n3plcpnl0262.prod.ams3.secureserver.net
Open in
urlscan Pro
160.153.155.18
Malicious Activity!
Public Scan
Submission: On January 28 via automatic, source openphish
Summary
TLS certificate: Issued by Starfield Secure Certificate Authorit... on April 16th 2018. Valid for: 2 years.
This is the only time n3plcpnl0262.prod.ams3.secureserver.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 160.153.155.18 160.153.155.18 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
2 | 2a00:1450:400... 2a00:1450:4001:816::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 37.157.4.41 37.157.4.41 | 198622 (ADFORM) (ADFORM) | |
2 | 2a00:1450:400... 2a00:1450:4001:817::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2a00:1450:400... 2a00:1450:4001:808::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 147.75.205.49 147.75.205.49 | 54825 (PACKET) (PACKET - Packet Host) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 147.75.81.98 147.75.81.98 | 54825 (PACKET) (PACKET - Packet Host) | |
3 | 185.198.116.51 185.198.116.51 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
1 | 151.99.162.64 151.99.162.64 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
22 | 11 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: n3plcpnl0262.prod.ams3.secureserver.net
n3plcpnl0262.prod.ams3.secureserver.net |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-26
static.hotjar.com |
ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-30
script.hotjar.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
nexi.it
privati.nexi.it www.nexi.it |
425 KB |
3 |
hotjar.com
static.hotjar.com script.hotjar.com |
163 KB |
3 |
googleapis.com
ajax.googleapis.com fonts.googleapis.com |
39 KB |
2 |
google-analytics.com
www.google-analytics.com |
19 KB |
2 |
secureserver.net
n3plcpnl0262.prod.ams3.secureserver.net |
82 KB |
1 |
googletagmanager.com
www.googletagmanager.com |
49 KB |
1 |
adform.net
track.adform.net |
30 KB |
22 | 7 |
Domain | Requested by | |
---|---|---|
3 | privati.nexi.it |
n3plcpnl0262.prod.ams3.secureserver.net
ajax.googleapis.com |
2 | script.hotjar.com |
n3plcpnl0262.prod.ams3.secureserver.net
static.hotjar.com |
2 | ajax.googleapis.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
2 | www.google-analytics.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
2 | n3plcpnl0262.prod.ams3.secureserver.net |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | www.nexi.it |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | fonts.googleapis.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | static.hotjar.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | www.googletagmanager.com |
n3plcpnl0262.prod.ams3.secureserver.net
|
1 | track.adform.net |
n3plcpnl0262.prod.ams3.secureserver.net
|
22 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.prod.ams3.secureserver.net Starfield Secure Certificate Authority - G2 |
2018-04-16 - 2020-04-16 |
2 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
track.adform.net DigiCert SHA2 Secure Server CA |
2018-02-02 - 2019-10-02 |
2 years | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-12-19 - 2019-03-13 |
3 months | crt.sh |
static.hotjar.com Let's Encrypt Authority X3 |
2018-12-10 - 2019-03-10 |
3 months | crt.sh |
script.hotjar.com Let's Encrypt Authority X3 |
2018-12-10 - 2019-03-10 |
3 months | crt.sh |
privati.nexi.it DigiCert SHA2 Extended Validation Server CA |
2018-06-18 - 2019-06-19 |
a year | crt.sh |
www.nexi.it DigiCert SHA2 Extended Validation Server CA |
2018-06-25 - 2019-06-26 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/1e0fa/card.php
Frame ID: D4400261F20EB80D2F8AF4BB2B98BA57
Requests: 22 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
- script /googleapis\.com\/.+webfont/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- env /^google_tag_manager$/i
Hotjar (Analytics) Expand
Detected patterns
- script /^\/\/static\.hotjar\.com\/c\/hotjar-/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
card.php
n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/1e0fa/ |
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ec.js
www.google-analytics.com/plugins/ua/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
