net-webassistence.162-0-225-84.cprapid.com Open in urlscan Pro
162.0.225.84 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://cweb-to.info/ibnI-co/
Effective URL:
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Submission: On August 31 via api (August 31st 2023, 2:18:12 pm UTC) from US — Scanned from IT

Summary HTTP 13 Redirects Links 20 Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 162.0.225.84, located in United States and belongs to NAMECHEAP-NET, US. The main domain is net-webassistence.162-0-225-84.cprapid.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 31st 2023. Valid for: 3 months.

This is the only time net-webassistence.162-0-225-84.cprapid.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	185.224.137.18 185.224.137.18	47583 (AS-HOSTINGER) (AS-HOSTINGER)
3 15	162.0.225.84 162.0.225.84	22612 (NAMECHEAP...) (NAMECHEAP-NET)
13	2

1 185.224.137.18 (Meppel, Netherlands)

ASN47583 (AS-HOSTINGER, CY)

cweb-to.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 162.0.225.84 (United States) 3 redirects

ASN22612 (NAMECHEAP-NET, US)

net-webassistence.162-0-225-84.cprapid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	cprapid.com 3 redirects net-webassistence.162-0-225-84.cprapid.com	545 KB
1	cweb-to.info cweb-to.info	426 B
13	2

	Domain	Requested by
15	net-webassistence.162-0-225-84.cprapid.com	3 redirects net-webassistence.162-0-225-84.cprapid.com
1	cweb-to.info
13	2

This site contains links to these domains. Also see Links.

Domain
banking.bnl.it
www.facebook.com
twitter.com
hellobank.it
lifebanker.bnl.it
bnl.it
www.acf.consob.it
www.youtube.com
socialwall.bnl.it

Subject Issuer	Validity	Valid
cweb-to.info ZeroSSL RSA Domain Secure Site CA	`2023-08-09` - `2023-11-07`	3 months	crt.sh
net-webassistence.162-0-225-84.cprapid.com cPanel, Inc. Certification Authority	`2023-08-31` - `2023-11-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Frame ID: 0A8DF190234653B6F15BA0F769A84AEB
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://cweb-to.info/ibnI-co/ Page URL
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm HTTP 301
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/ HTTP 302
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/checkclient.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5 HTTP 302
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

544 kB
Transfer

542 kB
Size

1
Cookies

20 Outgoing links

These are links going to different origins than the main page.

URL: https://banking.bnl.it/rsc/SupportingFiles/numero-cliente.gif
Title: Dove trovi il tuo numero Cliente

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/rsc/SupportingFiles/pin.gif
Title: Dove trovi il PIN

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/pubblica/RecuperoNumeroCliente
Title: Recupera Online il Numero Cliente

Search URL Search Domain Scan URL

URL: https://www.facebook.com/BNLBNPParibas/

Search URL Search Domain Scan URL

URL: https://twitter.com/bnpparibas

Search URL Search Domain Scan URL

URL: https://hellobank.it/it/home

Search URL Search Domain Scan URL

URL: http://lifebanker.bnl.it/

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Trasparenza

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Dati-Societari
Title: DATI SOCIETARI

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Prospetti-Consob
Title: PROSPETTI CONSOB

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Reclami-Ricorsi-Conciliazione
Title: RECLAMI-RICORSI-CONCILIAZIONE

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Richiesta-documenti
Title: RICHIESTA DOCUMENTI

Search URL Search Domain Scan URL

URL: https://www.acf.consob.it/
Title: ARBITRO CONTROVERSIE FINANZIARIE

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Privacy
Title: PRIVACY

Search URL Search Domain Scan URL

URL: https://banking.bnl.it/rsc/SupportingFiles/carta-responsabilita-dati-personali-BNL.pdf
Title: CARTA RESPONSABILITÀ DATI PERSONALI

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Note-Legali
Title: NOTE LEGALI

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/Cookie
Title: COOKIE

Search URL Search Domain Scan URL

URL: https://bnl.it/it/Footer/DAC6
Title: DAC6

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/BNLCHANNEL

Search URL Search Domain Scan URL

URL: http://socialwall.bnl.it/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://cweb-to.info/ibnI-co/ Page URL
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm HTTP 301
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/ HTTP 302
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/checkclient.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5 HTTP 302
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
cweb-to.info/ibnI-co/ 109 B
426 B 161ms
40ms Document
text/html 185.224.137.18
AS-HOSTINGER

General

Check archive.org

Show headers Download Go to

Full URL

https://cweb-to.info/ibnI-co/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.224.137.18 Meppel, Netherlands, ASN47583 (AS-HOSTINGER, CY),

Reverse DNS

Software

LiteSpeed /

Resource Hash

566259bdeb24377d4acb93cbc7c801819a3cb6f7cfdf7b18be50258e0f2899b6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: it-IT,it;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length: 109
content-security-policy: upgrade-insecure-requests
content-type: text/html
date: Thu, 31 Aug 2023 14:18:07 GMT
etag: "6d-64f0566b-bdeb78371a456b48;;;"
last-modified: Thu, 31 Aug 2023 08:59:23 GMT
platform: hostinger
server: LiteSpeed

