wwwbapr.online Open in urlscan Pro
217.160.0.227 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wwwbapr.online/
Submission: On September 12 via api (September 12th 2023, 12:35:09 pm UTC) from US — Scanned from IT

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 10 HTTP transactions. The main IP is 217.160.0.227, located in Germany and belongs to IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE. The main domain is wwwbapr.online.
TLS certificate: Issued by Encryption Everywhere DV TLS CA - G2 on September 12th 2023. Valid for: a year.

This is the only time wwwbapr.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Agricola Popolare di Ragusa (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	217.160.0.227 217.160.0.227	8560 (IONOS-AS ...) (IONOS-AS This is the joint network for IONOS)
1	193.41.84.72 193.41.84.72	15981 (CSEBO-NET) (CSEBO-NET)
2	18.66.192.58 18.66.192.58	16509 (AMAZON-02) (AMAZON-02)
10	3

7 217.160.0.227 (Germany)

ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE)
PTR: 217-160-0-227.elastic-ssl.ui-r.com

wwwbapr.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.41.84.72 (Italy)

ASN15981 (CSEBO-NET, IT)

www.banking4you.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.192.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-58.muc50.r.cloudfront.net

www.bapr.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	wwwbapr.online wwwbapr.online	1 MB
2	bapr.it www.bapr.it	791 KB
1	banking4you.it www.banking4you.it
10	3

	Domain	Requested by
7	wwwbapr.online	wwwbapr.online
2	www.bapr.it	wwwbapr.online
1	www.banking4you.it	wwwbapr.online
10	3

This site contains links to these domains. Also see Links.

Domain
un-pac-e-vinci.eurizoncapital.com

Subject Issuer	Validity	Valid
*.wwwbapr.online Encryption Everywhere DV TLS CA - G2	`2023-09-12` - `2024-09-11`	a year	crt.sh
www.banking4you.it DigiCert EV RSA CA G2	`2023-04-04` - `2024-04-30`	a year	crt.sh
www.bapr.it Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://wwwbapr.online/
Frame ID: 1F889D83605C773A6BDA9506C9F59CE4
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PIB - Personal Internet Banking

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1958 kB
Transfer

2031 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://un-pac-e-vinci.eurizoncapital.com/?utm_source=bapr&utm_medium=loginbanner&utm_campaign=concorso2022
Title: SCOPRI DI PIU'

