www2.ltaxgo.net
Open in
urlscan Pro
203.172.40.199
Malicious Activity!
Public Scan
Effective URL: https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Submission: On October 27 via manual from IT — Scanned from IT
Summary
TLS certificate: Issued by RapidSSL TLS RSA CA G1 on August 6th 2023. Valid for: a year.
This is the only time www2.ltaxgo.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banca Intesa Sanpaolo (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 162.159.137.9 162.159.137.9 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 2 | 8.219.112.240 8.219.112.240 | 45102 (ALIBABA-C...) (ALIBABA-CN-NET Alibaba US Technology Co.) | |
1 14 | 203.172.40.199 203.172.40.199 | 4750 (CSLOXINFO...) (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED) | |
2 | 142.250.184.234 142.250.184.234 | 15169 (GOOGLE) (GOOGLE) | |
2 | 142.250.186.163 142.250.186.163 | () () | |
18 | 4 |
ASN45102 (ALIBABA-CN-NET Alibaba US Technology Co., Ltd., CN)
test.docis.io |
ASN4750 (CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED, TH)
PTR: reverse-203-172-40-199.csloxinfo.net
www2.ltaxgo.net |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net
fonts.googleapis.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
ltaxgo.net
1 redirects
www2.ltaxgo.net |
2 MB |
2 |
gstatic.com
fonts.gstatic.com |
92 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31 |
3 KB |
2 |
docis.io
1 redirects
test.docis.io |
647 B |
1 |
fe5444564dw.pro
1 redirects
fe5444564dw.pro |
668 B |
18 | 5 |
Domain | Requested by | |
---|---|---|
14 | www2.ltaxgo.net |
1 redirects
www2.ltaxgo.net
|
2 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | fonts.googleapis.com |
www2.ltaxgo.net
|
2 | test.docis.io | 1 redirects |
1 | fe5444564dw.pro | 1 redirects |
18 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
nicepage.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
test.docis.io R3 |
2023-10-11 - 2024-01-09 |
3 months | crt.sh |
*.ltaxgo.net RapidSSL TLS RSA CA G1 |
2023-08-06 - 2024-08-14 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-10-09 - 2024-01-01 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-10-09 - 2024-01-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php
Frame ID: E45EBDD365C79BE5A3945322AF37A4C1
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Entra - lntesa SanpaoloPage URL History Show full URLs
-
https://fe5444564dw.pro/90667
HTTP 301
https://test.docis.io/language/en-IT/ HTTP 302
https://test.docis.io/language/en-IT/good.php Page URL
-
https://www2.ltaxgo.net/_excel_template/languages/en-IT/
HTTP 302
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://fe5444564dw.pro/90667
HTTP 301
https://test.docis.io/language/en-IT/ HTTP 302
https://test.docis.io/language/en-IT/good.php Page URL
-
https://www2.ltaxgo.net/_excel_template/languages/en-IT/
HTTP 302
https://www2.ltaxgo.net/_excel_template/languages/en-IT/page1.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://fe5444564dw.pro/90667 HTTP 301
- https://test.docis.io/language/en-IT/ HTTP 302
- https://test.docis.io/language/en-IT/good.php
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
good.php
test.docis.io/language/en-IT/ Redirect Chain
|
187 B 419 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
page1.php
www2.ltaxgo.net/_excel_template/languages/en-IT/ Redirect Chain
|
5 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nsc.css
www2.ltaxgo.net/_excel_template/languages/en-IT/css/ |
1 MB 1 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page1.css
www2.ltaxgo.net/_excel_template/languages/en-IT/css/ |
3 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
57 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
10 KB 688 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
3.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ic.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2889676-dc8ebd9c.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
2252525-8d3e35bd.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
271226-77cd19e5.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
log-b1.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
115 KB 115 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ftlg.png
www2.ltaxgo.net/_excel_template/languages/en-IT/images/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
www2.ltaxgo.net/_excel_template/languages/en-IT/css/images/ |
167 KB 168 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
co3WmWZulTRoU4a8dqrWiajBS5ByUkvdrluH-z-KzhM.woff2
fonts.gstatic.com/s/aneklatin/v5/ |
44 KB 44 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v36/ |
47 KB 47 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banca Intesa Sanpaolo (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.fe5444564dw.pro/ | Name: __cf_bm Value: 5TWhQHLWesyKgrtWOMGJEYxp_eL4I4EDEsAmTTJ9fSc-1698391222-0-Adjmu4YORI1+CgQl5RC+Ly5ZYBjbY32zO/u1AVPinV0gfFNOqr5lGt2NQWkEvAAEo0KtR+icV3sNoEyEiQtXtls= |
|
.fe5444564dw.pro/ | Name: _cfuvid Value: zmd8ScyHHt4NDV.ezKmYfQ4pk8gOd1GyUj94Knhh0tM-1698391222219-0-604800000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fe5444564dw.pro
fonts.googleapis.com
fonts.gstatic.com
test.docis.io
www2.ltaxgo.net
142.250.184.234
142.250.186.163
162.159.137.9
203.172.40.199
8.219.112.240
06d0284d9583f027fd84d0542370fde07e9659dfcdf11ce43c760893e76b433a
09c850d89f41e9c808d6bd12871bcfc7e6f7d76cd1f7f959a5d79ffb800f8de2
10ca81e1589cc3b4b1d18a25ee6acf121970effa02449deb4beb17a880af41fd
3dfdcfa048fed447c732d2849245bc6999d26d6bcc91a93f4a1ce5bc2f140c5a
3e5f0e2c9c5814e55365481468e5d9e59b74730445ecdd9c86f78b479872fe71
559bde803d8dedb905509859f3c1d14c9837788f2d5cf6ee26f1518f528d0cf8
89bb4a7f3ad3f5b93e7bb1f9808131c9480d8b1a4cc56d350959340af771abbf
9b1b9d7cb74a9923d83f36f0026f421940b861fd6e1a51b8f79af45492ed4ed5
a52e84549874d77b0266827a9e8268476b4a79e483bdeb6f876a6f7386eec3e3
af48163da7ed2b30cde51f80f1000ea670cedfe33ae6c9fbbb020c3e90da9727
bdd97c4875f6293bc6fe9f786cb0afc3476596ca5faf2152ce829cff943ca67f
cc21a2ed11f7bb03771124280eca4bfb2148e082792f852c60553f13b13ace89
e80f82e24252d971ecc06f33eba800e815eba68732c0ef215754a2cd934653bd
ed700dec7f0cd684af79991df1723dd8e2596ba712879c7961c55908274a666a
efa8967cdeed95b29039184ef1a8fc9b383a07e5349ad0a403c0891aae6d29c6
f40cfcbb33e0f26cc1d9058029ae4677835da2bf818037bcbd4fc8d8f43de028
fd623c85284adf260534a42685e02684a86b5094ae2dcf737444b8f3286891dc
feab1b46d3316bdf0038b370b1927ca5b5e9defaa9271b918fac15d470a5f51e