accessobapr.com Open in urlscan Pro
81.88.53.112 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://accessobapr.com/
Submission Tags: @ecarlesi threat #phishing Search All
Submission: On September 12 via api (September 12th 2023, 10:52:07 am UTC) from CA — Scanned from IT

Summary HTTP 10 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 10 HTTP transactions. The main IP is 81.88.53.112, located in Italy and belongs to REGISTER-AS, IT. The main domain is accessobapr.com.
TLS certificate: Issued by R3 on September 12th 2023. Valid for: 3 months.

This is the only time accessobapr.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Agricola Popolare di Ragusa (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	81.88.53.112 81.88.53.112	39729 (REGISTER-AS) (REGISTER-AS)
1	193.41.84.72 193.41.84.72	15981 (CSEBO-NET) (CSEBO-NET)
2	18.66.192.58 18.66.192.58	16509 (AMAZON-02) (AMAZON-02)
10	3

7 81.88.53.112 (Italy)

ASN39729 (REGISTER-AS, IT)
PTR: lhcp3362.webapps.net

accessobapr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.41.84.72 (Italy)

ASN15981 (CSEBO-NET, IT)

www.banking4you.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.192.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-58.muc50.r.cloudfront.net

www.bapr.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	accessobapr.com accessobapr.com	639 KB
2	bapr.it www.bapr.it	791 KB
1	banking4you.it www.banking4you.it
10	3

	Domain	Requested by
7	accessobapr.com	accessobapr.com
2	www.bapr.it	accessobapr.com
1	www.banking4you.it	accessobapr.com
10	3

This site contains links to these domains. Also see Links.

Domain
un-pac-e-vinci.eurizoncapital.com

Subject Issuer	Validity	Valid
www.accessobapr.com R3	`2023-09-12` - `2023-12-11`	3 months	crt.sh
www.banking4you.it DigiCert EV RSA CA G2	`2023-04-04` - `2024-04-30`	a year	crt.sh
www.bapr.it Amazon RSA 2048 M02	`2022-12-27` - `2024-01-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://accessobapr.com/
Frame ID: D2E5D2F01D4BB08A2FEE3D0AD7DFD2BB
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PIB - Personal Internet Banking

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1430 kB
Transfer

2032 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://un-pac-e-vinci.eurizoncapital.com/?utm_source=bapr&utm_medium=loginbanner&utm_campaign=concorso2022
Title: SCOPRI DI PIU'

