www.nexiiservice.com Open in urlscan Pro
212.224.107.10 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nexiiservice.com/
Effective URL:
https://www.nexiiservice.com/
Submission Tags: @ecarlesi threat phishing nexipayments Search All
Submission: On June 29 via api (June 29th 2024, 9:22:11 am UTC) from IT — Scanned from IT

Summary HTTP 25 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 25 HTTP transactions. The main IP is 212.224.107.10, located in Germany and belongs to DE-FIRSTCOLO firstcolo.net, DE. The main domain is www.nexiiservice.com.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on June 29th 2024. Valid for: a year.

This is the only time www.nexiiservice.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 2	212.224.107.10 212.224.107.10	44066 (DE-FIRSTC...) (DE-FIRSTCOLO firstcolo.net)
16	185.198.118.126 185.198.118.126	35051 (NEXI-AS) (NEXI-AS)
25	3

2 212.224.107.10 (Germany) 1 redirects

ASN44066 (DE-FIRSTCOLO firstcolo.net, DE)
PTR: win.ultahost.com

nexiiservice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nexiiservice.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 185.198.118.126 (Italy)

ASN35051 (NEXI-AS, IT)

www.nexi.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	nexi.it www.nexi.it	566 KB
2	nexiiservice.com 1 redirects nexiiservice.com www.nexiiservice.com	46 KB
25	2

	Domain	Requested by
16	www.nexi.it	www.nexiiservice.com www.nexi.it
1	www.nexiiservice.com
1	nexiiservice.com	1 redirects
25	3

This site contains links to these domains. Also see Links.

Domain
apps.apple.com
play.google.com
appgallery.huawei.com
privati.nexi.it
www.nexi.it

Subject Issuer	Validity	Valid
nexiiservice.com RapidSSL TLS RSA CA G1	`2024-06-29` - `2025-06-28`	a year	crt.sh
www.nexi.it GlobalSign RSA OV SSL CA 2018	`2023-08-04` - `2024-08-21`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.nexiiservice.com/
Frame ID: 5FD2905259C9C71B4AEF57973AD1C5D2
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Page URL History Show full URLs

http://nexiiservice.com/ HTTP 307
https://nexiiservice.com/ HTTP 301
https://www.nexiiservice.com/ Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Page Statistics

25
Requests

68 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

612 kB
Transfer

1160 kB
Size

0
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C101454369

Search URL Search Domain Scan URL

URL: https://privati.nexi.it/registration/intro
Title: REGISTRATI

Search URL Search Domain Scan URL

URL: https://www.nexi.it/dichiarazione-accessibilita-areapersonale
Title: Dichiarazione accessibilità

Search URL Search Domain Scan URL

URL: https://www.nexi.it/content/dam/nexi/new-login-2019/informativa_privacy.pdf
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nexiiservice.com/ HTTP 307
https://nexiiservice.com/ HTTP 301
https://www.nexiiservice.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.nexiiservice.com/
Redirect Chain

http://nexiiservice.com/
https://nexiiservice.com/
https://www.nexiiservice.com/

325 KB
46 KB

59ms
38ms

Document
text/html

212.224.107.10
DE-FIRSTCOLO firs...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.nexiiservice.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 212.224.107.10 , Germany, ASN44066 (DE-FIRSTCOLO firstcolo.net, DE),
Reverse DNS: win.ultahost.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: c79f39f0a15add7aa1508b429a248bb2ce7c49008f74569cc45d1d40af995a72

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-encoding: br
content-length: 46803
content-type: text/html; charset=UTF-8
date: Sat, 29 Jun 2024 09:22:04 GMT
server: Microsoft-IIS/10.0
vary: Accept-Encoding
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

Redirect headers

content-length: 152
content-type: text/html; charset=UTF-8
date: Sat, 29 Jun 2024 09:22:04 GMT
location: https://www.nexiiservice.com/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
x-powered-by-plesk: PleskWin

GET
H/1.1 200
OK clientlib-site.min.css
www.nexi.it/etc.clientlibs/nexinew/clientlibs/ 289 KB
45 KB 242ms
45ms Stylesheet
text/css 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site.min.css

