www.admincasalogin.itstream.me Open in urlscan Pro
198.54.116.166  Malicious Activity! Public Scan

2 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.admincasalogin.itstream.me/	12 KB 3 KB	502ms 168ms	Document text/html	198.54.116.166 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://www.admincasalogin.itstream.me/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.116.166 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server97-5.web-hosting.com Software LiteSpeed / PHP/7.2.34 Resource Hash 2a3e1d8e11b66047e3290bc3c322873f1c578e63dcebccfb61c4d3d2073fe17e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding br content-type text/html; charset=UTF-8 date Thu, 05 May 2022 11:53:41 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.2.34 x-turbo-charged-by LiteSpeed
GET H2	200	main.css www.admincasalogin.itstream.me/assets/css/	30 KB 6 KB	163ms 162ms	Stylesheet text/css	198.54.116.166 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://www.admincasalogin.itstream.me/assets/css/main.css Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.116.166 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server97-5.web-hosting.com Software LiteSpeed / Resource Hash fe0bc220515254d76f5eb23d20ca7ec088e8410103774853090d6a88231ce30c Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Thu, 05 May 2022 11:53:42 GMT content-encoding br last-modified Sun, 27 Oct 2019 02:51:38 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 6233 expires Thu, 12 May 2022 11:53:42 GMT
GET H/1.1	200 OK	LimitsLightbox.css admin.casa.it/css/	2 KB 2 KB	99ms 30ms	Stylesheet text/css	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admin.casa.it/css/LimitsLightbox.css?v=2019.10.17.1 Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 653d79c3d411f5b94718410b635489a9d21cf0460ab1b521b27ca3e562daeb2b Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT Content-Encoding gzip ETag "0e346ccf827d81:0" Last-Modified Tue, 22 Feb 2022 14:30:54 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Vary Accept-Encoding Content-Length 781
GET H/1.1	200 OK	jquery-ui-1.8.2.custom.css admin.casa.it/js/jquery/jquery-ui-1.8.2.custom/css/blitzer/	31 KB 7 KB	100ms 31ms	Stylesheet text/css	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admin.casa.it/js/jquery/jquery-ui-1.8.2.custom/css/blitzer/jquery-ui-1.8.2.custom.css?v=2019.10.17.1 Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash cdbbbbcc0ee723a1d4f46753573f7b8c8e21257f16728307f9f2b6afcf83b7ec Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT Content-Encoding gzip ETag "8079dfccf827d81:0" Last-Modified Tue, 22 Feb 2022 14:30:55 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type text/css Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Vary Accept-Encoding Content-Length 5956
GET H/1.1	200 OK	jquery-1.4.2.js Show response admin.casa.it/js/jquery/	220 KB 66 KB	135ms 67ms	Script application/javascript	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admin.casa.it/js/jquery/jquery-1.4.2.js?v=2019.10.17.1 Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash bd3fc5dfc5a7a438d91079c7e9c3e693a57720358e47d968041a6c520a313cc0 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT Content-Encoding gzip Vary Accept-Encoding Last-Modified Tue, 22 Feb 2022 14:30:55 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type application/javascript Cache-Control max-age=604800 Transfer-Encoding chunked Connection keep-alive Accept-Ranges bytes ETag "8079dfccf827d81:0"
GET H/1.1	200 OK	jquery-ui-1.8.2.custom.min.js Show response admin.casa.it/js/jquery/jquery-ui-1.8.2.custom/js/	202 KB 51 KB	129ms 59ms	Script application/javascript	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admin.casa.it/js/jquery/jquery-ui-1.8.2.custom/js/jquery-ui-1.8.2.custom.min.js?v=2019.10.17.1 Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 9beb42abc9da03187ae4983742c5bc51ce0667003695795efc69b56d543ae3bd Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT Content-Encoding gzip ETag "8079dfccf827d81:0" Last-Modified Tue, 22 Feb 2022 14:30:55 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type application/javascript Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Vary Accept-Encoding Content-Length 51446
GET H/1.1	200 OK	jquery.jqprint.0.3.js Show response admin.casa.it/js/jquery/	2 KB 2 KB	103ms 31ms	Script application/javascript	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://admin.casa.it/js/jquery/jquery.jqprint.0.3.js?v=2019.10.17.1 Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 740febea2144d7a31ce8a6b2730c3689da1b9c43b5bdd26bf7e28d1b4e44e5e8 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT Content-Encoding gzip ETag "8079dfccf827d81:0" Last-Modified Tue, 22 Feb 2022 14:30:55 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type application/javascript Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Vary Accept-Encoding Content-Length 1192
GET H2	200	login.css www.admincasalogin.itstream.me/assets/css/	6 KB 2 KB	164ms 163ms	Stylesheet text/css	198.54.116.166 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://www.admincasalogin.itstream.me/assets/css/login.css Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.116.166 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server97-5.web-hosting.com Software LiteSpeed / Resource Hash b41c8ff83ee54e5a7de8cd47cfadfe63838d22ce83fe7948457d09aee2630dac Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Thu, 05 May 2022 11:53:42 GMT content-encoding br last-modified Sun, 27 Oct 2019 01:39:22 GMT server LiteSpeed vary Accept-Encoding content-type text/css cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 1484 expires Thu, 12 May 2022 11:53:42 GMT
GET H/1.1	200 OK	logo_area_admin.png admin.casa.it/img/logos/	6 KB 7 KB	30ms 30ms	Image image/png	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://admin.casa.it/img/logos/logo_area_admin.png Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 4fb70f5d386eaaf8a42b77efb4c53ece7430e2e19ffbc01907d1a9f5a3d630a7 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT ETag "802da4d1f827d81:0" Last-Modified Tue, 22 Feb 2022 14:31:03 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 6102
GET H/1.1	200 OK	logo_info.png admin.casa.it/img/icons/	515 B 1 KB	30ms 29ms	Image image/png	34.243.46.140 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://admin.casa.it/img/icons/logo_info.png Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.243.46.140 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-243-46-140.eu-west-1.compute.amazonaws.com Software Microsoft-IIS/8.5 / ASP.NET Resource Hash d16d32e08b2e5ff2f24b4a88d38611ee505024c199d15f8a4027c6e838bdafd0 Security Headers Name Value X-Frame-Options SAMEORIGIN Request headers accept-language de-DE,de;q=0.9 Referer https://www.admincasalogin.itstream.me/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers Date Thu, 05 May 2022 11:53:42 GMT ETag "802da4d1f827d81:0" Last-Modified Tue, 22 Feb 2022 14:31:03 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=604800 Connection keep-alive Accept-Ranges bytes Content-Length 515
GET H2	200	museo-sans-300-v1.ttf www.admincasalogin.itstream.me/assets/fonts/	46 KB 46 KB	161ms 161ms	Font font/ttf	198.54.116.166 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://www.admincasalogin.itstream.me/assets/fonts/museo-sans-300-v1.ttf Requested by Host: www.admincasalogin.itstream.me URL: https://www.admincasalogin.itstream.me/assets/css/main.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 198.54.116.166 , United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server97-5.web-hosting.com Software LiteSpeed / Resource Hash 084cf92583237900c20fcb0b03c05603c47edc211a4e287e68a4d1ce437c99c9 Request headers Referer https://www.admincasalogin.itstream.me/assets/css/main.css Origin https://www.admincasalogin.itstream.me accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36 Response headers date Thu, 05 May 2022 11:53:42 GMT last-modified Sun, 27 Oct 2019 02:50:10 GMT server LiteSpeed content-type font/ttf cache-control public, max-age=604800 x-turbo-charged-by LiteSpeed accept-ranges bytes content-length 47328 expires Thu, 12 May 2022 11:53:42 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Casa.it (Real Estate)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails function| $ function| jQuery function| DP_jQuery_1651751622273 number| userid function| showCodeDialog function| hideCodeDialog function| showError

