wb-serviziodati-client.203-161-63-79.cprapid.com Open in urlscan Pro
203.161.63.79 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://me-ss.info/m-lAgricoIe/
Effective URL:
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b
Submission: On October 19 via api (October 19th 2023, 2:36:20 pm UTC) from NL — Scanned from IT

Summary HTTP 8 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 203.161.63.79, located in United States and belongs to NAMECHEAP-NET, US. The main domain is wb-serviziodati-client.203-161-63-79.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 19th 2023. Valid for: 3 months.

This is the only time wb-serviziodati-client.203-161-63-79.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Credit Agricole (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	162.0.217.92 162.0.217.92	22612 (NAMECHEAP...) (NAMECHEAP-NET)
3 10	203.161.63.79 203.161.63.79	22612 (NAMECHEAP...) (NAMECHEAP-NET)
8	2

1 162.0.217.92 (Amsterdam, Netherlands)

ASN22612 (NAMECHEAP-NET, US)
PTR: server314-3.web-hosting.com

me-ss.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 203.161.63.79 (United States) 3 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: accountants-preoccupy.vpsrdns.web-hosting.com

wb-serviziodati-client.203-161-63-79.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	cprapid.com 3 redirects wb-serviziodati-client.203-161-63-79.cprapid.com	412 KB
1	me-ss.info me-ss.info	261 B
8	2

	Domain	Requested by
10	wb-serviziodati-client.203-161-63-79.cprapid.com	3 redirects wb-serviziodati-client.203-161-63-79.cprapid.com
1	me-ss.info
8	2

This site contains links to these domains. Also see Links.

Domain
www.credit-agricole.it

Subject Issuer	Validity	Valid
me-ss.info Sectigo RSA Domain Validation Secure Server CA	`2023-10-16` - `2024-10-16`	a year	crt.sh
wb-serviziodati-client.203-161-63-79.cprapid.com cPanel, Inc. Certification Authority	`2023-10-19` - `2024-01-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b
Frame ID: 9C132461A73ABDD96E0704B474BC344B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Crédit Agricole - Verifica Home Banking

Page URL History Show full URLs

https://me-ss.info/m-lAgricoIe/ Page URL
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn HTTP 301
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/ HTTP 302
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/checkclient.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b HTTP 302
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

411 kB
Transfer

409 kB
Size

1
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.credit-agricole.it/pages/faq-reset-credenziali
Title: Scopri come usare i tuoi codici