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

a463d7ba0746379c5637c7bde2b988eb8966123424ee92c01081652ebaeb45f4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 28 May 2024 09:37:45 GMT
ETag: "482bc-6198062de5b40-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: text/css
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 45646

GET
H/1.1 200
OK nexi-logo-white.svg
www.nexi.it/content/dam/nexinew/icone/ 2 KB
2 KB 236ms
38ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexinew/icone/nexi-logo-white.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

4c399d83f036f296ac9cdc6cbb47af8f77b8892218b7c0ae7c26b292f4eddd08

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 28 May 2024 09:37:31 GMT
ETag: "72c-61980620cc1c0-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=58
Content-Length: 772

GET
H/1.1 200
OK login_pt.jpg
www.nexi.it/content/dam/nexinew/login/ 425 KB
426 KB 302ms
80ms Image
image/jpeg 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexinew/login/login_pt.jpg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

36bb0d74373b6d4d97b8d028fdf5b72e6bcd42b757d17b9b2801205c53200d83

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 28 May 2024 09:37:26 GMT
ETag: "6a3fc-6198061be5430"
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/jpeg
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 435196

GET
H/1.1 200
OK NexiPay.svg
www.nexi.it/content/dam/mos/bar-e-ristoranti/icon/ 9 KB
4 KB 256ms
52ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/mos/bar-e-ristoranti/icon/NexiPay.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

a8d50480799b7d6b5aa37d2eba6ac1fe64dbaf2749cc6f3101efa839760eb3cb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Fri, 07 Jun 2024 10:09:20 GMT
ETag: "2337-61a49fe3a2ab8-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, HEAD
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=88
Content-Length: 3309

GET
H/1.1 200
OK app_store.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ 15 KB
7 KB 275ms
55ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/new-login-2019/icons/app_store.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:04 GMT
ETag: "3dc8-616cad4796fab-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 6270

GET
H/1.1 200
OK google_play.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ 25 KB
19 KB 302ms
96ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/new-login-2019/icons/google_play.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:10 GMT
ETag: "62ff-616cad4d57c81-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=90
Content-Length: 18729

GET
H/1.1 200
OK huawei-store.svg
www.nexi.it/content/dam/nexi/new-login-2019/icons/ 22 KB
15 KB 245ms
54ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/new-login-2019/icons/huawei-store.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:24 GMT
ETag: "5675-616cad5b6b006-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=57
Content-Length: 14036

GET
H/1.1 200
OK icon-close.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 2 KB
2 KB 47ms
46ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/icon-close.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:11 GMT
ETag: "628-616cad4e691ef-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=56
Content-Length: 789

GET
H/1.1 200
OK icon-phone.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 4 KB
2 KB 40ms
40ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/icon-phone.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:15:04 GMT
ETag: "fb0-616cae2cf6d15-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=87
Content-Length: 1520

GET
H/1.1 200
OK icon-close-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 2 KB
2 KB 42ms
42ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/icon-close-white.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:04 GMT
ETag: "637-616cad47e94a7-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 805

GET
H/1.1 200
OK icon-phone-warning-white.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 4 KB
2 KB 37ms
37ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/icon-phone-warning-white.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:12:02 GMT
ETag: "f29-616cad7efc2e8-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=89
Content-Length: 1500

GET
H/1.1 200
OK ico-down-blue.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 898 B
1 KB 38ms
37ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/ico-down-blue.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:40 GMT
ETag: "382-616cad6a6f51d-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=55
Content-Length: 535

GET
H/1.1 200
OK icon-blocked.svg
www.nexi.it/content/dam/nexi/img/icone/svg/ 935 B
1 KB 36ms
36ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexi/img/icone/svg/icon-blocked.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 23 Apr 2024 22:11:01 GMT
ETag: "3a7-616cad448ee45-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=54
Content-Length: 489

GET
H/1.1 200
OK nexi-logo-dark.svg
www.nexi.it/content/dam/nexinew/icone/ 2 KB
2 KB 190ms
40ms Image
image/svg+xml 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.nexi.it/content/dam/nexinew/icone/nexi-logo-dark.svg

Requested by

Host: www.nexiiservice.com
URL: https://www.nexiiservice.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

