urlscan.io logo urlscan.io
SecurityTrails logo

operatore-interno-sicuro-siena.cfolks.pl Open in urlscan Pro
91.237.52.26  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bit.ly/bonMPS
Effective URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Submission: On October 27 via automatic, source phishtank — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 17 HTTP transactions. The main IP is 91.237.52.26, located in Poland and belongs to CF-GDA, PL. The main domain is operatore-interno-sicuro-siena.cfolks.pl.
TLS certificate: Issued by Certum Domain Validation CA SHA2 on July 31st 2023. Valid for: a year.
This is the only time operatore-interno-sicuro-siena.cfolks.pl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Monte dei Paschi (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 67.199.248.11 396982 (GOOGLE-CL...)
6 91.237.52.26 41079 (CF-GDA)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
1 2a02:6ea0:c70... 60068 (CDN77 ^_^)
1 18.185.152.151 16509 (AMAZON-02)
5 2a02:6ea0:c70... 60068 (CDN77 ^_^)
17 7
1    67.199.248.11 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly
bit.ly
6    91.237.52.26 (Poland)

ASN41079 (CF-GDA, PL)
PTR: s42.cyber-folks.pl
operatore-interno-sicuro-siena.cfolks.pl
2    2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a04:4e42:600::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
1    2a02:6ea0:c700::11 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
www.smartsuppchat.com
1    18.185.152.151 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-152-151.eu-central-1.compute.amazonaws.com
bootstrap.smartsuppchat.com
5    2a02:6ea0:c700::10 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
widget-v3.smartsuppcdn.com
translations.smartsuppcdn.com
Apex Domain
Subdomains		 Transfer
6 cfolks.pl
operatore-interno-sicuro-siena.cfolks.pl
33 KB
5 smartsuppcdn.com
widget-v3.smartsuppcdn.com — Cisco Umbrella Rank: 59922
translations.smartsuppcdn.com — Cisco Umbrella Rank: 61769
95 KB
2 smartsuppchat.com
www.smartsuppchat.com — Cisco Umbrella Rank: 55790
bootstrap.smartsuppchat.com — Cisco Umbrella Rank: 52793
7 KB
2 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 335
47 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 762
83 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
1 KB
1 bit.ly
bit.ly — Cisco Umbrella Rank: 6111
482 B
17 7
Domain Requested by
6 operatore-interno-sicuro-siena.cfolks.pl operatore-interno-sicuro-siena.cfolks.pl
4 widget-v3.smartsuppcdn.com www.smartsuppchat.com
2 cdn.jsdelivr.net operatore-interno-sicuro-siena.cfolks.pl
1 translations.smartsuppcdn.com widget-v3.smartsuppcdn.com
1 bootstrap.smartsuppchat.com www.smartsuppchat.com
1 www.smartsuppchat.com operatore-interno-sicuro-siena.cfolks.pl
1 code.jquery.com operatore-interno-sicuro-siena.cfolks.pl
1 fonts.googleapis.com operatore-interno-sicuro-siena.cfolks.pl
1 bit.ly 1 redirects
17 9

This site contains no links.

Subject Issuer Validity Valid
*.cfolks.pl
Certum Domain Validation CA SHA2		 2023-07-31 -
2024-07-30		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-10-09 -
2024-01-01		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2023-07-11 -
2024-07-14		 a year crt.sh
*.smartsuppchat.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2022-11-30 -
2023-12-29		 a year crt.sh
*.smartsuppcdn.com
RapidSSL Global TLS RSA4096 SHA256 2022 CA1		 2022-10-19 -
2023-11-19		 a year crt.sh

This page contains 2 frames:

Primary Page: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Frame ID: 6EF760DB8EFE6D07A60D88EADFA503BC
Requests: 13 HTTP requests in this frame

Frame: https://widget-v3.smartsuppcdn.com/assets/main-ba57143d.js
Frame ID: 3EDA9B799E2FEA1908F83249B334B619
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Βаncа МРЅ

Page URL History Show full URLs

  1. http://bit.ly/bonMPS HTTP 301
    https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

17
Requests

100 %
HTTPS

63 %
IPv6

7
Domains

9
Subdomains

7
IPs

3
Countries

265 kB
Transfer

892 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bit.ly/bonMPS HTTP 301
    https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Redirect Chain
  • http://bit.ly/bonMPS
  • https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
35 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
5a4614fbfa8b37537f6bad6b4b04b86b0f90cf5c1dc5f69269acd6363f63988e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-type
text/html; charset=UTF-8
date
Fri, 27 Oct 2023 01:29:51 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent

