it.23-92-25-72.cprapid.com Open in urlscan Pro
23.92.25.72  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response it.23-92-25-72.cprapid.com/it/	250 KB 251 KB	1032ms 598ms	Document text/html	23.92.25.72 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://it.23-92-25-72.cprapid.com/it/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.92.25.72 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 23-92-25-72.ip.linodeusercontent.com Software Apache / Resource Hash 7307ec77895091fb767b6e0620d1786602ff2618bbf76b46a0c4f1c1f321ac9c Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 30 May 2023 18:12:32 GMT Keep-Alive timeout=5, max=100 Server Apache Transfer-Encoding chunked
GET H/1.1	200 OK	w.login.digitalBanking.min.css it.23-92-25-72.cprapid.com/it/Banca%20MPS_files/	45 KB 45 KB	184ms 184ms	Stylesheet text/css	23.92.25.72 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Full URL https://it.23-92-25-72.cprapid.com/it/Banca%20MPS_files/w.login.digitalBanking.min.css Requested by Host: it.23-92-25-72.cprapid.com URL: https://it.23-92-25-72.cprapid.com/it/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.92.25.72 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 23-92-25-72.ip.linodeusercontent.com Software Apache / Resource Hash cefdfd5aef3a71f979aad6098b32423ad227b68904c355b8be203c408f0df12e Request headers accept-language it-IT,it;q=0.9 Referer https://it.23-92-25-72.cprapid.com/it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Tue, 30 May 2023 18:12:33 GMT Last-Modified Mon, 14 Feb 2022 19:20:50 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 46251
GET H/1.1	404 Not Found	pub_assistenza_mobile_token.gif it.23-92-25-72.cprapid.com/libs/img/pb/	315 B 315 B	375ms 193ms	Image text/html	23.92.25.72 AKAMAI-LINODE-AP ...
General Check archive.org Show headers Download Go to Show image Full URL https://it.23-92-25-72.cprapid.com/libs/img/pb/pub_assistenza_mobile_token.gif Requested by Host: it.23-92-25-72.cprapid.com URL: https://it.23-92-25-72.cprapid.com/it/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 23.92.25.72 Fremont, United States, ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG), Reverse DNS 23-92-25-72.ip.linodeusercontent.com Software Apache / Resource Hash d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Request headers accept-language it-IT,it;q=0.9 Referer https://it.23-92-25-72.cprapid.com/it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Tue, 30 May 2023 18:12:33 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 315 Content-Type text/html; charset=iso-8859-1
GET H2	200	loader.js Show response www.smartsuppchat.com/	19 KB 6 KB	156ms 43ms	Script application/javascript	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://www.smartsuppchat.com/loader.js? Requested by Host: it.23-92-25-72.cprapid.com URL: https://it.23-92-25-72.cprapid.com/it/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash f0969edad783e34a759e08b2353ed6198ea01969e2557393bf55c47f1a2c13a7 Request headers accept-language it-IT,it;q=0.9 Referer https://it.23-92-25-72.cprapid.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-77-pop frankfurtDE date Tue, 30 May 2023 18:12:33 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 46 x-accel-date 1685470307 x-77-nzt AZySIYvmarDvLgAAAA x-accel-expires @1685470367 last-modified Tue, 23 May 2023 04:17:26 GMT server CDN77-Turbo etag W/"646c3e56-4c3c" x-77-nzt-ray cf878727aca058f5913c7664560a0125 vary Accept-Encoding content-type application/javascript cache-control max-age=300, public, s-maxage=60 expires Tue, 23 May 2023 04:24:30 GMT
GET H/1.1	200 OK	montedeipaschi_logo_hd.png digital.mps.it/libs/img/	11 KB 12 KB	149ms 34ms	Image image/jpeg	81.26.193.203 Banca Monte Dei P...
