www2.ltaxgo.net Open in urlscan Pro
203.172.40.199  Malicious Activity! Public Scan

Submitted URL: https://fe5444564dw.pro/90667
Effective URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Submission: On October 27 via manual from IT — Scanned from IT

Summary

This website contacted 4 IPs in 4 countries across 5 domains to perform 18 HTTP transactions. The main IP is 203.172.40.199, located in Bangkok, Thailand and belongs to CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH. The main domain is www2.ltaxgo.net.
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on August 6th 2023. Valid for: a year.
This is the only time www2.ltaxgo.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banca Intesa Sanpaolo (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 162.159.137.9 13335 (CLOUDFLAR...)
1 2 8.219.112.240 45102 (ALIBABA-C...)
1 14 203.172.40.199 4750 (CSLOXINFO...)
2 142.250.184.234 15169 (GOOGLE)
2 142.250.186.163 ()
18 4
Apex Domain
Subdomains
Transfer
14 ltaxgo.net
www2.ltaxgo.net
2 MB
2 gstatic.com
fonts.gstatic.com
92 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31
3 KB
2 docis.io
test.docis.io
647 B
1 fe5444564dw.pro
fe5444564dw.pro
668 B
18 5
Domain Requested by
14 www2.ltaxgo.net 1 redirects www2.ltaxgo.net
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com www2.ltaxgo.net
2 test.docis.io 1 redirects
1 fe5444564dw.pro 1 redirects
18 5

This site contains links to these domains. Also see Links.

Domain
nicepage.com
Subject Issuer Validity Valid
test.docis.io
R3
2023-10-11 -
2024-01-09
3 months crt.sh
*.ltaxgo.net
RapidSSL TLS RSA CA G1
2023-08-06 -
2024-08-14
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-10-09 -
2024-01-01
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-10-09 -
2024-01-01
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Frame ID: E45EBDD365C79BE5A3945322AF37A4C1
Requests: 18 HTTP requests in this frame

Screenshot

Page Title

Entra - lntesa Sanpaolo

Page URL History Show full URLs

  1. https://fe5444564dw.pro/90667 HTTP 301
    https://test.docis.io/language/en-IT/ HTTP 302
    https://test.docis.io/language/en-IT/good.php Page URL
  2. https://www2.ltaxgo.net/_excel_template/languages/en-IT/ HTTP 302
    https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

4
IPs

4
Countries

1826 kB
Transfer

1885 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fe5444564dw.pro/90667 HTTP 301
    https://test.docis.io/language/en-IT/ HTTP 302
    https://test.docis.io/language/en-IT/good.php Page URL
  2. https://www2.ltaxgo.net/_excel_template/languages/en-IT/ HTTP 302
    https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://fe5444564dw.pro/90667 HTTP 301
  • https://test.docis.io/language/en-IT/ HTTP 302
  • https://test.docis.io/language/en-IT/good.php

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
good.php
test.docis.io/language/en-IT/
Redirect Chain
  • https://fe5444564dw.pro/90667
  • https://test.docis.io/language/en-IT/
  • https://test.docis.io/language/en-IT/good.php
187 B
419 B
Document
General
Full URL
https://test.docis.io/language/en-IT/good.php
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
8.219.112.240 , Singapore, ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN),
Reverse DNS
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
89bb4a7f3ad3f5b93e7bb1f9808131c9480d8b1a4cc56d350959340af771abbf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
168
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Oct 2023 07:20:23 GMT
Keep-Alive
timeout=5, max=99
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Oct 2023 07:20:22 GMT
Keep-Alive
timeout=5, max=100
Location
./good.php
Server
Apache/2.4.29 (Ubuntu)
Primary Request page1.php
www2.ltaxgo.net/_excel_template/languages/en-IT/
Redirect Chain
  • https://www2.ltaxgo.net/_excel_template/languages/en-IT/
  • https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
5 KB
6 KB
Document
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 / PHP/7.2.34
Resource Hash
a52e84549874d77b0266827a9e8268476b4a79e483bdeb6f876a6f7386eec3e3

Request headers

Referer
https://test.docis.io/language/en-IT/good.php
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