GET
H/1.1

200
OK

Primary Request index.php Show response
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/
Redirect Chain

https://net-webassistence.162-0-225-84.cprapid.com/fts-snm
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/checkclient.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5

58 KB
58 KB

241ms
234ms

Document
text/html

162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: 715aa3efe054a88bca7c4e60ca19624d25467ae940ac0f6e460d5e5b1d5ea7ae

Request headers

Referer: https://cweb-to.info/ibnI-co/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: it-IT,it;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 31 Aug 2023 14:18:09 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=97
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Thu, 31 Aug 2023 14:18:08 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=98
Location: it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Pragma: no-cache
Server: Apache
Transfer-Encoding: chunked

GET
H/1.1 200
OK hb-login.css
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/ 7 KB
8 KB 186ms
185ms Stylesheet
text/css 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/hb-login.css
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: 31e77ecae8b2766fbe277dd3dcf6be2c5872d6a5f1836e123b73a6b02c204874

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:09 GMT
Last-Modified: Fri, 03 Jun 2022 09:41:56 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 7553

GET
H/1.1 200
OK clientlib-redational-page-login.min.css
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/ 431 KB
431 KB 384ms
198ms Stylesheet
text/css 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: c80340631e196bec4044f28694a04250f3184330be4a27ac256b555f8327de66

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:09 GMT
Last-Modified: Fri, 04 Feb 2022 08:31:46 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 441400

GET
H/1.1 200
OK logo.png
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/ 7 KB
7 KB 347ms
198ms Image
image/png 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/logo.png
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: 99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:09 GMT
Last-Modified: Tue, 01 Mar 2022 09:52:02 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 7254

GET
H/1.1 200
OK alert.png
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/ 20 KB
20 KB 467ms
298ms Image
image/png 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/alert.png
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:09 GMT
Last-Modified: Fri, 03 Jun 2022 09:41:56 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 20545

GET
H/1.1 200
OK trasparenza_BNL-1.jpg
net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/ 19 KB
19 KB 510ms
236ms Image
image/jpeg 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/trasparenza_BNL-1.jpg
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash: 24b7fc7a5247a3ccb0216515023889adce611b2ca852efd2223509caeb81b9a9

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/index.php?&sessionid=8cc4f4206b944a57ce127c69a9d65bb5
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:09 GMT
Last-Modified: Fri, 03 Jun 2022 09:41:56 GMT
Server: Apache
Content-Type: image/jpeg
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 19661

GET
H/1.1 404
Not Found bnpp-sans.woff
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 207ms
207ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans.woff
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bnpp-sans-bold.woff
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 302ms
302ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-bold.woff
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bnpp-sans-light.woff
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 230ms
230ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-light.woff
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bnpp-sans.ttf
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 219ms
219ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans.ttf
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bnpp-sans-light.ttf
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 238ms
238ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-light.ttf
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 404
Not Found bnpp-sans-bold.ttf
net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/ 0
0 320ms
320ms Font
text/html 162.0.225.84
NAMECHEAP-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-bold.ttf
Requested by: Host: net-webassistence.162-0-225-84.cprapid.com
URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.0.225.84 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software: Apache /
Resource Hash

Request headers

Referer: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/it/Login_files/clientlib-redational-page-login.min.css
Origin: https://net-webassistence.162-0-225-84.cprapid.com
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Thu, 31 Aug 2023 14:18:10 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 315
Content-Type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			net-webassistence.162-0-225-84.cprapid.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 34kmfe1psr2des6kq4p39okfr5

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-light.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-light.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://net-webassistence.162-0-225-84.cprapid.com/fts-snm/bnl/clientlibs/clientlib-all/resources/fonts/bnpp-sans/bnpp-sans-bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cweb-to.info
net-webassistence.162-0-225-84.cprapid.com
162.0.225.84
185.224.137.18
24b7fc7a5247a3ccb0216515023889adce611b2ca852efd2223509caeb81b9a9
31e77ecae8b2766fbe277dd3dcf6be2c5872d6a5f1836e123b73a6b02c204874
566259bdeb24377d4acb93cbc7c801819a3cb6f7cfdf7b18be50258e0f2899b6
715aa3efe054a88bca7c4e60ca19624d25467ae940ac0f6e460d5e5b1d5ea7ae
99543d933ae6c6b53aa79a42deb665f785cba48b798e0420ae34e835a588f018
c80340631e196bec4044f28694a04250f3184330be4a27ac256b555f8327de66
e4d615de09a41c8c2d8d395a3ab156ce9520a9fc96c23b1780bb2adab4292b67

net-webassistence.162-0-225-84.cprapid.com Open in urlscan Pro 162.0.225.84 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

544 kBTransfer

542 kBSize

1 Cookies

20 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

6 Console Messages

Security Headers

Indicators

net-webassistence.162-0-225-84.cprapid.com Open in urlscan Pro
162.0.225.84 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

544 kB
Transfer

542 kB
Size

1
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!