b.94-156-71-115.cprapid.com Open in urlscan Pro
94.156.71.115 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://short.gy/jijVEk#MEDIOBANCA
Effective URL:
https://b.94-156-71-115.cprapid.com/mediobanca/
Submission: On April 16 via manual (April 16th 2024, 3:23:56 pm UTC) from IT — Scanned from IT

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 9 HTTP transactions. The main IP is 94.156.71.115, located in Bulgaria and belongs to LIMENET, US. The main domain is b.94-156-71-115.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 14th 2024. Valid for: 3 months.

This is the only time b.94-156-71-115.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CheBanca! (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	108.138.36.123 108.138.36.123	16509 (AMAZON-02) (AMAZON-02)
1 9	94.156.71.115 94.156.71.115	394711 (LIMENET) (LIMENET)
9	2

1 108.138.36.123 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-123.muc50.r.cloudfront.net

short.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 94.156.71.115 (Bulgaria) 1 redirects

ASN394711 (LIMENET, US)

b.94-156-71-115.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	cprapid.com 1 redirects b.94-156-71-115.cprapid.com	831 KB
1	short.gy 1 redirects short.gy — Cisco Umbrella Rank: 173254	380 B
0	mediobancapremier.com Failed clienti.mediobancapremier.com Failed
9	3

	Domain	Requested by
9	b.94-156-71-115.cprapid.com	1 redirects b.94-156-71-115.cprapid.com
1	short.gy	1 redirects
0	clienti.mediobancapremier.com Failed
9	3

This site contains no links.

Subject Issuer	Validity	Valid
b.94-156-71-115.cprapid.com cPanel, Inc. Certification Authority	`2024-04-14` - `2024-07-13`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://b.94-156-71-115.cprapid.com/mediobanca/
Frame ID: 223F2FA4708A5971DAC2476923875D1B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accesso Clienti

Page URL History Show full URLs

https://short.gy/jijVEk HTTP 302
https://b.94-156-71-115.cprapid.com/mediobanca HTTP 301
https://b.94-156-71-115.cprapid.com/mediobanca/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

831 kB
Transfer

829 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://short.gy/jijVEk HTTP 302
https://b.94-156-71-115.cprapid.com/mediobanca HTTP 301
https://b.94-156-71-115.cprapid.com/mediobanca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://clienti.chebanca.it/favicon.ico HTTP 301
https://clienti.mediobancapremier.com/