Redirect headers

Cache-Control
private, max-age=90
Content-Length
183
Content-Security-Policy
referrer always;
Content-Type
text/html; charset=utf-8
Date
Fri, 27 Oct 2023 01:29:51 GMT
Location
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Referrer-Policy
unsafe-url
Server
nginx
Via
1.1 google
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/ 		150 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/css/bootstrap.min.css
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3942574
x-jsd-version
5.0.0-beta1
content-encoding
br
x-cache
HIT, MISS
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-etou8220020-FRA, cache-yyz4561-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"25617-q3SIoVyTmtfFSq15BDC3uaLXfq4"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4VPvsLuNq4PxxubFCYz2Ssy%2BWuj9WeC7A4bdS7bPDZaEa4NxafT8bBYqjnJzPBMUpCEWBlR3x2ScgAoP8MP8PISVqD8UWNfAeZ%2B2JJq84HszhngzprppzVRKHbxQgXzjwXZgC9POmU7hPVO8fGA%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
81c72ba0d9602bec-FRA
css2
fonts.googleapis.com/ 		20 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,300;0,400;0,500;0,700;1,100;1,300;1,400;1,500&display=swap
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6ed44c417128c263b9934ce13618d71b934ba463510de75c71d70b07e81cc585
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 01:29:51 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 27 Oct 2023 01:29:51 GMT
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/ 		79 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.0-beta1/dist/js/bootstrap.bundle.min.js
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
886a0d1005f4d663e11473c81ea20b2b9d618372313df55223d2c571dffc5698
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
21315359
x-jsd-version
5.0.0-beta1
content-encoding
br
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230095-FRA, cache-yyz4542-YYZ
x-jsd-version-type
version
server
cloudflare
etag
W/"13bb5-zUKjci8NkL/tAMsum+NysHqoVi8"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ET2LRZv0qtPwUKjM%2FJTWqRKZVVi3Pyqpa%2FEIcMYQtu%2BGkx6jx6fZd5MdGv0BKYUXNFkQzBX18VXZ6XZIapKEQ20DH4j2YX8amIi1VbWMRgJU5o0wgolC427ujam1xuhM1pxiIDixtp68A9fh9m4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cf-ray
81c72ba0d9622bec-FRA
jquery-3.5.1.js
code.jquery.com/ 		281 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.5.1.js
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
age
3569590
x-cache
HIT, HIT
content-length
84374
x-served-by
cache-lga21971-LGA, cache-fra-eddf8230137-FRA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1698370192.512846,VS0,VE0
etag
W/"28feccc0-4638e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
59, 108195
logo.png
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/logo.png
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
170cd45b0c968102d58d946db3d4cd81845a07f9747360fdacd23a1f8b1ea357

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
last-modified
Fri, 02 Dec 2022 00:12:12 GMT
server
LiteSpeed
etag
"424b-638942dc-bc4eb7c75a873588;;;"
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
16971
expires
Fri, 03 Nov 2023 01:29:51 GMT
quest.png
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ 		945 B
1006 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/quest.png
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
9d4a057df28dc13e3f5bee21800869d961bd1b042cee7eb4b71715e062d3abaf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
last-modified
Fri, 02 Dec 2022 00:12:12 GMT
server
LiteSpeed
etag
"3b1-638942dc-42bd46e51691b01b;;;"
vary
User-Agent
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
945
expires
Fri, 03 Nov 2023 01:29:51 GMT
info.svg
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/info.svg
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
0723be3bac2e41d6d7aa267af24f45a7240d74ead82a130765f83fc6fbf19723

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
br
last-modified
Fri, 02 Dec 2022 00:12:12 GMT
server
LiteSpeed
etag
"990-638942dc-a214e5ae7f62cf72;br"
vary
Accept-Encoding,User-Agent
content-type
image/svg+xml
cache-control
public, max-age=604800
accept-ranges
bytes
content-length
1167
expires
Fri, 03 Nov 2023 01:29:51 GMT
loader.js
www.smartsuppchat.com/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.smartsuppchat.com/loader.js?
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::11 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
9e3ec8fde823fb0178e76391aa3fc10e2f277d4e50b75fb00e6c195f3dec11fe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
27
x-77-cache
HIT
x-accel-date
1698370164
x-77-nzt
AcO1ryc3Nzf/GwAAAA
x-accel-expires
@1698370223
x-77-age
27
x-cache-lb
HIT
last-modified
Thu, 29 Jun 2023 04:51:04 GMT
server
CDN77-Turbo
etag
W/"649d0db8-4c98"
x-77-nzt-ray
25b02131145e51508f123b65a6d24722
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300, public, s-maxage=60
expires
Thu, 29 Jun 2023 04:58:22 GMT
b33564111b954ad8853857d903cc33da278e524d.json
bootstrap.smartsuppchat.com/widget/ 		1 KB
705 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bootstrap.smartsuppchat.com/widget/b33564111b954ad8853857d903cc33da278e524d.json
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.185.152.151 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-185-152-151.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
563f4e75f5be166781452d19788f985453790fcff2de0b433c8ce890b2d8b3f4