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response wwwbapr.online/	91 KB 14 KB	1070ms 583ms	Document text/html	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://wwwbapr.online/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `b57910820c90d33dc14ce84621329d8a37c08786a858308478d7851b682defbd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language it-IT,it;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Tue, 12 Sep 2023 12:35:03 GMT server Apache
GET H2	200	styles.efb08ee55d4716b9f06f.css wwwbapr.online/index_files/	519 KB 519 KB	84ms 84ms	Stylesheet text/css	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Requested by Host: wwwbapr.online URL: https://wwwbapr.online/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `dafc8e4428f8839c71b2aed2e0c16fc1202b07f8722b02af5cf525cb79648d76` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT last-modified Wed, 24 Aug 2022 12:11:44 GMT server Apache accept-ranges bytes etag "81a62-5e6fb95906000" content-length 531042 content-type text/css
GET H2	200	public-light-theme-header-logo.png wwwbapr.online/index_files/	10 KB 10 KB	144ms 144ms	Image image/png	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://wwwbapr.online/index_files/public-light-theme-header-logo.png Requested by Host: wwwbapr.online URL: https://wwwbapr.online/ Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `28116eebaac6133dc16346af3de0098d9839b392d9b458990c0e073090ca071d` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT last-modified Wed, 24 Aug 2022 12:11:44 GMT server Apache accept-ranges bytes etag "2822-5e6fb95906000" content-length 10274 content-type image/png
GET H/1.1	200 OK	/ www.banking4you.it/apps/pib2/05036brand0/	0 0	264ms 67ms	Image text/html	193.41.84.72 CSEBO-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.banking4you.it/apps/pib2/05036brand0/ Requested by Host: wwwbapr.online URL: https://wwwbapr.online/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 193.41.84.72 , Italy, ASN15981 (CSEBO-NET, IT), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers
GET H/1.1	200 OK	loginBannerMobile1.png www.bapr.it/wp-content/uploads/	609 KB 610 KB	544ms 69ms	Image image/png	18.66.192.58 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.bapr.it/wp-content/uploads/loginBannerMobile1.png Requested by Host: wwwbapr.online URL: https://wwwbapr.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.192.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-58.muc50.r.cloudfront.net Software / Resource Hash `5efe3da3b1aff21ceff1298af1969b612d4a302cefc60a620716ba152e6dfb9c` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 12 Sep 2023 12:25:12 GMT Via 1.1 28e56b9ddced4ed414e75f87cbd0d976.cloudfront.net (CloudFront) Last-Modified Fri, 05 Aug 2022 08:11:11 GMT X-Amz-Cf-Pop MUC50-P1 Age 592 ETag "62ecd09f-9834b" X-Cache Hit from cloudfront Content-Type image/png Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 623435 X-Amz-Cf-Id jVDpg2t9cxjRluYgaRa4RSnSskslZvTwbuc0xBpDLJDw13p6wLipbg== Expires Thu, 12 Oct 2023 12:25:12 GMT
GET H/1.1	200 OK	LoginBannerMobile2.jpg www.bapr.it/wp-content/uploads/	180 KB 181 KB	567ms 86ms	Image image/jpeg	18.66.192.58 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.bapr.it/wp-content/uploads/LoginBannerMobile2.jpg Requested by Host: wwwbapr.online URL: https://wwwbapr.online/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.192.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-58.muc50.r.cloudfront.net Software / Resource Hash `adb3ba0cb6989aa9fc95c21251db80165a6a28bcd7bb8ff1e023af2f9aa203b6` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/ User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Date Tue, 12 Sep 2023 12:25:11 GMT Via 1.1 af1bbc213b3a9ee2f125be77ca3609a0.cloudfront.net (CloudFront) Last-Modified Thu, 19 May 2022 16:00:10 GMT X-Amz-Cf-Pop MUC50-P1 Age 593 ETag "6286698a-2d050" X-Cache Hit from cloudfront Content-Type image/jpeg Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 184400 X-Amz-Cf-Id ZljGKZZGAKuBZyAqB1HNS5dLwI_I1RbIsabmkK2VnbVhRosWvZVarQ== Expires Thu, 12 Oct 2023 12:25:11 GMT
GET H2	404	public-light-theme-footer-logo.png wwwbapr.online/index_files/assets/	315 B 315 B	71ms 70ms	Image text/html	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Show image Full URL https://wwwbapr.online/index_files/assets/public-light-theme-footer-logo.png Requested by Host: wwwbapr.online URL: https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers accept-language it-IT,it;q=0.9 Referer https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT content-encoding gzip server Apache content-type text/html; charset=iso-8859-1
GET H2	200	Lato-Bold.89b618086a797a8be0f4.woff wwwbapr.online/index_files/	302 KB 303 KB	73ms 72ms	Font application/font-woff	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://wwwbapr.online/index_files/Lato-Bold.89b618086a797a8be0f4.woff Requested by Host: wwwbapr.online URL: https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `0e56b17d142eb366c8007031d14e34da48c70b4a9d9a0ca492e696a7bae45e1e` Request headers Referer https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Origin https://wwwbapr.online accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT last-modified Wed, 24 Aug 2022 12:16:04 GMT server Apache accept-ranges bytes etag "4b9e0-5e6fba50fa900" content-length 309728 content-type application/font-woff
GET H2	200	iconfont.970f44aa80e156c05b48.woff2 wwwbapr.online/index_files/	18 KB 18 KB	87ms 86ms	Font application/octet-stream	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://wwwbapr.online/index_files/iconfont.970f44aa80e156c05b48.woff2?t=1659610353361 Requested by Host: wwwbapr.online URL: https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `fec3e742b0e58731a919c2957f8845f2c2de64e3cfe6e99d82d91c4132e661d0` Request headers Referer https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Origin https://wwwbapr.online accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT last-modified Wed, 24 Aug 2022 12:15:52 GMT server Apache accept-ranges bytes etag "4840-5e6fba4588e00" content-length 18496
GET H2	200	Lato-Regular.1d2ca94dfba6f8d87cfd.woff wwwbapr.online/index_files/	302 KB 302 KB	88ms 88ms	Font application/font-woff	217.160.0.227 IONOS-AS This is ...
General Check archive.org Show headers Download Go to Full URL https://wwwbapr.online/index_files/Lato-Regular.1d2ca94dfba6f8d87cfd.woff Requested by Host: wwwbapr.online URL: https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 217.160.0.227 , Germany, ASN8560 (IONOS-AS This is the joint network for IONOS, Fasthosts, Arsys, 1&1 Mail and Media and 1&1 Telecom. Formerly known as 1&1 Internet SE., DE), Reverse DNS 217-160-0-227.elastic-ssl.ui-r.com Software Apache / Resource Hash `5b9025dda4d7688e3311b0c17eddc501133b807def33effaef6593843cf5416e` Request headers Referer https://wwwbapr.online/index_files/styles.efb08ee55d4716b9f06f.css Origin https://wwwbapr.online accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Tue, 12 Sep 2023 12:35:04 GMT last-modified Wed, 24 Aug 2022 12:16:04 GMT server Apache accept-ranges bytes etag "4b7c8-5e6fba50fa900" content-length 309192 content-type application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Agricola Popolare di Ragusa (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			wwwbapr.online/	1970-01-21 00:18:02	Name: COOKIE_KEY Value: 169452210337
			www.bapr.it/	1970-01-20 14:52:06	Name: AWSALBCORS Value: J5oRwR2At4DBX/FqMAFRlkc/6/lLyv8A48FReAbRrHoXUvCgpvoTRGsiEzW11r7fioFxe8O1K9XkOPworUDjyTuHS1ywvO/84Kio/70om6SZYqfNRuCUgq1FSndt

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://wwwbapr.online/index_files/assets/public-light-theme-footer-logo.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.banking4you.it
www.bapr.it
wwwbapr.online
18.66.192.58
193.41.84.72
217.160.0.227
0e56b17d142eb366c8007031d14e34da48c70b4a9d9a0ca492e696a7bae45e1e
28116eebaac6133dc16346af3de0098d9839b392d9b458990c0e073090ca071d
5b9025dda4d7688e3311b0c17eddc501133b807def33effaef6593843cf5416e
5efe3da3b1aff21ceff1298af1969b612d4a302cefc60a620716ba152e6dfb9c
adb3ba0cb6989aa9fc95c21251db80165a6a28bcd7bb8ff1e023af2f9aa203b6
b57910820c90d33dc14ce84621329d8a37c08786a858308478d7851b682defbd
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
dafc8e4428f8839c71b2aed2e0c16fc1202b07f8722b02af5cf525cb79648d76
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fec3e742b0e58731a919c2957f8845f2c2de64e3cfe6e99d82d91c4132e661d0

wwwbapr.online Open in urlscan Pro 217.160.0.227 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

3 Countries

1958 kBTransfer

2031 kBSize

2 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

wwwbapr.online Open in urlscan Pro
217.160.0.227 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

1958 kB
Transfer

2031 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!