Connection
Keep-Alive
Content-Length
5498
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Oct 2023 07:20:33 GMT
Keep-Alive
timeout=5, max=99
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
X-Powered-By
PHP/7.2.34

Redirect headers

Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Fri, 27 Oct 2023 07:20:32 GMT
Keep-Alive
timeout=5, max=100
Location
./page1.php
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
X-Powered-By
PHP/7.2.34
nsc.css
www2.ltaxgo.net/_excel_template/languages/en-IT/css/
1 MB
1 MB
Stylesheet
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/css/nsc.css
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
feab1b46d3316bdf0038b370b1927ca5b5e9defaa9271b918fac15d470a5f51e

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:34 GMT
Last-Modified
Wed, 17 May 2023 00:51:08 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"15bb07-5fbd915563700"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1424135
page1.css
www2.ltaxgo.net/_excel_template/languages/en-IT/css/
3 KB
3 KB
Stylesheet
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/css/page1.css
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
3e5f0e2c9c5814e55365481468e5d9e59b74730445ecdd9c86f78b479872fe71

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 01:18:22 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"c4f-5fbd976bb1380"
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3151
css
fonts.googleapis.com/
57 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f10.1e100.net
Software
ESF /
Resource Hash
06d0284d9583f027fd84d0542370fde07e9659dfcdf11ce43c760893e76b433a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 27 Oct 2023 07:20:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 06:21:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 27 Oct 2023 07:20:27 GMT
css
fonts.googleapis.com/
10 KB
688 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Anek+Latin:100,200,300,400,500,600,700,800
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f10.1e100.net
Software
ESF /
Resource Hash
efa8967cdeed95b29039184ef1a8fc9b383a07e5349ad0a403c0891aae6d29c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 27 Oct 2023 07:20:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 27 Oct 2023 07:20:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 27 Oct 2023 07:20:27 GMT
lg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
5 KB
5 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/lg.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"146d-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
5229
3.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
12 KB
13 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/3.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
f40cfcbb33e0f26cc1d9058029ae4677835da2bf818037bcbd4fc8d8f43de028

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"3119-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
12569
ic.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
2 KB
3 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/ic.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"947-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2375
2889676-dc8ebd9c.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
4 KB
4 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/2889676-dc8ebd9c.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
cc21a2ed11f7bb03771124280eca4bfb2148e082792f852c60553f13b13ace89

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"e58-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
3672
2252525-8d3e35bd.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
4 KB
5 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/2252525-8d3e35bd.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
bdd97c4875f6293bc6fe9f786cb0afc3476596ca5faf2152ce829cff943ca67f

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"10cf-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4303
271226-77cd19e5.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
2 KB
2 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/271226-77cd19e5.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
fd623c85284adf260534a42685e02684a86b5094ae2dcf737444b8f3286891dc

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"7d3-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2003
log-b1.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
115 KB
115 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/log-b1.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
e80f82e24252d971ecc06f33eba800e815eba68732c0ef215754a2cd934653bd

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"1cc2b-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
117803
gg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
5 KB
5 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/gg.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
09c850d89f41e9c808d6bd12871bcfc7e6f7d76cd1f7f959a5d79ffb800f8de2

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"133f-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
4927
ftlg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/
11 KB
11 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/images/ftlg.png
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
10ca81e1589cc3b4b1d18a25ee6acf121970effa02449deb4beb17a880af41fd

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:35 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"2c84-5fbd893849280"
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
11396
bg.jpg
www2.ltaxgo.net/_excel_template/languages/en-IT/css/images/
167 KB
168 KB
Image
General
Full URL
https://www2.ltaxgo.net/_excel_template/languages/en-IT/css/images/bg.jpg
Requested by
Host: www2.ltaxgo.net
URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/css/page1.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.172.40.199 Bangkok, Thailand, ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH),
Reverse DNS
reverse-203-172-40-199.csloxinfo.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34 /
Resource Hash
3dfdcfa048fed447c732d2849245bc6999d26d6bcc91a93f4a1ce5bc2f140c5a

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://www2.ltaxgo.net/_excel_template/languages/en-IT/css/page1.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