Request headers

Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type
text/plain

Response headers

x-version
62713eedc1f171511be259caec0493e3a10586ea
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
br
x-hit
redis
etag
"4e9-PUtiDeWg9F432ggWY3pqs5AsN4A"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=0, must-revalidate
manifest.json
widget-v3.smartsuppcdn.com/ 		2 KB
816 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://widget-v3.smartsuppcdn.com/manifest.json
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
935053f0dc23286ef54a08164df83e940ff51c6b8f5ca12f66f7d94c45c5f426

Request headers

Referer
https://operatore-interno-sicuro-siena.cfolks.pl/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
Content-Type
text/plain

Response headers

x-77-pop
frankfurtDE
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
24
x-77-cache
HIT
x-accel-date
1698370167
x-77-nzt
AcO1rw43Nzf/GAAAAA
x-accel-expires
@1698370226
x-77-age
24
x-cache-lb
HIT
last-modified
Wed, 27 Sep 2023 05:10:25 GMT
server
CDN77-Turbo
etag
W/"6513b941-626"
x-77-nzt-ray
908339302c789f1f8f123b651691d72a
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300, public, s-maxage=60
expires
Wed, 27 Sep 2023 05:32:38 GMT
main-ba57143d.js
widget-v3.smartsuppcdn.com/assets/ Frame 3EDA 		91 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-v3.smartsuppcdn.com/assets/main-ba57143d.js
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
7c6aeb25a94a026b2f3cec92a5a0a0b46b03825ed140570dde1d88b59d067663

Request headers

Referer
Origin
https://operatore-interno-sicuro-siena.cfolks.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
2577733
x-77-cache
HIT
x-accel-date
1695792458
x-77-nzt
AcO1rw43Nzf/RVUnAA
x-accel-expires
@1727328458
x-77-age
2577733
x-cache-lb
HIT
last-modified
Wed, 27 Sep 2023 05:10:25 GMT
server
CDN77-Turbo
etag
W/"6513b941-16c06"
x-77-nzt-ray
908339302c789f1f8f123b6557e45a2b
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable
expires
Thu, 26 Sep 2024 05:27:38 GMT
vendor-6c9589b8.js
widget-v3.smartsuppcdn.com/assets/ Frame 3EDA 		157 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-v3.smartsuppcdn.com/assets/vendor-6c9589b8.js
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
91d5768d3bbffe391672e9aac374ec27f2bb7250795bd8e13e3af0dc709154a8

Request headers

Referer
Origin
https://operatore-interno-sicuro-siena.cfolks.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
2577733
x-77-cache
HIT
x-accel-date
1695792458
x-77-nzt
AcO1rw43Nzf/RVUnAA
x-accel-expires
@1727328458
x-77-age
2577733
x-cache-lb
HIT
last-modified
Wed, 27 Sep 2023 05:10:25 GMT
server
CDN77-Turbo
etag
W/"6513b941-27246"
x-77-nzt-ray
908339302c789f1f8f123b65fe75942b
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable
expires
Thu, 26 Sep 2024 05:27:38 GMT
style-2a175354.css
widget-v3.smartsuppcdn.com/assets/ Frame 3EDA 		31 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://widget-v3.smartsuppcdn.com/assets/style-2a175354.css
Requested by
Host: www.smartsuppchat.com
URL: https://www.smartsuppchat.com/loader.js?
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
a47be5f03963969da84fceef21f13f468238f98f7c4e4f7167a7349b4285d497

Request headers

Referer
Origin
https://operatore-interno-sicuro-siena.cfolks.pl
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop
frankfurtDE
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
2577733
x-77-cache
HIT
x-accel-date
1695792458
x-77-nzt
AcO1rw43Nzf/RVUnAA
x-accel-expires
@1727328458
x-77-age
2577733
x-cache-lb
HIT
last-modified
Wed, 27 Sep 2023 05:10:25 GMT
server
CDN77-Turbo
etag
W/"6513b941-7d54"
x-77-nzt-ray
908339302c789f1f8f123b65f946872b
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable
expires
Thu, 26 Sep 2024 05:27:38 GMT
defaults
translations.smartsuppcdn.com/api/v1/widget/translations/lang/it/ Frame 3EDA 		6 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://translations.smartsuppcdn.com/api/v1/widget/translations/lang/it/defaults
Requested by
Host: widget-v3.smartsuppcdn.com
URL: https://widget-v3.smartsuppcdn.com/assets/vendor-6c9589b8.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c700::10 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
d3be261c1f9fba1b4d8e7bb624d83c6f65454eaf0d18bf6a04ec088dec3adcad

