u813494hwc.ha004.t.justns.ru
Open in
urlscan Pro
2a00:b700::39
Malicious Activity!
Public Scan
Effective URL: http://u813494hwc.ha004.t.justns.ru/nexi/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Submission: On August 12 via manual from IT
Summary
This is the only time u813494hwc.ha004.t.justns.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nexi (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 7 | 2a00:b700::39 2a00:b700::39 | 51659 (ASBAXET) (ASBAXET) | |
13 | 151.99.162.64 151.99.162.64 | 3269 (ASN-IBSNAZ) (ASN-IBSNAZ) | |
1 | 2a00:1450:400... 2a00:1450:4001:815::2008 | 15169 (GOOGLE) (GOOGLE) | |
2 4 | 2a00:1450:400... 2a00:1450:4001:814::200e | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 2a00:1450:400... 2a00:1450:400c:c00::9a | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:800::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::2003 | 15169 (GOOGLE) (GOOGLE) | |
31 | 7 |
ASN3269 (ASN-IBSNAZ, IT)
PTR: host-151-99-162-64.business.telecomitalia.it
nexi.it | |
www.nexi.it |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
nexi.it
nexi.it www.nexi.it privati.nexi.it Failed |
2 MB |
7 |
justns.ru
1 redirects
u813494hwc.ha004.t.justns.ru |
140 KB |
4 |
google-analytics.com
2 redirects
www.google-analytics.com |
20 KB |
2 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
272 B |
1 |
google.de
www.google.de |
492 B |
1 |
google.com
1 redirects
www.google.com |
369 B |
1 |
googletagmanager.com
www.googletagmanager.com |
71 KB |
31 | 7 |
Domain | Requested by | |
---|---|---|
7 | nexi.it |
u813494hwc.ha004.t.justns.ru
|
7 | u813494hwc.ha004.t.justns.ru |
1 redirects
u813494hwc.ha004.t.justns.ru
nexi.it |
6 | www.nexi.it |
u813494hwc.ha004.t.justns.ru
|
4 | www.google-analytics.com |
2 redirects
www.googletagmanager.com
www.google-analytics.com |
2 | stats.g.doubleclick.net |
1 redirects
u813494hwc.ha004.t.justns.ru
|
1 | www.google.de |
u813494hwc.ha004.t.justns.ru
|
1 | www.google.com | 1 redirects |
1 | www.googletagmanager.com |
u813494hwc.ha004.t.justns.ru
|
0 | privati.nexi.it Failed |
u813494hwc.ha004.t.justns.ru
|
31 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
apps.apple.com |
play.google.com |
privati.nexi.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.nexi.it GlobalSign RSA OV SSL CA 2018 |
2020-06-08 - 2021-07-25 |
a year | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-07-15 - 2020-10-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://u813494hwc.ha004.t.justns.ru/nexi/manage/?view=login&appIdKey=fcd00c0656cc490&country=
Frame ID: 7CA065F5C150D62A0AA9BE1F2700DE04
Requests: 31 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://u813494hwc.ha004.t.justns.ru/nexi
HTTP 301
http://u813494hwc.ha004.t.justns.ru/nexi/ Page URL
- http://u813494hwc.ha004.t.justns.ru/nexi/manage/?view=login&appIdKey=fcd00c0656cc490&country= Page URL
Detected technologies
LiteSpeed (Web Servers) ExpandDetected patterns
- headers server /^LiteSpeed$/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: REGISTRATI
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://u813494hwc.ha004.t.justns.ru/nexi
HTTP 301
http://u813494hwc.ha004.t.justns.ru/nexi/ Page URL
- http://u813494hwc.ha004.t.justns.ru/nexi/manage/?view=login&appIdKey=fcd00c0656cc490&country= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://u813494hwc.ha004.t.justns.ru/nexi HTTP 301
- http://u813494hwc.ha004.t.justns.ru/nexi/
- https://www.google-analytics.com/r/collect?v=1&_v=j83&a=505899203&t=pageview&_s=1&dl=http%3A%2F%2Fu813494hwc.ha004.t.justns.ru%2Fnexi%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D&ul=en-us&de=UTF-8&dt=Area%20Personale&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEAL~&jid=1271268838&gjid=366130560&cid=1509357822.1597232826&tid=UA-3681719-9&_gid=642933687.1597232826&_r=1>m=2wg871P76R79S&z=1185350377 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3681719-9&cid=1509357822.1597232826&jid=1271268838&_gid=642933687.1597232826&gjid=366130560&_v=j83&z=1185350377
- https://www.google-analytics.com/r/collect?v=1&_v=j83&aip=1&a=505899203&t=event&ni=0&_s=1&dl=http%3A%2F%2Fu813494hwc.ha004.t.justns.ru%2Fnexi%2Fmanage%2F%3Fview%3Dlogin%26appIdKey%3Dfcd00c0656cc490%26country%3D&ul=en-us&de=UTF-8&dt=Area%20Personale&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Login&ea=login%20message&el=Area%20Personale&_u=aGDAAEAL~&jid=90754743&gjid=1568183195&cid=1509357822.1597232826&tid=UA-3681719-1&_gid=642933687.1597232826&_r=1>m=2wg871P76R79S&cd25=not-set&z=1762336550 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3681719-1&cid=1509357822.1597232826&jid=90754743&_gid=642933687.1597232826&gjid=1568183195&_v=j83&z=1762336550 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3681719-1&cid=1509357822.1597232826&jid=90754743&_v=j83&z=1762336550 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3681719-1&cid=1509357822.1597232826&jid=90754743&_v=j83&z=1762336550&slf_rd=1&random=2581256490
31 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
u813494hwc.ha004.t.justns.ru/nexi/ Redirect Chain
|
162 B 547 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
u813494hwc.ha004.t.justns.ru/nexi/manage/ |
767 KB 138 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
nexi.it/etc/designs/nexi/clientlib-node/ |
555 KB 103 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.min.js
nexi.it/etc/designs/icbpi-common/libs/ |