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response accessobapr.com/	91 KB 11 KB	590ms 80ms	Document text/html	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL https://accessobapr.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / PHP/8.0.30 Resource Hash `b57910820c90d33dc14ce84621329d8a37c08786a858308478d7851b682defbd` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers content-encoding gzip content-length 10749 content-type text/html; charset=UTF-8 date Tue, 12 Sep 2023 10:52:02 GMT server Apache vary Accept-Encoding,User-Agent x-powered-by PHP/8.0.30
GET H2	200	styles.efb08ee55d4716b9f06f.css accessobapr.com/index_files/	519 KB 52 KB	96ms 95ms	Stylesheet text/css	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Requested by Host: accessobapr.com URL: https://accessobapr.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `dafc8e4428f8839c71b2aed2e0c16fc1202b07f8722b02af5cf525cb79648d76` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT content-encoding gzip last-modified Wed, 24 Aug 2022 12:11:44 GMT server Apache etag "920135-81a62-5e6fb95906000-gzip" vary Accept-Encoding,User-Agent content-type text/css accept-ranges bytes content-length 53280
GET H2	200	public-light-theme-header-logo.png accessobapr.com/index_files/	10 KB 10 KB	69ms 68ms	Image image/png	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://accessobapr.com/index_files/public-light-theme-header-logo.png Requested by Host: accessobapr.com URL: https://accessobapr.com/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `28116eebaac6133dc16346af3de0098d9839b392d9b458990c0e073090ca071d` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT last-modified Wed, 24 Aug 2022 12:11:44 GMT server Apache accept-ranges bytes etag "920134-2822-5e6fb95906000" content-length 10274 content-type image/png
GET H/1.1	200 OK	/ www.banking4you.it/apps/pib2/05036brand0/	0 0	340ms 96ms	Image text/html	193.41.84.72 CSEBO-NET
General Check archive.org Show headers Download Go to Show image Full URL https://www.banking4you.it/apps/pib2/05036brand0/ Requested by Host: accessobapr.com URL: https://accessobapr.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 193.41.84.72 , Italy, ASN15981 (CSEBO-NET, IT), Reverse DNS Software / Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers
GET H/1.1	200 OK	loginBannerMobile1.png www.bapr.it/wp-content/uploads/	609 KB 610 KB	885ms 122ms	Image image/png	18.66.192.58 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.bapr.it/wp-content/uploads/loginBannerMobile1.png Requested by Host: accessobapr.com URL: https://accessobapr.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.192.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-58.muc50.r.cloudfront.net Software / Resource Hash `5efe3da3b1aff21ceff1298af1969b612d4a302cefc60a620716ba152e6dfb9c` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers Date Tue, 12 Sep 2023 10:39:49 GMT Via 1.1 47755cdb8b36419a04f12ee3c24f7fae.cloudfront.net (CloudFront) Last-Modified Fri, 05 Aug 2022 08:11:11 GMT X-Amz-Cf-Pop MUC50-P1 Age 734 ETag "62ecd09f-9834b" X-Cache Hit from cloudfront Content-Type image/png Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 623435 X-Amz-Cf-Id QdPzxXcdGJNbs0vSYUzpFu81tQj1X366JwnF0E6tSMKQ7rjy5WTXPQ== Expires Thu, 12 Oct 2023 10:39:49 GMT
GET H/1.1	200 OK	LoginBannerMobile2.jpg www.bapr.it/wp-content/uploads/	180 KB 181 KB	877ms 114ms	Image image/jpeg	18.66.192.58 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.bapr.it/wp-content/uploads/LoginBannerMobile2.jpg Requested by Host: accessobapr.com URL: https://accessobapr.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.66.192.58 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-66-192-58.muc50.r.cloudfront.net Software / Resource Hash `adb3ba0cb6989aa9fc95c21251db80165a6a28bcd7bb8ff1e023af2f9aa203b6` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers Date Tue, 12 Sep 2023 10:39:49 GMT Via 1.1 3ddbbcaacc1ba68ddfab04ef45c3ca98.cloudfront.net (CloudFront) Last-Modified Thu, 19 May 2022 16:00:10 GMT X-Amz-Cf-Pop MUC50-P1 Age 734 ETag "6286698a-2d050" X-Cache Hit from cloudfront Content-Type image/jpeg Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 184400 X-Amz-Cf-Id OK94GAZjOEjE-k_1GdF_o6d6yuK-baxsezp4yU7Q5e9EEsKMWRfayA== Expires Thu, 12 Oct 2023 10:39:49 GMT
GET H2	404	public-light-theme-footer-logo.png accessobapr.com/index_files/assets/	1 KB 1 KB	76ms 75ms	Image text/html	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Show image Full URL https://accessobapr.com/index_files/assets/public-light-theme-footer-logo.png Requested by Host: accessobapr.com URL: https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `803d05351ebda6c556fcc4cd2087b1ef16c3fbbc0d6f4e494157fc7a770142be` Request headers accept-language it-IT,it;q=0.9 Referer https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT server Apache accept-ranges bytes content-type text/html
GET H2	200	Lato-Bold.89b618086a797a8be0f4.woff accessobapr.com/index_files/	302 KB 274 KB	77ms 76ms	Font font/woff	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL https://accessobapr.com/index_files/Lato-Bold.89b618086a797a8be0f4.woff Requested by Host: accessobapr.com URL: https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `0e56b17d142eb366c8007031d14e34da48c70b4a9d9a0ca492e696a7bae45e1e` Request headers Referer https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Origin https://accessobapr.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT content-encoding gzip last-modified Wed, 24 Aug 2022 12:16:04 GMT server Apache etag "920132-4b9e0-5e6fba50fa900-gzip" vary Accept-Encoding,User-Agent content-type font/woff accept-ranges bytes
GET H2	200	iconfont.970f44aa80e156c05b48.woff2 accessobapr.com/index_files/	18 KB 18 KB	75ms 74ms	Font font/woff2	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL https://accessobapr.com/index_files/iconfont.970f44aa80e156c05b48.woff2?t=1659610353361 Requested by Host: accessobapr.com URL: https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `fec3e742b0e58731a919c2957f8845f2c2de64e3cfe6e99d82d91c4132e661d0` Request headers Referer https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Origin https://accessobapr.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT content-encoding gzip last-modified Wed, 24 Aug 2022 12:15:52 GMT server Apache etag "920131-4840-5e6fba4588e00-gzip" vary Accept-Encoding,User-Agent content-type font/woff2 accept-ranges bytes content-length 18519
GET H2	200	Lato-Regular.1d2ca94dfba6f8d87cfd.woff accessobapr.com/index_files/	302 KB 273 KB	83ms 82ms	Font font/woff	81.88.53.112 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL https://accessobapr.com/index_files/Lato-Regular.1d2ca94dfba6f8d87cfd.woff Requested by Host: accessobapr.com URL: https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 81.88.53.112 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS lhcp3362.webapps.net Software Apache / Resource Hash `5b9025dda4d7688e3311b0c17eddc501133b807def33effaef6593843cf5416e` Request headers Referer https://accessobapr.com/index_files/styles.efb08ee55d4716b9f06f.css Origin https://accessobapr.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36 Response headers date Tue, 12 Sep 2023 10:52:02 GMT content-encoding gzip last-modified Wed, 24 Aug 2022 12:16:04 GMT server Apache etag "920133-4b7c8-5e6fba50fa900-gzip" vary Accept-Encoding,User-Agent content-type font/woff accept-ranges bytes