General Check archive.org Show headers Download Go to Show image Full URL https://digital.mps.it/libs/img/montedeipaschi_logo_hd.png Requested by Host: it.23-92-25-72.cprapid.com URL: https://it.23-92-25-72.cprapid.com/it/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 81.26.193.203 , Italy, ASN13018 (Banca Monte Dei Paschi Di Siena, IT), Reverse DNS digital.mps.it Software / Resource Hash 0a0c6433b58c72136375414d6f7a6a511932eeaac396f7c0991a2b953fa2eaaa Security Headers Name Value Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://ajax.googleapis.com https://maps.googleapis.com www.google-analytics.com https://8294890.fls.doubleclick.net https://secure.adnxs.com https://white.mynsystems.com https://blue.mynsystems.com/ https://privacy.mynsystems.com https://ib.adnxs.com https://yellow.mynsystems.com https://zna4cciryw9kzle8d-mps.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://connect.facebook.net https://zn9nahtxma7dxxjqe-mps.siteintercept.qualtrics.com https://zn5j9lftsu1lqzb1k-mps.siteintercept.qualtrics.com https://zncveh3lu3fyce1re-mps.siteintercept.qualtrics.com; Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff, nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language it-IT,it;q=0.9 Referer https://it.23-92-25-72.cprapid.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers Date Tue, 30 May 2023 18:12:33 GMT Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff, nosniff Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com https://www.googletagmanager.com https://www.google.com https://ajax.googleapis.com https://maps.googleapis.com www.google-analytics.com https://8294890.fls.doubleclick.net https://secure.adnxs.com https://white.mynsystems.com https://blue.mynsystems.com/ https://privacy.mynsystems.com https://ib.adnxs.com https://yellow.mynsystems.com https://zna4cciryw9kzle8d-mps.siteintercept.qualtrics.com https://siteintercept.qualtrics.com https://connect.facebook.net https://zn9nahtxma7dxxjqe-mps.siteintercept.qualtrics.com https://zn5j9lftsu1lqzb1k-mps.siteintercept.qualtrics.com https://zncveh3lu3fyce1re-mps.siteintercept.qualtrics.com; Connection Keep-Alive Server-Timing dtSInfo;desc="1" Content-Length 10960 X-Xss-Protection 1; mode=block Etag W/"PSA-aj-I0rwWqEAus" X-Frame-Options SAMEORIGIN Content-Type image/jpeg Cache-Control max-age=2589135 Accept-Ranges bytes Access-Control-Allow-Headers Content-Type Keep-Alive timeout=15, max=100 Expires Thu, 29 Jun 2023 17:24:49 GMT
GET H2	200	94c155468adec2f320a407185920981130e02801.json Show response bootstrap.smartsuppchat.com/widget/	1 KB 677 B	92ms 32ms	XHR application/json	18.195.106.43 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://bootstrap.smartsuppchat.com/widget/94c155468adec2f320a407185920981130e02801.json Requested by Host: www.smartsuppchat.com URL: https://www.smartsuppchat.com/loader.js? Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 18.195.106.43 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-18-195-106-43.eu-central-1.compute.amazonaws.com Software / Resource Hash 08ef844ae24e747c242975a1fc5eee3268dd8d6a0476e7dd13b1b5323e73b461 Request headers Referer https://it.23-92-25-72.cprapid.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers x-version 62713eedc1f171511be259caec0493e3a10586ea date Tue, 30 May 2023 18:12:33 GMT content-encoding br x-hit redis etag "4a4-NsT7Ba81zTVdhbpx4kYtLHRVYko" vary Accept-Encoding content-type application/json; charset=utf-8 access-control-allow-origin * cache-control private, max-age=0, must-revalidate
GET H2	200	asset-manifest.json Show response widget-v2.smartsuppcdn.com/	2 KB 783 B	148ms 44ms	XHR application/json	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://widget-v2.smartsuppcdn.com/asset-manifest.json Requested by Host: www.smartsuppchat.com URL: https://www.smartsuppchat.com/loader.js? Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash dd119396c1ec6fb9fe55bf5df931b9d7f3338cc24ee0247390bc5fc1970e3165 Request headers Referer https://it.23-92-25-72.cprapid.com/ accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Content-Type text/plain Response headers x-77-pop frankfurtDE date Tue, 30 May 2023 18:12:33 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 21 x-accel-date 1685470332 x-77-nzt AZySIYuqka3/FQAAAA x-accel-expires @1685470392 last-modified Tue, 18 Apr 2023 20:26:14 GMT server CDN77-Turbo etag W/"643efce6-6ce" x-77-nzt-ray cf878727e3a43bfc913c766430c73735 vary Accept-Encoding content-type application/json access-control-allow-origin * cache-control max-age=300, public, s-maxage=60 expires Wed, 19 Apr 2023 05:12:54 GMT
GET H2	200	runtime-main.1934e153.js Show response widget-v2.smartsuppcdn.com/static/js/ Frame 8C97	2 KB 2 KB	132ms 43ms	Script application/javascript	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://widget-v2.smartsuppcdn.com/static/js/runtime-main.1934e153.js Requested by Host: www.smartsuppchat.com URL: https://www.smartsuppchat.com/loader.js? Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 13ca7a7abbf685c5951b76a00ad13763beea38eeafeac1316c66f853427437bf Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-77-pop frankfurtDE date Tue, 30 May 2023 18:12:34 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 3589481 x-accel-date 1681880873 x-77-nzt AZySIYsxEaL/acU2AA x-accel-expires @1713416873 last-modified Tue, 18 Apr 2023 20:26:14 GMT server CDN77-Turbo etag W/"643efce6-9bd" x-77-nzt-ray cf87872701ac1900923c766402399601 vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=31536000, public, immutable expires Thu, 18 Apr 2024 05:07:53 GMT
