pagamenti.nexiacquisto.online Open in urlscan Pro
91.224.22.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://l.linklyhq.com/l/ljcU
Effective URL:
https://pagamenti.nexiacquisto.online/
Submission: On March 16 via manual (March 16th 2022, 12:50:12 pm UTC) from IT — Scanned from IT

Summary HTTP 22 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 22 HTTP transactions. The main IP is 91.224.22.24, located in Russian Federation and belongs to AS-REG, RU. The main domain is pagamenti.nexiacquisto.online.
TLS certificate: Issued by R3 on March 12th 2022. Valid for: 3 months.

This is the only time pagamenti.nexiacquisto.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Nexi (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	35.226.132.161 35.226.132.161	15169 (GOOGLE) (GOOGLE)
20	91.224.22.24 91.224.22.24	197695 (AS-REG) (AS-REG)
1	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (STACKPATH...) (STACKPATH-CDN)
22	3

1 35.226.132.161 (Council Bluffs, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 161.132.226.35.bc.googleusercontent.com

l.linklyhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 91.224.22.24 (Russian Federation)

ASN197695 (AS-REG, RU)
PTR: mskf22-24-v.komtet.ru

pagamenti.nexiacquisto.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (STACKPATH-CDN, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	nexiacquisto.online pagamenti.nexiacquisto.online	656 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 588	30 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 403	25 KB
1	linklyhq.com 1 redirects l.linklyhq.com — Cisco Umbrella Rank: 529597	367 B
22	4

	Domain	Requested by
20	pagamenti.nexiacquisto.online	pagamenti.nexiacquisto.online
1	code.jquery.com	pagamenti.nexiacquisto.online
1	cdn.jsdelivr.net	pagamenti.nexiacquisto.online
1	l.linklyhq.com	1 redirects
22	4

This site contains links to these domains. Also see Links.

Domain
apps.apple.com
play.google.com
appgallery.huawei.com

Subject Issuer	Validity	Valid
pagamenti.nexiacquisto.online R3	`2022-03-12` - `2022-06-10`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-03` - `2022-07-02`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://pagamenti.nexiacquisto.online/
Frame ID: 8B9CE15EFE0E7C4F80837AA2E779FFB4
Requests: 22 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Area Personale

Page URL History Show full URLs

https://l.linklyhq.com/l/ljcU HTTP 302
https://pagamenti.nexiacquisto.online/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

22
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

711 kB
Transfer

1449 kB
Size

2
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://apps.apple.com/it/app/nexi-pay/id518695175

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=it.icbpi.mobile&hl=it

Search URL Search Domain Scan URL

URL: https://appgallery.huawei.com/#/app/C101454369

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://l.linklyhq.com/l/ljcU HTTP 302
https://pagamenti.nexiacquisto.online/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
pagamenti.nexiacquisto.online/
Redirect Chain

https://l.linklyhq.com/l/ljcU
https://pagamenti.nexiacquisto.online/

613 KB
59 KB

1173ms
114ms

Document
text/html

91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5482880f7c194077f527b16e62248196d3c04a8ff823fff0919f079294923954

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: it-IT,it;q=0.9

Response headers

Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 16 Mar 2022 12:50:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 12 Mar 2022 17:23:37 GMT
Content-Encoding: gzip

Redirect headers

date: Wed, 16 Mar 2022 12:50:03 GMT
content-type: text/html; charset=utf-8
content-length: 103
location: https://pagamenti.nexiacquisto.online
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers
cache-control: no-cache
referer
x-request-id: c07363a7c98524c815da191cc0e955de

GET
H2 200 bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/ 156 KB
25 KB 93ms
54ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css

Requested by

Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:50:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 141045
x-jsd-version: 4.4.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains; preload
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19143-FRA, cache-mxp6936-MXP
timing-allow-origin: *
x-jsd-version-type: version
server: cloudflare
etag: W/"26f1b-0wURD7eRE6lhOUtDPYUaNBA0K4w"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cf-ray: 6ecd9ccf0fd35a3d-MXP

GET
H/1.1 200
OK style.css
pagamenti.nexiacquisto.online/static/area_personale_files/ 246 KB
246 KB 232ms
123ms Stylesheet
text/css 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 7aa8e30666e17b48c4ce54d717357be8bf47133b3a85203c2a36acc270711e61

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Sat, 12 Mar 2022 00:43:18 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 252074
Content-Type: text/css; charset=utf-8