165 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo--light-double.svg
nexi.it/content/dam/nexi/new-login-2019/loghi/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app_store.svg
nexi.it/content/dam/nexi/new-login-2019/icons/ |
15 KB 16 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
google_play.svg
nexi.it/content/dam/nexi/new-login-2019/icons/ |
25 KB 25 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
389 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-close-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-phone-warning-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ico-down-blue.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
898 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icon-blocked.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ |
935 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bundle.js
nexi.it/etc/designs/nexi/clientlib-node/ |
534 KB 206 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
content.ckscript.js
u813494hwc.ha004.t.justns.ru/cookieservice/nexi-it/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
u813494hwc.ha004.t.justns.ru/cookieservice/nexi-it/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
placeholder_login_portale_privati.png
u813494hwc.ha004.t.justns.ru/content/dam/nexi/new-login-2019/img/ |
414 B 414 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-regular-webfont.woff
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-medium-webfont.woff
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
karbon-semibold-webfont.woff
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
it.navs.json
u813494hwc.ha004.t.justns.ru/content/nexi/ |
382 B 572 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
placeholder_login_portale_privati.png
nexi.it/content/dam/nexi/new-login-2019/img/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Regular.ttf
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
45 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Medium.ttf
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
KarbonApp-Semibold.ttf
nexi.it/etc/designs/nexi/clientlib-node/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ec.js
www.google-analytics.com/plugins/ua/ |
3 KB 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
stats.g.doubleclick.net/r/ Redirect Chain
|
35 B 99 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Redirect Chain
|
42 B 492 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
card-holder-name
privati.nexi.it/api/services/login/auth/prelogin/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-regular-webfont.woff
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-medium-webfont.woff
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/karbon-semibold-webfont.woff
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Regular.ttf
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Medium.ttf
- Domain
- nexi.it
- URL
- https://nexi.it/etc/designs/nexi/clientlib-node/fonts/KarbonApp-Semibold.ttf
- Domain
- privati.nexi.it
- URL
- https://privati.nexi.it/api/services/login/auth/prelogin/card-holder-name
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nexi (Banking)27 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| dataLayer function| $ function| jQuery boolean| wcmmode_disabled object| htmlBoxFunctionsArray object| resources function| webpackJsonp object| __core-js_shared__ function| Swiper object| sessionStores object| Modernizr object| picturefillCFG function| picturefill object| browser boolean| cancellable function| getNavs function| scrollToElement function| gRecaptchaCallBack function| gRecaptchaExpiredCallBack object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| gaplugins object| gaGlobal object| gaData5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.justns.ru/ | Name: _gat_UA-3681719-1 Value: 1 |
|
.justns.ru/ | Name: _gid Value: GA1.2.642933687.1597232826 |
|
.justns.ru/ | Name: _gat_UA-3681719-9 Value: 1 |
|
.justns.ru/ | Name: _ga Value: GA1.2.1509357822.1597232826 |
|
u813494hwc.ha004.t.justns.ru/ | Name: PHPSESSID Value: 381745aee3f11a0740c534d2c03b0b80 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
nexi.it
privati.nexi.it
stats.g.doubleclick.net
u813494hwc.ha004.t.justns.ru
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.nexi.it
nexi.it
privati.nexi.it
151.99.162.64
2a00:1450:4001:800::2004
2a00:1450:4001:814::200e
2a00:1450:4001:815::2008
2a00:1450:4001:821::2003
2a00:1450:400c:c00::9a
2a00:b700::39
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0782db734196502aadc1290a8c2a53281336318542ffcec1fcea983e38ab1385
0a2eb0b63e5f022a2faa0bd845ef9f7f5887020bd4beecd02265c9ff2375b6a8
1e16f326687e127fd80ced420d9aa0834f4447ce02509722546b533e4f4c4d94
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
54466dfe7a775e83a59173a3dddd4f3b4389018346c98d1cb6b73638d0c89a8f
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
7768b0eedea7fd6cb02d7e5f64530c2bc7a116a2c14cabfefe18c3beb614b25f
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
861a4758d8d84ee664daa9cebfccf9aa3ab671f213484cb1f5e9ce586670a89b
8a04f884f0e2ecc9ea64b9375045b94b1e1fb277ca45f7c2efb6297e2fe2682d
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
a5d0d20f8b647801bfb80f4adce45d913584da9ae408d4ffe6b6eecf35b905ce
b94d79be04179828f15e98b7ff4831b7422ac28fad4868bf20d72f38cb823268
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955