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Agricola Popolare di Ragusa (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			accessobapr.com/	1970-01-21 00:17:55	Name: COOKIE_KEY Value: 169451592255
			www.bapr.it/	1970-01-20 14:52:00	Name: AWSALBCORS Value: 4seesNy0l/meAumBqjYNZCU5+5wMCeOzeNixJvqZuDansiReKbqV9pMhDPUbcL4kOx5VTKOBVcNQr1J/zithRgJRJk1lXGFpxmwR8Yht9pmAoF9vDw1mxCGU4zAH

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://accessobapr.com/index_files/assets/public-light-theme-footer-logo.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accessobapr.com
www.banking4you.it
www.bapr.it
18.66.192.58
193.41.84.72
81.88.53.112
0e56b17d142eb366c8007031d14e34da48c70b4a9d9a0ca492e696a7bae45e1e
28116eebaac6133dc16346af3de0098d9839b392d9b458990c0e073090ca071d
5b9025dda4d7688e3311b0c17eddc501133b807def33effaef6593843cf5416e
5efe3da3b1aff21ceff1298af1969b612d4a302cefc60a620716ba152e6dfb9c
803d05351ebda6c556fcc4cd2087b1ef16c3fbbc0d6f4e494157fc7a770142be
adb3ba0cb6989aa9fc95c21251db80165a6a28bcd7bb8ff1e023af2f9aa203b6
b57910820c90d33dc14ce84621329d8a37c08786a858308478d7851b682defbd
dafc8e4428f8839c71b2aed2e0c16fc1202b07f8722b02af5cf525cb79648d76
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fec3e742b0e58731a919c2957f8845f2c2de64e3cfe6e99d82d91c4132e661d0

accessobapr.com Open in urlscan Pro 81.88.53.112 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

1430 kBTransfer

2032 kBSize

2 Cookies

1 Outgoing links

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

accessobapr.com Open in urlscan Pro
81.88.53.112 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

1430 kB
Transfer

2032 kB
Size

2
Cookies

10 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!