GET
H/1.1 200
OK custom.css
pagamenti.nexiacquisto.online/static/css/ 1 KB
1 KB 315ms
107ms Stylesheet
text/css 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/css/custom.css
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 461057cb901093d00a46fc9a8718219a6ceae401b57c2b16b735357ab893d491

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Tue, 09 Nov 2021 17:18:12 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1298
Content-Type: text/css; charset=utf-8

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 56ms
17ms Script
application/javascript 2001:4de0:ac18::1:a:3b
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 16 Mar 2022 12:50:05 GMT
content-encoding: gzip
last-modified: Wed, 16 Feb 2022 10:50:39 GMT
server: nginx
etag: W/"620cd6ff-15d9d"
vary: Accept-Encoding
x-hw: 1647435005.dop206.ml1.t,1647435005.cds205.ml1.hn,1647435005.cds219.ml1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H/1.1 200
OK style(1).css
pagamenti.nexiacquisto.online/static/area_personale_files/ 18 KB
18 KB 326ms
109ms Stylesheet
text/css 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/style(1).css
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:24 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 18383
Content-Type: text/css; charset=utf-8

GET
H/1.1 200
OK logo--light-double.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 1 KB
2 KB 106ms
106ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/logo--light-double.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:22 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1476
Content-Type: image/svg+xml

GET
H/1.1 200
OK app_store.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 15 KB
16 KB 106ms
105ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/app_store.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 15816
Content-Type: image/svg+xml

GET
H/1.1 200
OK google_play.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 25 KB
25 KB 110ms
109ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/google_play.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 25343
Content-Type: image/svg+xml

GET
H/1.1 200
OK huawei-store.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 22 KB
22 KB 309ms
106ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/huawei-store.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 6cd05109378985da5e12d118580da68112bc89cd05f221a2581fad5b2ea460d0

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 22094
Content-Type: image/svg+xml

GET
H/1.1 200
OK icon-close.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 2 KB
2 KB 322ms
107ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/icon-close.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:24 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1576
Content-Type: image/svg+xml

GET
H/1.1 200
OK icon-phone.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 4 KB
4 KB 133ms
113ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/icon-phone.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:24 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 4016
Content-Type: image/svg+xml

GET
H/1.1 200
OK icon-close-white.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 2 KB
2 KB 110ms
110ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/icon-close-white.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:28 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1591
Content-Type: image/svg+xml

GET
H/1.1 200
OK icon-phone-warning-white.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 4 KB
4 KB 107ms
106ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/icon-phone-warning-white.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:06 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:18 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 3881
Content-Type: image/svg+xml

GET
H/1.1 200
OK ico-down-blue.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 898 B
1 KB 907ms
907ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/ico-down-blue.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:06 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 898
Content-Type: image/svg+xml

GET
H/1.1 200
OK icon-blocked.svg
pagamenti.nexiacquisto.online/static/area_personale_files/ 935 B
1 KB 892ms
892ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/icon-blocked.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:06 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 935
Content-Type: image/svg+xml

GET
H/1.1 200
OK logo--dark-double.svg
pagamenti.nexiacquisto.online/static/area_personale_files/img/ 1 KB
2 KB 892ms
892ms Image
image/svg+xml 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/img/logo--dark-double.svg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 35b15432dd78aa82fee7a07b1d3ded93a2436f24537c7d139b3e33729e7d1d2f

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:06 GMT
Last-Modified: Sun, 06 Mar 2022 03:59:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 1477
Content-Type: image/svg+xml

GET
H/1.1 200
OK login.js Show response
pagamenti.nexiacquisto.online/static/api/ 6 KB
6 KB 108ms
108ms Script
application/javascript 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/api/login.js
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e7ae856681058ffa37d6a6aea08903af76d0be63b02baa13034bec62d06ba838

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Thu, 17 Feb 2022 21:34:14 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 5719
Content-Type: application/javascript; charset=utf-8

GET
H/1.1 200
OK karbon-regular-webfont.woff
pagamenti.nexiacquisto.online/static/area_personale_files/fonts/ 24 KB
24 KB 169ms
113ms Font
font/woff 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/fonts/karbon-regular-webfont.woff
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6

Request headers

Referer: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Origin: https://pagamenti.nexiacquisto.online
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:26 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 24308
Content-Type: font/woff

GET
H/1.1 200
OK login_pt_background_02-min.jpg
pagamenti.nexiacquisto.online/static/area_personale_files/img/ 172 KB
172 KB 259ms
108ms Image
image/jpeg 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/img/login_pt_background_02-min.jpg
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 49476ee46f6bec86205113efbdcf45b887d18fc57dca308f9151f4d1e53cc331