9 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response b.94-156-71-115.cprapid.com/mediobanca/ Redirect Chain https://short.gy/jijVEk https://b.94-156-71-115.cprapid.com/mediobanca https://b.94-156-71-115.cprapid.com/mediobanca/	96 KB 97 KB	437ms 437ms	Document text/html	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `19f412a1d18a633b0c8e10e13e171a645ca210976e1a7c6b3a4677f2912189e4` Request headers Accept-Language it-IT,it;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 16 Apr 2024 15:23:51 GMT Keep-Alive timeout=5, max=99 Server Apache Transfer-Encoding chunked Redirect headers Connection Keep-Alive Content-Length 255 Content-Type text/html; charset=iso-8859-1 Date Tue, 16 Apr 2024 15:23:51 GMT Keep-Alive timeout=5, max=100 Location https://b.94-156-71-115.cprapid.com/mediobanca/ Server Apache
GET H/1.1	200 OK	styles.min.3177882b91f1f9a1.css b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/	584 KB 585 KB	37ms 37ms	Stylesheet text/css	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `fab6d70c15ea41eae978234d1b7ee9f1b0a67a5d7495adf639ac73f49aab8b05` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Mon, 15 Jan 2024 20:16:40 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 598312
GET H/1.1	200 OK	jquery.min.js.download Show response b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/	91 KB 92 KB	110ms 37ms	Script text/javascript	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/jquery.min.js.download Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `42dd197f5d15d2a06539ab87fb97e1d3e1c40583deee00b6899a68981f0e33fa` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Wed, 05 May 2021 15:37:54 GMT Server Apache Content-Type text/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 93637
GET H/1.1	200 OK	logo.png b.94-156-71-115.cprapid.com/mediobanca/	7 KB 8 KB	112ms 37ms	Image image/png	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://b.94-156-71-115.cprapid.com/mediobanca/logo.png Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `d8eeeacab46088147ef1b048b0906ea04c66c9f4acebaf2345f406882e421581` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Mon, 15 Jan 2024 20:18:16 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 7474
GET H/1.1	200 OK	GT-America-Light.woff2 b.94-156-71-115.cprapid.com/mediobanca/fonts/	21 KB 21 KB	39ms 39ms	Font font/woff2	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/fonts/GT-America-Light.woff2 Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `ff1081a75878d5f41ad55e7e90c58fd090a2d70a2b42181643a0e5fbe98571d3` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Origin https://b.94-156-71-115.cprapid.com Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Thu, 10 Feb 2022 17:06:46 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 21404
GET H/1.1	200 OK	GT-America-Medium.woff2 b.94-156-71-115.cprapid.com/mediobanca/fonts/	21 KB 22 KB	58ms 36ms	Font font/woff2	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/fonts/GT-America-Medium.woff2 Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `057ca9c9ec4d245c05c9343564e72ef3f2ad891b51d689694d967f039e9da024` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Origin https://b.94-156-71-115.cprapid.com Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Thu, 10 Feb 2022 17:06:46 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 21896
GET H/1.1	200 OK	sprite.1611833475219.png b.94-156-71-115.cprapid.com/mediobanca/img/login-page/	7 KB 8 KB	37ms 37ms	Image image/png	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://b.94-156-71-115.cprapid.com/mediobanca/img/login-page/sprite.1611833475219.png Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `ab4beb10a98c6594f9decdd9f590e60176a3de87bc2e62e9c7766ce90ee41606` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/Accesso%20Clienti_files/styles.min.3177882b91f1f9a1.css Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:52 GMT Last-Modified Wed, 05 May 2021 15:39:16 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 7625
GET		/ clienti.mediobancapremier.com/ Redirect Chain https://clienti.chebanca.it/favicon.ico https://clienti.mediobancapremier.com/	0 0

GET H/1.1	200 OK	visite.php Show response b.94-156-71-115.cprapid.com/mediobanca/	0 200 B	115ms 115ms	XHR text/html	94.156.71.115 LIMENET
General Check archive.org Show headers Download Go to Full URL https://b.94-156-71-115.cprapid.com/mediobanca/visite.php?pagina=index Requested by Host: b.94-156-71-115.cprapid.com URL: https://b.94-156-71-115.cprapid.com/mediobanca/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 94.156.71.115 , Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software Apache / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123" Referer https://b.94-156-71-115.cprapid.com/mediobanca/ Accept-Language it-IT,it;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Tue, 16 Apr 2024 15:23:54 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=95 Transfer-Encoding chunked Content-Type text/html; charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: clienti.mediobancapremier.com
URL: https://clienti.mediobancapremier.com/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CheBanca! (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			b.94-156-71-115.cprapid.com/mediobanca	1970-01-21 05:30:41	Name: COOKIE_KEY Value: 17132810323

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

b.94-156-71-115.cprapid.com
clienti.mediobancapremier.com
short.gy
clienti.mediobancapremier.com
108.138.36.123
94.156.71.115
057ca9c9ec4d245c05c9343564e72ef3f2ad891b51d689694d967f039e9da024
19f412a1d18a633b0c8e10e13e171a645ca210976e1a7c6b3a4677f2912189e4
42dd197f5d15d2a06539ab87fb97e1d3e1c40583deee00b6899a68981f0e33fa
ab4beb10a98c6594f9decdd9f590e60176a3de87bc2e62e9c7766ce90ee41606
d8eeeacab46088147ef1b048b0906ea04c66c9f4acebaf2345f406882e421581
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fab6d70c15ea41eae978234d1b7ee9f1b0a67a5d7495adf639ac73f49aab8b05
ff1081a75878d5f41ad55e7e90c58fd090a2d70a2b42181643a0e5fbe98571d3

b.94-156-71-115.cprapid.com Open in urlscan Pro 94.156.71.115 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

89 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

831 kBTransfer

829 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

8 JavaScript Global Variables

1 Cookies

Indicators

b.94-156-71-115.cprapid.com Open in urlscan Pro
94.156.71.115 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

89 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

831 kB
Transfer

829 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!