2bef6e7b4bd23a7009ddf29a2896bbdc7e25a365b501b2c34b5fd42917e12337

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Content-Encoding: br
Last-Modified: Tue, 28 May 2024 09:37:27 GMT
ETag: "8fa-6198061c6ace9-br"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding,Origin
Content-Type: image/svg+xml
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=91
Content-Length: 892

GET KarbonApp.woff2
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET KarbonAppMedium.woff2
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET KarbonAppSemibold.woff2
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET nexinew.ttf
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/ 0
0

GET KarbonApp.woff
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET KarbonAppMedium.woff
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET KarbonAppSemibold.woff
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/ 0
0

GET nexinew.woff
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/ 0
0

GET
H/1.1 200
OK favicon.png
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/favicons/ 801 B
2 KB 61ms
61ms Other
image/png 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/favicons/favicon.png

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

e5c0e42bb6a3f3a244f8724587feb409c48a467a098e94c708bbb58117d41369

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 28 May 2024 09:37:28 GMT
ETag: "321-6198061d61066"
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/png
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=84
Content-Length: 801

GET
H/1.1 200
OK favicon.ico
www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/favicons/ 34 KB
34 KB 47ms
47ms Other
image/vnd.microsoft.icon 185.198.118.126
NEXI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/favicons/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

185.198.118.126 , Italy, ASN35051 (NEXI-AS, IT),

Reverse DNS

Software

Resource Hash

ddcb12028caf567e0f9d6af1adc7e51df78b7c800f99eab2608c11ca47f9b77e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.nexiiservice.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 29 Jun 2024 09:22:05 GMT
Content-Security-Policy: frame-ancestors 'self'
Last-Modified: Tue, 28 May 2024 09:37:26 GMT
ETag: "86be-6198061bf65a1"
X-Frame-Options: SAMEORIGIN
Vary: Origin
Content-Type: image/vnd.microsoft.icon
P3P: policyref="/w3c/p3p.xml", CP="IDC DSP COR NID DEVi OUR BUS INT"
Cache-Control: max-age=8380800, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=83
Content-Length: 34494

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff2

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff2

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff2

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.ttf

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff

Domain: www.nexi.it
URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

17 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	warning	URL: https://www.nexiiservice.com/ Message: [DOM] Found 2 elements with non-unique id #user-name: (More info: https://goo.gl/9p2vKq) %o %o
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff2' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff2' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff2' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff2 Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.ttf' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppSemibold.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonAppMedium.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.woff' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/nexinew/nexinew.woff Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://www.nexiiservice.com/ Message: Access to font at 'https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff' from origin 'https://www.nexiiservice.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.nexi.it/etc.clientlibs/nexinew/clientlibs/clientlib-site/resources/fonts/karbon/KarbonApp.woff Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

nexiiservice.com
www.nexi.it
www.nexiiservice.com
www.nexi.it
185.198.118.126
212.224.107.10
2bef6e7b4bd23a7009ddf29a2896bbdc7e25a365b501b2c34b5fd42917e12337
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
36bb0d74373b6d4d97b8d028fdf5b72e6bcd42b757d17b9b2801205c53200d83
4c399d83f036f296ac9cdc6cbb47af8f77b8892218b7c0ae7c26b292f4eddd08
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
a22ea2c13b8179c675566ef9ce7a77c663056b6147674c851d898b21f6c68ee6
a463d7ba0746379c5637c7bde2b988eb8966123424ee92c01081652ebaeb45f4
a8d50480799b7d6b5aa37d2eba6ac1fe64dbaf2749cc6f3101efa839760eb3cb
c79f39f0a15add7aa1508b429a248bb2ce7c49008f74569cc45d1d40af995a72
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
ddcb12028caf567e0f9d6af1adc7e51df78b7c800f99eab2608c11ca47f9b77e
e5c0e42bb6a3f3a244f8724587feb409c48a467a098e94c708bbb58117d41369
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c

www.nexiiservice.com Open in urlscan Pro 212.224.107.10 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

68 %HTTPS

0 %IPv6

2 Domains

3 Subdomains

3 IPs

2 Countries

612 kBTransfer

1160 kBSize

0 Cookies

6 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

17 Console Messages

Indicators

www.nexiiservice.com Open in urlscan Pro
212.224.107.10 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

68 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

612 kB
Transfer

1160 kB
Size

0
Cookies

25 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!