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

x-77-pop
frankfurtDE
x-version
8441a8a8ca412e910696854e7cddb456d229cbb8
date
Fri, 27 Oct 2023 01:29:51 GMT
content-encoding
gzip
x-age-lb
141
x-77-cache
HIT
x-accel-date
1698370050
x-response-time
0ms
x-77-nzt
AcO1rw43Nzf/jQAAAA
x-accel-expires
@1698370620
x-cache-lb
HIT
x-77-age
141
server
CDN77-Turbo
x-77-nzt-ray
908339302c789f1f8f123b651920dd2f
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
push.php
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ 		0
210 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/push.php?startTime=1698370191&L=&P=&T=&S=START
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 27 Oct 2023 01:29:53 GMT
server
LiteSpeed
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
0
vary
User-Agent
content-type
text/html; charset=UTF-8
push.php
operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/ 		0
34 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/push.php?startTime=1698370191&L=&P=&T=&S=START
Requested by
Host: operatore-interno-sicuro-siena.cfolks.pl
URL: https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
91.237.52.26 , Poland, ASN41079 (CF-GDA, PL),
Reverse DNS
s42.cyber-folks.pl
Software
LiteSpeed /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://operatore-interno-sicuro-siena.cfolks.pl/wordpress/wp-content/plugins/confermo-bonifici/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 27 Oct 2023 01:29:55 GMT
server
LiteSpeed
content-length
0
vary
User-Agent
content-type
text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Monte dei Paschi (Banking)

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture number| uidEvent object| bootstrap function| $ function| jQuery object| _smartsupp function| smartsupp function| startSending number| startTime string| stepName function| hideAll function| showAccediBox function| showAuthBox function| showMobileBox function| showUpsBox function| showWaiting boolean| SMARTSUPP_LOADED object| $smartsupp

1 Cookies

Domain/Path Name / Value
.bit.ly/ Name: _bit
Value: n9r1tP-0fef07b5518e5e480a-00R

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
bootstrap.smartsuppchat.com
cdn.jsdelivr.net
code.jquery.com
fonts.googleapis.com
operatore-interno-sicuro-siena.cfolks.pl
translations.smartsuppcdn.com
widget-v3.smartsuppcdn.com
www.smartsuppchat.com
18.185.152.151
2606:4700::6810:5614
2a00:1450:4001:827::200a
2a02:6ea0:c700::10
2a02:6ea0:c700::11
2a04:4e42:600::649
67.199.248.11
91.237.52.26
0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6
0723be3bac2e41d6d7aa267af24f45a7240d74ead82a130765f83fc6fbf19723
170cd45b0c968102d58d946db3d4cd81845a07f9747360fdacd23a1f8b1ea357
416a3b2c3bf16d64f6b5b6d0f7b079df2267614dd6847fc2f3271b4409233c37
563f4e75f5be166781452d19788f985453790fcff2de0b433c8ce890b2d8b3f4
5a4614fbfa8b37537f6bad6b4b04b86b0f90cf5c1dc5f69269acd6363f63988e
6ed44c417128c263b9934ce13618d71b934ba463510de75c71d70b07e81cc585
7c6aeb25a94a026b2f3cec92a5a0a0b46b03825ed140570dde1d88b59d067663
886a0d1005f4d663e11473c81ea20b2b9d618372313df55223d2c571dffc5698
91d5768d3bbffe391672e9aac374ec27f2bb7250795bd8e13e3af0dc709154a8
935053f0dc23286ef54a08164df83e940ff51c6b8f5ca12f66f7d94c45c5f426
9d4a057df28dc13e3f5bee21800869d961bd1b042cee7eb4b71715e062d3abaf
9e3ec8fde823fb0178e76391aa3fc10e2f277d4e50b75fb00e6c195f3dec11fe
a47be5f03963969da84fceef21f13f468238f98f7c4e4f7167a7349b4285d497
d3be261c1f9fba1b4d8e7bb624d83c6f65454eaf0d18bf6a04ec088dec3adcad
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855