lgbttoursneworleans.com Open in urlscan Pro
192.185.175.98 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://lgbttoursneworleans.com/fonts/aws/
Submission: On February 09 via api (February 9th 2023, 5:16:40 pm UTC) from IT — Scanned from IT

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 192.185.175.98, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is lgbttoursneworleans.com.

This is the only time lgbttoursneworleans.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Intesa Sanpaolo (Banking)

Domain & IP information

	IP Address		AS Autonomous System
8	192.185.175.98 192.185.175.98		19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
8	1

8 192.185.175.98 (United States)

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-175-98.unifiedlayer.com

lgbttoursneworleans.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	lgbttoursneworleans.com lgbttoursneworleans.com	452 KB
8	1

	Domain	Requested by
8	lgbttoursneworleans.com	lgbttoursneworleans.com
8	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://lgbttoursneworleans.com/fonts/aws/
Frame ID: CEC242DC2623D2C7A5BA895690176DD6
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loading Page

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

452 kB
Transfer

693 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response lgbttoursneworleans.com/fonts/aws/	334 B 526 B	402ms 149ms	Document text/html	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://lgbttoursneworleans.com/fonts/aws/ Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `01029f114cf1f7c4ff8b090455027c2a5a9ecfc02eb28542d8f45c144e01ed9d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Accept-Ranges none Connection Upgrade, Keep-Alive Content-Encoding gzip Content-Length 244 Content-Type text/html; charset=UTF-8 Date Thu, 09 Feb 2023 17:16:35 GMT Keep-Alive timeout=5, max=75 Server Apache Upgrade h2,h2c Vary Accept-Encoding
GET H/1.1	200 OK	main.395a000f.js Show response lgbttoursneworleans.com/fonts/aws/static/js/	393 KB 150 KB	141ms 141ms	Script application/javascript	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://lgbttoursneworleans.com/fonts/aws/static/js/main.395a000f.js Requested by Host: lgbttoursneworleans.com URL: http://lgbttoursneworleans.com/fonts/aws/ Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `a62eb8b7078bea17897fbf7cad89a76c3c47706845393ead5573051e0288f91e` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Content-Encoding gzip Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Vary Accept-Encoding Transfer-Encoding chunked Content-Type application/javascript Connection Keep-Alive Accept-Ranges none Keep-Alive timeout=5, max=74
GET H/1.1	200 OK	flag_eng.png lgbttoursneworleans.com/fonts/aws/app-assets/img/	1 KB 2 KB	143ms 142ms	Image image/png	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://lgbttoursneworleans.com/fonts/aws/app-assets/img/flag_eng.png Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `b9cf5ac56dd524668e1156759674215a9224dcaec961914e0e36c2c0efcb9bc0` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=73 Content-Length 1502
GET H/1.1	200 OK	logo-intesasanpaolo.png lgbttoursneworleans.com/fonts/aws/app-assets/img/	5 KB 5 KB	130ms 129ms	Image image/png	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://lgbttoursneworleans.com/fonts/aws/app-assets/img/logo-intesasanpaolo.png Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=75 Content-Length 5229
GET H/1.1	200 OK	utente_ok_green.png lgbttoursneworleans.com/fonts/aws/app-assets/img/	2 KB 3 KB	255ms 131ms	Image image/png	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://lgbttoursneworleans.com/fonts/aws/app-assets/img/utente_ok_green.png Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=75 Content-Length 2375
GET H/1.1	200 OK	freccia_dx.png lgbttoursneworleans.com/fonts/aws/app-assets/img/	579 B 846 B	260ms 135ms	Image image/png	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://lgbttoursneworleans.com/fonts/aws/app-assets/img/freccia_dx.png Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `0130c3c398e9a41a9f5ce8566ef6d7e769128c4c87258fd6f9faa0035cd4cae0` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Upgrade h2,h2c Content-Type image/png Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=75 Content-Length 579
GET H/1.1	200 OK	Home.jpg lgbttoursneworleans.com/fonts/aws/app-assets/img/	290 KB 290 KB	261ms 135ms	Image image/jpeg	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Show image Full URL http://lgbttoursneworleans.com/fonts/aws/app-assets/img/Home.jpg Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `9cef654d6ddef27c675f61e68b6e3ff66e78e12bb7f42580c9cbb0427d1f4107` Request headers accept-language it-IT,it;q=0.9 Referer http://lgbttoursneworleans.com/fonts/aws/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Last-Modified Tue, 07 Feb 2023 23:59:24 GMT Server Apache Upgrade h2,h2c Content-Type image/jpeg Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=75 Content-Length 296563
GET H/1.1	200 OK	OpenSans-Regular.eot lgbttoursneworleans.com/fonts/aws/clientlib-site/css/fonts/	680 B 610 B	261ms 138ms	Font text/html	192.185.175.98 NETWORK-SOLUTIONS...
General Check archive.org Show headers Download Go to Full URL http://lgbttoursneworleans.com/fonts/aws/clientlib-site/css/fonts/OpenSans-Regular.eot?2r5i7k Protocol HTTP/1.1 Server 192.185.175.98 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US), Reverse DNS 192-185-175-98.unifiedlayer.com Software Apache / Resource Hash `8ebcba92edd0f2e426448d55c950b787a1fddcca4846ce29a0322d361398ceb3` Request headers Referer http://lgbttoursneworleans.com/fonts/aws/ Origin http://lgbttoursneworleans.com accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.77 Safari/537.36 Response headers Date Thu, 09 Feb 2023 17:16:35 GMT Content-Encoding gzip Server Apache Vary Accept-Encoding Upgrade h2,h2c Content-Type text/html; charset=UTF-8 Connection Upgrade, Keep-Alive Accept-Ranges none Keep-Alive timeout=5, max=75 Content-Length 328

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Intesa Sanpaolo (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: http://lgbttoursneworleans.com/fonts/aws/ Message: Failed to decode downloaded font: http://lgbttoursneworleans.com/fonts/aws/clientlib-site/css/fonts/OpenSans-Regular.eot?2r5i7k
other	warning	URL: http://lgbttoursneworleans.com/fonts/aws/ Message: OTS parsing error: invalid sfntVersion: 1014195058
other	warning	URL: http://lgbttoursneworleans.com/fonts/aws/ Message: Failed to decode downloaded font: http://lgbttoursneworleans.com/fonts/aws/clientlib-site/css/fonts/OpenSans-Regular.eot?2r5i7k
other	warning	URL: http://lgbttoursneworleans.com/fonts/aws/ Message: OTS parsing error: invalid sfntVersion: 1014195058

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

lgbttoursneworleans.com
192.185.175.98
01029f114cf1f7c4ff8b090455027c2a5a9ecfc02eb28542d8f45c144e01ed9d
0130c3c398e9a41a9f5ce8566ef6d7e769128c4c87258fd6f9faa0035cd4cae0
559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8
8ebcba92edd0f2e426448d55c950b787a1fddcca4846ce29a0322d361398ceb3
9cef654d6ddef27c675f61e68b6e3ff66e78e12bb7f42580c9cbb0427d1f4107
a62eb8b7078bea17897fbf7cad89a76c3c47706845393ead5573051e0288f91e
af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727
b9cf5ac56dd524668e1156759674215a9224dcaec961914e0e36c2c0efcb9bc0

lgbttoursneworleans.com Open in urlscan Pro 192.185.175.98 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

452 kBTransfer

693 kBSize

0 Cookies

0 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

0 Cookies

4 Console Messages

Indicators

lgbttoursneworleans.com Open in urlscan Pro
192.185.175.98 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

452 kB
Transfer

693 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!