track.adform.net/serving/scripts/trackpoint/async/ |
76 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1/ |
13 KB 5 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
256 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-643217.js
static.hotjar.com/c/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.7.2/ |
93 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
5 KB 710 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-79263abf7d750edcf2ac9b3f61c10e5a.js
script.hotjar.com/ |
400 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.222d70f6d6e470a9d211755bfbc35f22.css
privati.nexi.it/ |
14 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.976106247a3e6ce08a12fe8c08f86176.css
privati.nexi.it/ |
3 MB 412 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo_dark.svg
privati.nexi.it/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nexipay-tablet-688x468.jpg
n3plcpnl0262.prod.ams3.secureserver.net/~ekcafq51l7h1/n3plcpnl0262/1e0fa/img/ |
79 KB 79 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.nexi.it/cookieservice/titolari-it/ |
17 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules-7b804fe854a1eeafa15731d35d6b9a9e.js
script.hotjar.com/ |
400 KB 81 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-regular-webfont.woff
privati.nexi.it/fonts/Karbon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-semibold-webfont.woff
privati.nexi.it/fonts/Karbon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
font-icon_2.3.woff
privati.nexi.it/fonts/font-icon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-regular-webfont.ttf
privati.nexi.it/fonts/Karbon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-semibold-webfont.ttf
privati.nexi.it/fonts/Karbon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
font-icon_2.3.ttf
privati.nexi.it/fonts/font-icon/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/Karbon/karbon-regular-webfont.woff
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/Karbon/karbon-semibold-webfont.woff
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/font-icon/font-icon_2.3.woff
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/Karbon/karbon-regular-webfont.ttf
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/Karbon/karbon-semibold-webfont.ttf
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/fonts/font-icon/font-icon_2.3.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| gaplugins function| ga object| google_tag_data object| WebFont function| $ function| jQuery object| google_tag_manager object| dataLayer object| Adform object| KJUR object| adf object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| hj object| _hjSettings1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
n3plcpnl0262.prod.ams3.secureserver.net/ | Name: PHPSESSID Value: 85b18654eb4f19cd284edc3b840defd7 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
fonts.googleapis.com
n3plcpnl0262.prod.ams3.secureserver.net
privati.nexi.it
script.hotjar.com
static.hotjar.com
track.adform.net
www.google-analytics.com
www.googletagmanager.com
www.nexi.it
privati.nexi.it
147.75.205.49
147.75.81.98
151.99.162.64
160.153.155.18
185.198.116.51
2a00:1450:4001:808::2008
2a00:1450:4001:816::200e
2a00:1450:4001:817::200a
2a00:1450:4001:819::200a
37.157.4.41
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
260f59a0f3ec205735c10ed1b28b0b42871437fa0f466bf61a386e6150ac4239
2ba20f95f1f9e59dced89ead82577dc71a3c0c7d9fa6b7dd9d1b3c0d638cf193
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4c9151ec30fd2126494b4e022b181ec87b46a1839450d31a7afa00269983022c
76d05ecaa2cbaa3673adf02f407003d350e3f1ee0dfb302f3c1c44dec923d3f6
7df64b6823c3a373c42eadf31d8b1e015b3a9cd8a5a35b6162e38d3188dd56d4
7f66b160113a32f723be4ca6e45a2ba5b21fa61f86bbf33a32333badd33f766f
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
8e2e24d9f5f2ea2967c9e166fb11cecd011353c3a4eb6d20feb6e9659b1aa645
916fb1152dbc9efc7ef54039655e7c5e86bca3fde2b51f0e4a19eb21a17b3282
a631e8098179b4b6feaca08bce747cb8b3c53450c3fe30eead2c3f23dd288265
ae4697824881a6a6b5fe690d5652d24fbacae1586d0afa90213d7b2c18162938
b15e7144c955c393a5d8f9dbe7935fc296336808b0a25e86240fbde6f6644c4b
d67f12c2477d3da4230bc85d5bc40f813d93ca6ebd3a7befc6599a02f157dfdd