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.admincasalogin.itstream.me/	1970-01-20 02:49:18	Name: ci_session Value: 6641c91c85e6d5afe9f18b5f048a133557ef7e3e
			admin.casa.it/	1970-01-20 02:59:16	Name: AWSALBCORS Value: yaqRaDKCiBSM2qscriUjLnsphsVPOy69WFhrYw9k2sPAiiueXUKpfcffLfHxW0D+bNYFS1cL7PFLmLwV5Vtj6nxwE2Au7RnTbzHg6WEjZYUPXueYXZs1c/66R1l+

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin.casa.it
www.admincasalogin.itstream.me
198.54.116.166
34.243.46.140
084cf92583237900c20fcb0b03c05603c47edc211a4e287e68a4d1ce437c99c9
2a3e1d8e11b66047e3290bc3c322873f1c578e63dcebccfb61c4d3d2073fe17e
4fb70f5d386eaaf8a42b77efb4c53ece7430e2e19ffbc01907d1a9f5a3d630a7
653d79c3d411f5b94718410b635489a9d21cf0460ab1b521b27ca3e562daeb2b
740febea2144d7a31ce8a6b2730c3689da1b9c43b5bdd26bf7e28d1b4e44e5e8
9beb42abc9da03187ae4983742c5bc51ce0667003695795efc69b56d543ae3bd
b41c8ff83ee54e5a7de8cd47cfadfe63838d22ce83fe7948457d09aee2630dac
bd3fc5dfc5a7a438d91079c7e9c3e693a57720358e47d968041a6c520a313cc0
cdbbbbcc0ee723a1d4f46753573f7b8c8e21257f16728307f9f2b6afcf83b7ec
d16d32e08b2e5ff2f24b4a88d38611ee505024c199d15f8a4027c6e838bdafd0
fe0bc220515254d76f5eb23d20ca7ec088e8410103774853090d6a88231ce30c