIE_TITLE_3 object| COOKIE_LIST string| BANNER_TEMPLATE string| COOKIE_NAME string| API_REST_BE string| ENV string| APPLICATION string| COOKIE_POLICY_VERSION string| LANG string| COOKIE_LENGHT string| COOKIE_CONSENT string| COOKIE_ACCEPT string| COOKIE_DECLINE string| COOKIE_MONTH string| COOKIE_CONSENT_TYPE object| cookieLawObj function| loadjQuery function| inheritMethod function| startingHeight function| onYouTubeIframeAPIReady object| recaptcha function| gRecaptchaCallBack function| gRecaptchaExpiredCallBack function| gRecaptchaSubmit object| s_i_nexipayments.production10 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .authenware.com/ | Name: at_check Value: true |
|
| .demdex.net/ | Name: demdex Value: 10466052902530779924497729981263593722 |
|
| .authenware.com/ | Name: AMCVS_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: 1 |
|
| .everesttech.net/ | Name: everest_g_v2 Value: g_surferid~YebgMAAAAHtb7AO1 |
|
| .authenware.com/ | Name: mbox Value: session#f53abc8c67cd4678888cb703f984efb2#1642522485|PC#f53abc8c67cd4678888cb703f984efb2.37_0#1705765425 |
|
| .dpm.demdex.net/ | Name: dpm Value: 10466052902530779924497729981263593722 |
|
| .authenware.com/ | Name: AMCV_6A724E255ED5F2A60A495E0E%40AdobeOrg Value: -1124106680%7CMCIDTS%7C19011%7CMCMID%7C05274075207604314474016320509679013445%7CMCAAMLH-1643125424%7C6%7CMCAAMB-1643125424%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1642527824s%7CNONE%7CMCSYNCSOP%7C411-19018%7CvVersion%7C5.2.0 |
|
| .authenware.com/ | Name: _ga Value: GA1.2.1427215259.1642520625 |
|
| .authenware.com/ | Name: _gid Value: GA1.2.834135446.1642520625 |
|
| .authenware.com/ | Name: s_cc Value: true |
23 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.adobedtm.com
authenware.com
cm.everesttech.net
dpm.demdex.net
nexipayments.demdex.net
nexipayments.sc.omtrdc.net
nexipayments.tt.omtrdc.net
static.hotjar.com
www.cloudflare.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.nexi.it
www.nexi.ithttps
www.nexi.it
www.nexi.ithttps
13.33.240.36
15.188.95.229
170.78.74.12
185.198.118.126
2606:4700::6810:7b60
2a00:1450:4001:829::2004
2a00:1450:4001:82a::2008
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2003
2a02:26f0:7100:1ab::1e80
34.251.243.172
34.252.166.160
52.211.244.253
52.50.54.3
0a6860b639d3f65209ac59599c26f7027aef515187c186b306a2e07c2c32e338
181dae49948bdc62063a4e16c25ef1cab4124ca204df17edd2abd4577d3f442b
1f6bbe8591e650b3e139d0603cafb80ea3e5e76117a15c4960422b536bd419d0
37e18042907560da2dc851e4958ccf7d6d52ff930cadc7607956110fd796fe5c
4e78d7ff08366ee22738a94a7c0777add9bfa2363548916d32da8387e1c81a1e
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
64e35e6e3e1969550eda7af80ded7e8e7ffdc15dd6a2bfdc4ed9bf1cb82cc762
77de0a5d2c2ceede5959078775f4a38ea7e61ef936c8b77a921069440c467ba9
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
92c5b25edbc4647c55be848b92ea22fd4618cc3252a2364025262e18a7430f84
99fe97d31d071311b105b5433bbdea7db0ec12c443e0b0a62f3c9c266552983d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
a6e5733276203290056753dac93ebbfa02fbebbe41ca623fc2352c9e66ea6a02
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8c36b9ad7478d6676a80abecc94cf1cafef3a7b2a79f653eb3bdd43ae1140d1
c96d6c44d50646e4096806c2f0ba110954d52f55150d7b34d0d7ba6872486266
ce36adf2ae8dd929ca2cdc4daf9aa5d0888f37d3bf9b98e494f8d822b873a9c4
ce479cee7c9a7e697b41ada48930a10737567298a71ff792c67757b5974b3640
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629