GET H2	200	6.d679ef16.chunk.js Show response widget-v2.smartsuppcdn.com/static/js/ Frame 8C97	525 KB 159 KB	215ms 127ms	Script application/javascript	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://widget-v2.smartsuppcdn.com/static/js/6.d679ef16.chunk.js Requested by Host: www.smartsuppchat.com URL: https://www.smartsuppchat.com/loader.js? Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 35576539f0f6b98f9f7aef04b2dca0d7b03c974e6109415534729f5a90a236fc Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-77-pop frankfurtDE date Tue, 30 May 2023 18:12:34 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 3589481 x-accel-date 1681880873 x-77-nzt AZySIYuGe4//acU2AA x-accel-expires @1713416873 last-modified Tue, 18 Apr 2023 20:26:14 GMT server CDN77-Turbo etag W/"643efce6-832b3" x-77-nzt-ray cf87872701ac1900923c7664e16bce01 vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=31536000, public, immutable expires Thu, 18 Apr 2024 05:07:53 GMT
GET H2	200	main.f4b290f4.chunk.js Show response widget-v2.smartsuppcdn.com/static/js/ Frame 8C97	115 KB 30 KB	173ms 86ms	Script application/javascript	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://widget-v2.smartsuppcdn.com/static/js/main.f4b290f4.chunk.js Requested by Host: www.smartsuppchat.com URL: https://www.smartsuppchat.com/loader.js? Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash 75ea317ee21302c78430cbd83c6d26cc46c6d59246eeed8ddf8dc3074afa8183 Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-77-pop frankfurtDE date Tue, 30 May 2023 18:12:34 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 3589481 x-accel-date 1681880873 x-77-nzt AZySIYtC6fH/acU2AA x-accel-expires @1713416873 last-modified Tue, 18 Apr 2023 20:26:14 GMT server CDN77-Turbo etag W/"643efce6-1cc7f" x-77-nzt-ray cf87872701ac1900923c7664cf129e01 vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=31536000, public, immutable expires Thu, 18 Apr 2024 05:07:53 GMT
GET H2	200	defaults Show response translations.smartsuppcdn.com/api/v1/widget/translations/lang/it/ Frame 8C97	6 KB 3 KB	60ms 51ms	Fetch application/json	2a02:6ea0:c700::18 CDN77 ^_^
General Check archive.org Show headers Download Go to Full URL https://translations.smartsuppcdn.com/api/v1/widget/translations/lang/it/defaults Requested by Host: widget-v2.smartsuppcdn.com URL: https://widget-v2.smartsuppcdn.com/static/js/6.d679ef16.chunk.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:6ea0:c700::18 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB), Reverse DNS Software CDN77-Turbo / Resource Hash bd8a7bba1e2b8b7e86f74abe0afb24c0a84a230108b59ea20d85d24ce738756e Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36 Response headers x-77-pop frankfurtDE x-version c4df37eeab7f25cf7af72bdd57d6635d6432017b date Tue, 30 May 2023 18:12:34 GMT content-encoding gzip x-cache HIT x-77-cache HIT x-age 439 x-accel-date 1685469915 x-response-time 0ms x-77-nzt AZySIYvHYG7/twEAAA x-accel-expires @1685470515 server CDN77-Turbo x-77-nzt-ray cf878727e3a43bfc923c76649ae48f11 vary Accept-Encoding, Origin content-type application/json; charset=utf-8 access-control-allow-origin * cache-control max-age=600

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Monte dei Paschi (Banking)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless function| hideOverlay object| _smartsupp function| smartsupp boolean| SMARTSUPP_LOADED object| $smartsupp

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			it.23-92-25-72.cprapid.com/it	1970-01-20 21:47:10	Name: COOKIE_KEY Value: 168547035232
			it.23-92-25-72.cprapid.com/	1970-01-20 16:33:15	Name: ssupp.vid Value: viTMML2i31231
			it.23-92-25-72.cprapid.com/	1970-01-20 16:33:15	Name: ssupp.visits Value: 1

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://it.23-92-25-72.cprapid.com/libs/img/pb/pub_assistenza_mobile_token.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bootstrap.smartsuppchat.com
digital.mps.it
it.23-92-25-72.cprapid.com
translations.smartsuppcdn.com
widget-v2.smartsuppcdn.com
www.smartsuppchat.com
18.195.106.43
23.92.25.72
2a02:6ea0:c700::18
81.26.193.203
08ef844ae24e747c242975a1fc5eee3268dd8d6a0476e7dd13b1b5323e73b461
0a0c6433b58c72136375414d6f7a6a511932eeaac396f7c0991a2b953fa2eaaa
13ca7a7abbf685c5951b76a00ad13763beea38eeafeac1316c66f853427437bf
35576539f0f6b98f9f7aef04b2dca0d7b03c974e6109415534729f5a90a236fc
7307ec77895091fb767b6e0620d1786602ff2618bbf76b46a0c4f1c1f321ac9c
75ea317ee21302c78430cbd83c6d26cc46c6d59246eeed8ddf8dc3074afa8183
bd8a7bba1e2b8b7e86f74abe0afb24c0a84a230108b59ea20d85d24ce738756e
cefdfd5aef3a71f979aad6098b32423ad227b68904c355b8be203c408f0df12e
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dd119396c1ec6fb9fe55bf5df931b9d7f3338cc24ee0247390bc5fc1970e3165
f0969edad783e34a759e08b2353ed6198ea01969e2557393bf55c47f1a2c13a7