Date
Fri, 27 Oct 2023 07:20:36 GMT
Last-Modified
Wed, 17 May 2023 00:14:50 GMT
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 PHP/7.2.34
ETag
"29cf6-5fbd893849280"
Content-Type
image/jpeg
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
171254
co3WmWZulTRoU4a8dqrWiajBS5ByUkvdrluH-z-KzhM.woff2
fonts.gstatic.com/s/aneklatin/v5/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/aneklatin/v5/co3WmWZulTRoU4a8dqrWiajBS5ByUkvdrluH-z-KzhM.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Anek+Latin:100,200,300,400,500,600,700,800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
ed700dec7f0cd684af79991df1723dd8e2596ba712879c7961c55908274a666a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www2.ltaxgo.net
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Wed, 25 Oct 2023 16:43:08 GMT
x-content-type-options
nosniff
age
139041
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44648
x-xss-protection
0
last-modified
Wed, 13 Sep 2023 22:31:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Oct 2024 16:43:08 GMT
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v36/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:100,100i,300,300i,400,400i,500,500i,700,700i,900,900i|Open+Sans:300,300i,400,400i,500,500i,600,600i,700,700i,800,800i
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.163 -, , ASN (),
Reverse DNS
Software
sffe /
Resource Hash
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www2.ltaxgo.net
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.117 Safari/537.36

Response headers

date
Thu, 26 Oct 2023 18:16:19 GMT
x-content-type-options
nosniff
age
47051
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48432
x-xss-protection
0
last-modified
Thu, 14 Sep 2023 00:40:31 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 25 Oct 2024 18:16:19 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banca Intesa Sanpaolo (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Domain/Path Name / Value
.fe5444564dw.pro/ Name: __cf_bm
Value: 5TWhQHLWesyKgrtWOMGJEYxp_eL4I4EDEsAmTTJ9fSc-1698391222-0-Adjmu4YORI1+CgQl5RC+Ly5ZYBjbY32zO/u1AVPinV0gfFNOqr5lGt2NQWkEvAAEo0KtR+icV3sNoEyEiQtXtls=
.fe5444564dw.pro/ Name: _cfuvid
Value: zmd8ScyHHt4NDV.ezKmYfQ4pk8gOd1GyUj94Knhh0tM-1698391222219-0-604800000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fe5444564dw.pro
fonts.googleapis.com
fonts.gstatic.com
test.docis.io
www2.ltaxgo.net
142.250.184.234
142.250.186.163
162.159.137.9
203.172.40.199
8.219.112.240
06d0284d9583f027fd84d0542370fde07e9659dfcdf11ce43c760893e76b433a
09c850d89f41e9c808d6bd12871bcfc7e6f7d76cd1f7f959a5d79ffb800f8de2
10ca81e1589cc3b4b1d18a25ee6acf121970effa02449deb4beb17a880af41fd
3dfdcfa048fed447c732d2849245bc6999d26d6bcc91a93f4a1ce5bc2f140c5a
3e5f0e2c9c5814e55365481468e5d9e59b74730445ecdd9c86f78b479872fe71
559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8
89bb4a7f3ad3f5b93e7bb1f9808131c9480d8b1a4cc56d350959340af771abbf
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
a52e84549874d77b0266827a9e8268476b4a79e483bdeb6f876a6f7386eec3e3
af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727
bdd97c4875f6293bc6fe9f786cb0afc3476596ca5faf2152ce829cff943ca67f
cc21a2ed11f7bb03771124280eca4bfb2148e082792f852c60553f13b13ace89
e80f82e24252d971ecc06f33eba800e815eba68732c0ef215754a2cd934653bd
ed700dec7f0cd684af79991df1723dd8e2596ba712879c7961c55908274a666a
efa8967cdeed95b29039184ef1a8fc9b383a07e5349ad0a403c0891aae6d29c6
f40cfcbb33e0f26cc1d9058029ae4677835da2bf818037bcbd4fc8d8f43de028
fd623c85284adf260534a42685e02684a86b5094ae2dcf737444b8f3286891dc
feab1b46d3316bdf0038b370b1927ca5b5e9defaa9271b918fac15d470a5f51e