www2.ltaxgo.net Open in urlscan Pro
203.172.40.199 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://fe5444564dw.pro/90667
Effective URL:
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Submission: On October 27 via api (October 27th 2023, 1:52:53 pm UTC) from IT — Scanned from IT

Summary HTTP 18 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 18 HTTP transactions. The main IP is 203.172.40.199, located in Bangkok, Thailand and belongs to CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH. The main domain is www2.ltaxgo.net.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on August 6th 2023. Valid for: a year.

This is the only time www2.ltaxgo.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Intesa Sanpaolo (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	162.159.137.9 162.159.137.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	8.219.112.240 8.219.112.240	45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.)
1 14	203.172.40.199 203.172.40.199	9891 (CSLOX-IDC...) (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited.)
2	142.250.186.74 142.250.186.74	15169 (GOOGLE) (GOOGLE)
2	142.250.185.227 142.250.185.227	() ()
18	4

1 162.159.137.9 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

fe5444564dw.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 8.219.112.240 (Singapore) 1 redirects

ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)

test.docis.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 203.172.40.199 (Bangkok, Thailand) 1 redirects

ASN9891 (CSLOX-IDC-AS-AP CS LOXINFO Public Company Limited., TH)
PTR: reverse-203-172-40-199.csloxinfo.net

www2.ltaxgo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.74 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.227 (None, )

ASN- ()

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	ltaxgo.net 1 redirects www2.ltaxgo.net	2 MB
2	gstatic.com fonts.gstatic.com	92 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	3 KB
2	docis.io 1 redirects test.docis.io	647 B
1	fe5444564dw.pro 1 redirects fe5444564dw.pro	669 B
18	5

	Domain	Requested by
14	www2.ltaxgo.net	1 redirects www2.ltaxgo.net
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	www2.ltaxgo.net
2	test.docis.io	1 redirects
1	fe5444564dw.pro	1 redirects
18	5

This site contains links to these domains. Also see Links.

Domain
nicepage.com

Subject Issuer	Validity	Valid
test.docis.io R3	`2023-10-11` - `2024-01-09`	3 months	crt.sh
*.ltaxgo.net RapidSSL TLS RSA CA G1	`2023-08-06` - `2024-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-09` - `2024-01-01`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Frame ID: 4F033ACEBF4292BBE19BB06043E8F7E9
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Entra - lntesa Sanpaolo

Page URL History Show full URLs

https://fe5444564dw.pro/90667 HTTP 301
https://test.docis.io/language/en-IT/ HTTP 302
https://test.docis.io/language/en-IT/good.php Page URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/ HTTP 302
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1659 kB
Transfer

1798 kB
Size

2
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://nicepage.com/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://fe5444564dw.pro/90667 HTTP 301
https://test.docis.io/language/en-IT/ HTTP 302
https://test.docis.io/language/en-IT/good.php Page URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/ HTTP 302
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://fe5444564dw.pro/90667 HTTP 301
https://test.docis.io/language/en-IT/ HTTP 302
https://test.docis.io/language/en-IT/good.php

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

good.php Show response
test.docis.io/language/en-IT/
Redirect Chain

https://fe5444564dw.pro/90667
https://test.docis.io/language/en-IT/
https://test.docis.io/language/en-IT/good.php

187 B
419 B

720ms
720ms

Document
text/html

8.219.112.240
ALIBABA-CN-NET Al...

General

			Domain/Path	Expires	Name / Value
			.fe5444564dw.pro/	1970-01-20 15:46:56	Name: __cf_bm Value: wGk7V.WF0.m9aTwaxiNhvq3K1fhpNYWyvLoGJwTdpIs-1698414765-0-Aeaj1zgplCcttvWA4SCLu0Pn0IaPPjxtvCfzCFVPlxppXcpctNV/TKOcIrPvSb7nzc/ZmMRZyWy++nBJ3rfog6o=
			.fe5444564dw.pro/	1969-12-31 23:59:59	Name: _cfuvid Value: UBti0Hcs98lmK4yZl_ljLu7Eiqm2D9GSnsvW5DkszAw-1698414765054-0-604800000

www2.ltaxgo.net Open in urlscan Pro 203.172.40.199 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

100 %HTTPS

0 %IPv6

5 Domains

5 Subdomains

4 IPs

4 Countries

1659 kBTransfer

1798 kBSize

2 Cookies

1 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

Indicators

www2.ltaxgo.net Open in urlscan Pro
203.172.40.199 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1659 kB
Transfer

1798 kB
Size

2
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!