tnvcert.com
Open in
urlscan Pro
88.198.102.81
Malicious Activity!
Public Scan
Submission: On February 27 via manual from IT — Scanned from IT
Summary
TLS certificate: Issued by R3 on February 6th 2024. Valid for: 3 months.
This is the only time tnvcert.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 88.198.102.81 88.198.102.81 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 151.101.2.137 151.101.2.137 | 54113 (FASTLY) (FASTLY) | |
2 | 185.198.118.126 185.198.118.126 | 35051 (NEXI-AS) (NEXI-AS) | |
14 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
tnvcert.com
tnvcert.com |
239 KB |
2 |
nexi.it
www.nexi.it |
188 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 729 |
32 KB |
14 | 3 |
Domain | Requested by | |
---|---|---|
9 | tnvcert.com |
tnvcert.com
code.jquery.com |
2 | www.nexi.it |
tnvcert.com
|
1 | code.jquery.com |
tnvcert.com
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.nexi.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tnvcert.com R3 |
2024-02-06 - 2024-05-06 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2023-08-04 - 2024-08-21 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://tnvcert.com/
Frame ID: 9043B7FC06F135F712F3E2FFDEE30FEA
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
HomeDetected technologies
Google Tag Manager (Tag Managers) ExpandDetected patterns
- <!-- (?:End )?Google Tag Manager -->
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Privati
Search URL Search Domain Scan URL
Title: Non sei tu?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
tnvcert.com/ |
550 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-1.9.1.min.js
code.jquery.com/ |
90 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
tnvcert.com/index_files/ |
568 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.nexi.it/cookieservice/nexi-it/ |
21 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
tnvcert.com/index_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo--dark.svg
tnvcert.com/index_files/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo--light.svg
tnvcert.com/index_files/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
tnvcert.com/index_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Card_Login_IOSI-Plus_Desktop_786x694.jpg
www.nexi.it/content/dam/nexi/img/login/ |
180 KB 181 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-regular-webfont.woff
tnvcert.com/index_files/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-semibold-webfont.woff
tnvcert.com/index_files/fonts/ |
24 KB 25 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
karbon-medium-webfont.woff
tnvcert.com/index_files/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nexi.woff
tnvcert.com/index_files/fonts/ |
70 KB 70 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
access.php
tnvcert.com/panel/ |
88 B 183 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- tnvcert.com
- URL
- https://tnvcert.com/index_files/css
- Domain
- tnvcert.com
- URL
- https://tnvcert.com/index_files/css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| jQuery191024671642239583670 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
tnvcert.com
www.nexi.it
tnvcert.com
151.101.2.137
185.198.118.126
88.198.102.81
04410889c5251ebffe51063822311d828830abd030f73b6cdb5777e5b3238cb3
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
1f6bbe8591e650b3e139d0603cafb80ea3e5e76117a15c4960422b536bd419d0
23ad197def9f4c983e658350fb1788aa32894df43eec7fa5d6ade80bc30cfdda
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
790272db4f81bd54720506a836a513fb2ef6520b5227ce392be7c1dac52f4621
82ab8c39632fe6180a81e496f21dec585bfb3faa3df59145ff7e6826b86b2970
a38acfae433e9ec1c9d35ea1e226361942de99362ad13c183d502fdbe1e96273
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
d1700915fc4144972b88e8a2d733e1bd5cfbc8ab94f91750878fa096e3d00903
fea1078f1c89033344ccd1179dfb9e24cd64acddbccbc9157997348f194e9367