Request headers

Accept-Language: it-IT,it;q=0.9
Referer: https://pagamenti.nexiacquisto.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Sat, 12 Mar 2022 17:22:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 176393
Content-Type: image/jpeg

GET
H/1.1 200
OK karbon-medium-webfont.woff
pagamenti.nexiacquisto.online/static/area_personale_files/fonts/ 24 KB
25 KB 175ms
111ms Font
font/woff 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/fonts/karbon-medium-webfont.woff
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259

Request headers

Referer: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Origin: https://pagamenti.nexiacquisto.online
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:26 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 24956
Content-Type: font/woff

GET
H/1.1 200
OK karbon-semibold-webfont.woff
pagamenti.nexiacquisto.online/static/area_personale_files/fonts/ 24 KB
25 KB 233ms
106ms Font
font/woff 91.224.22.24
AS-REG

General

Check archive.org

Show headers Download Go to

Full URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/fonts/karbon-semibold-webfont.woff
Requested by: Host: pagamenti.nexiacquisto.online
URL: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 91.224.22.24 , Russian Federation, ASN197695 (AS-REG, RU),
Reverse DNS: mskf22-24-v.komtet.ru
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6

Request headers

Referer: https://pagamenti.nexiacquisto.online/static/area_personale_files/style.css
Origin: https://pagamenti.nexiacquisto.online
Accept-Language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Wed, 16 Mar 2022 12:50:05 GMT
Last-Modified: Wed, 01 Sep 2021 13:24:26 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Content-Length: 25032
Content-Type: font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			l.linklyhq.com/	1970-01-20 02:20:27	Name: X2NzX2xpbmtfaWQ6MTEzNzY3ODI Value: NTQyNTI5NDg
			l.linklyhq.com/	1969-12-31 23:59:59	Name: _cs_link_id Value: MTEzNzY3ODI

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
l.linklyhq.com
pagamenti.nexiacquisto.online
2001:4de0:ac18::1:a:3b
2606:4700::6810:5614
35.226.132.161
91.224.22.24
0696904b24ea3bdaf9ee857ded71391ccd44d40b84334571a5c5e71f93b4a0c6
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6
32cde70fcb4ed6949904cec5ef9065adce2196b3e8216bb5874019a9efe96edd
35b15432dd78aa82fee7a07b1d3ded93a2436f24537c7d139b3e33729e7d1d2f
4061275193aa1a5245941f7768b307219fc0f86f44dc1cf4d293168b93a72259
461057cb901093d00a46fc9a8718219a6ceae401b57c2b16b735357ab893d491
49476ee46f6bec86205113efbdcf45b887d18fc57dca308f9151f4d1e53cc331
50c8f8cf3eb1f7a201882f9edf2adfffc6e581e1b82dff0036aafd0a753e2e3c
5482880f7c194077f527b16e62248196d3c04a8ff823fff0919f079294923954
5e3c6b5c51b5fbf7691fa5d0adbcd05be694548d5f03aee7d59d7a8b092b5d27
6cd05109378985da5e12d118580da68112bc89cd05f221a2581fad5b2ea460d0
7aa8e30666e17b48c4ce54d717357be8bf47133b3a85203c2a36acc270711e61
7e6f9ccce4ea514b53fb258d72b5682c74d1e81ef9148d3c406fbd03cfd56919
92751c1749c593c1ad2a7b61ff640b0dbb1a4c32db1981a523e5432cc35a029f
ade827343407a2a81168acb91cabc1ed7d83de7010966dd1b7f06f4e0344b9e6
c37a1253313f01ecf7b8d5ac83025a8059d161d955ecbe5254c99d4edf6989fc
c8e1f312e86564f3d293bb04806f55d4296cc3342321655bb738d7d61eeeef22
d5ded7a91066c885b90252eb9849575a6c2f2e9c87d8748c496af886b731d3f8
e7ae856681058ffa37d6a6aea08903af76d0be63b02baa13034bec62d06ba838
ed313341bbd73a61ddacf268f494c9f85cb84e46f8954bde8a5260e21174f340
f1926ee7a205ed96afdd1b8a74d845d21a64dadb6ef76e672558e5b84b58274c
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

pagamenti.nexiacquisto.online Open in urlscan Pro 91.224.22.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

22 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

711 kBTransfer

1449 kBSize

2 Cookies

3 Outgoing links

Page URL History

Redirected requests

22 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

2 Cookies

Indicators

pagamenti.nexiacquisto.online Open in urlscan Pro
91.224.22.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

22
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

711 kB
Transfer

1449 kB
Size

2
Cookies

22 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!