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://me-ss.info/m-lAgricoIe/ Page URL
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn HTTP 301
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/ HTTP 302
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/checkclient.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b HTTP 302
https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response me-ss.info/m-lAgricoIe/	115 B 261 B	145ms 47ms	Document text/html	162.0.217.92 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://me-ss.info/m-lAgricoIe/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.0.217.92 Amsterdam, Netherlands, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server314-3.web-hosting.com Software LiteSpeed / Resource Hash `dc44a7dbefc5bc2fcaab4c8bbd203bc7f27144c4faee8977f3a112bf7e2aefb0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language it-IT,it;q=0.9 Response headers accept-ranges bytes content-length 115 content-type text/html date Thu, 19 Oct 2023 14:36:15 GMT last-modified Thu, 19 Oct 2023 09:48:01 GMT server LiteSpeed x-turbo-charged-by LiteSpeed
GET H/1.1	200 OK	Primary Request main.php Show response wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/ Redirect Chain https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/ https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/checkclient.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b	340 KB 341 KB	255ms 250ms	Document text/html	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `93e6080c8e0c8afe4dacd15d2b9283f92eb1038ded553fdf6a676f7475d49dee` Request headers Referer https://me-ss.info/m-lAgricoIe/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language it-IT,it;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 19 Oct 2023 14:36:16 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=97 Pragma no-cache Server Apache Transfer-Encoding chunked Redirect headers Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Thu, 19 Oct 2023 14:36:16 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=5, max=98 Location main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Pragma no-cache Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	ca_logo.svg wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/cartella/	8 KB 8 KB	196ms 195ms	Image image/svg+xml	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/cartella/ca_logo.svg Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `906593415d0df2881d81176b9be0ae598ee9cf6b08cc1ce72df7b62e12baa85d` Request headers accept-language it-IT,it;q=0.9 Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 8384
GET H/1.1	200 OK	Montserrat-Regular.woff2 wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/fonts/	16 KB 16 KB	194ms 193ms	Font font/woff2	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/fonts/Montserrat-Regular.woff2 Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `3db499acd608730bb66d02f0ba81182b48f69477ffe98a21b7ae0d5467a7f52d` Request headers Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Origin https://wb-serviziodati-client.203-161-63-79.cprapid.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 16512
GET H/1.1	200 OK	Montserrat-Bold.woff2 wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/fonts/	16 KB 16 KB	181ms 181ms	Font font/woff2	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/fonts/Montserrat-Bold.woff2 Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `773ca7f3ac524e135c9c3f60b3d816900d62fd2b8a54b02bfdc9921acc4bcbfc` Request headers Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Origin https://wb-serviziodati-client.203-161-63-79.cprapid.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type font/woff2 Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 16504
GET H/1.1	200 OK	loader.gif wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/	25 KB 26 KB	377ms 193ms	Image image/gif	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/loader.gif Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `6136eca91040992f1422b4fd16a4d18e3a2e649125c76d8e81746edb5ea819fc` Request headers accept-language it-IT,it;q=0.9 Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 26089
GET H/1.1	200 OK	reset.svg wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/	2 KB 2 KB	537ms 181ms	Image image/svg+xml	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/reset.svg Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `8f1b28aa6bd74b5dbb284cf651700ce84a594ce1d0cd3866d778d3f1c1473425` Request headers accept-language it-IT,it;q=0.9 Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1555
GET H/1.1	200 OK	manual.svg wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/	1 KB 1 KB	572ms 192ms	Image image/svg+xml	203.161.63.79 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Show image Full URL https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/assets/images/manual.svg Requested by Host: wb-serviziodati-client.203-161-63-79.cprapid.com URL: https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 203.161.63.79 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS accountants-preoccupy.vpsrdns.web-hosting.com Software Apache / Resource Hash `ad7ec623e72be75d579c7f938a48678fd732bd77506742fcc55b3ab593786a85` Request headers accept-language it-IT,it;q=0.9 Referer https://wb-serviziodati-client.203-161-63-79.cprapid.com/cmt-sdn/main.php?&sessionid=0d24ec203abc60658a3b870f8a8cd72b User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Thu, 19 Oct 2023 14:36:18 GMT Last-Modified Sat, 14 Jan 2023 14:40:18 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1239

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Credit Agricole (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wb-serviziodati-client.203-161-63-79.cprapid.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: v2b5tnnso2f06ltnk47i04o7f3

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

me-ss.info
wb-serviziodati-client.203-161-63-79.cprapid.com
162.0.217.92
203.161.63.79
3db499acd608730bb66d02f0ba81182b48f69477ffe98a21b7ae0d5467a7f52d
6136eca91040992f1422b4fd16a4d18e3a2e649125c76d8e81746edb5ea819fc
773ca7f3ac524e135c9c3f60b3d816900d62fd2b8a54b02bfdc9921acc4bcbfc
8f1b28aa6bd74b5dbb284cf651700ce84a594ce1d0cd3866d778d3f1c1473425
906593415d0df2881d81176b9be0ae598ee9cf6b08cc1ce72df7b62e12baa85d
93e6080c8e0c8afe4dacd15d2b9283f92eb1038ded553fdf6a676f7475d49dee
ad7ec623e72be75d579c7f938a48678fd732bd77506742fcc55b3ab593786a85
dc44a7dbefc5bc2fcaab4c8bbd203bc7f27144c4faee8977f3a112bf7e2aefb0

wb-serviziodati-client.203-161-63-79.cprapid.com Open in urlscan Pro 203.161.63.79 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

411 kBTransfer

409 kBSize

1 Cookies

1 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

wb-serviziodati-client.203-161-63-79.cprapid.com Open in urlscan Pro
203.161.63.79 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

411 kB
Transfer

409 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!