login.parintinsparasurdover.online Open in urlscan Pro
148.72.144.180 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://login.parintinsparasurdover.online/login.html
Submission: On March 15 via manual (March 15th 2022, 4:54:37 pm UTC) from IT — Scanned from IT

Summary HTTP 3 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 148.72.144.180, located in St Louis, United States and belongs to AS-30083-GO-DADDY-COM-LLC, US. The main domain is login.parintinsparasurdover.online.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 2nd 2022. Valid for: 3 months.

This is the only time login.parintinsparasurdover.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Agos Ducato (Banking)

Domain & IP information

	IP Address		AS Autonomous System
3	148.72.144.180 148.72.144.180		30083 (AS-30083-...) (AS-30083-GO-DADDY-COM-LLC)
3	2

3 148.72.144.180 (St Louis, United States)

ASN30083 (AS-30083-GO-DADDY-COM-LLC, US)
PTR: york.intelsrv.net

login.parintinsparasurdover.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	parintinsparasurdover.online login.parintinsparasurdover.online	770 KB
3	1

	Domain	Requested by
3	login.parintinsparasurdover.online	login.parintinsparasurdover.online
3	1

This site contains links to these domains. Also see Links.

Domain
areaclienti.agosweb.it
www.agoscorporate.it
doc.agosducato.it
www.onetrust.com

Subject Issuer	Validity	Valid
www.login.parintinsparasurdover.online cPanel, Inc. Certification Authority	`2022-03-02` - `2022-05-31`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://login.parintinsparasurdover.online/login.html
Frame ID: 061DF8E79515FE0C231B01A8AAD082F7
Requests: 7 HTTP requests in this frame

Frame: https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource.html
Frame ID: 51950B348DC3CF23E0C059DDFFD6B59A
Requests: 1 HTTP requests in this frame

Frame: https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource(1).html
Frame ID: AF507A4A5715F249407E1009662078D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Portale Clienti AgosBack ButtonSearch IconFilter Icon

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

824 kB
Transfer

869 kB
Size

0
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://areaclienti.agosweb.it/area-clienti/#/pubblica/home

Search URL Search Domain Scan URL

URL: https://areaclienti.agosweb.it/area-clienti/#/pubblica/registrazione/start
Title: Registrati ora

Search URL Search Domain Scan URL

URL: https://www.agoscorporate.it/privacy.aspx
Title: Privacy-GDPR

Search URL Search Domain Scan URL

URL: https://www.agoscorporate.it/sicurezza/
Title: Sicurezza

Search URL Search Domain Scan URL

URL: https://areaclienti.agosweb.it/area-clienti/#/pubblica/cookie
Title: Cookie policy

Search URL Search Domain Scan URL

URL: http://doc.agosducato.it/documenti/Info_Privacy_Unificata.pdf
Title: trattamento dei miei dati personali

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request login.html Show response login.parintinsparasurdover.online/	768 KB 768 KB	5314ms 136ms	Document text/html	148.72.144.180 AS-30083-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://login.parintinsparasurdover.online/login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.144.180 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US), Reverse DNS york.intelsrv.net Software Apache / Resource Hash `aac3d03363b5d44a6e5a6c4712243839c131c3f91903deb8a49e69f5d5074c55` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers Date Tue, 15 Mar 2022 16:54:32 GMT Server Apache Last-Modified Tue, 22 Feb 2022 17:05:04 GMT Accept-Ranges bytes Content-Length 786614 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `cac962e2528b5b1d2d0d1356c93c6f00983f2a4279ccdc0ccd866e8bba9fabf1` Request headers Accept-Language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	23 KB 23 KB		Font font/woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e` Request headers Referer Origin https://login.parintinsparasurdover.online Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type font/woff
GET DATA	200 OK	truncated /	15 KB 15 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5` Request headers Referer Origin https://login.parintinsparasurdover.online Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7e6207a3283baac127cf49ee0810a4c10ae7bad31e4fd0feff1ebeca5c801327` Request headers Accept-Language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	16 KB 16 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1f1ab7f1b22c02d93e5bd37b04e7e848afd14337697f652c1454d14e801676f2` Request headers Referer Origin https://login.parintinsparasurdover.online Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated /	37 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `46ae526afdb75c93347bb522b905a7a0ca481a9d813ee9d2550e8cfc32c69cc5` Request headers Accept-Language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/gif
GET H/1.1	500 Internal Server Error	saved_resource.html Show response login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/ Frame 5195	688 B 864 B	135ms 135ms	Document text/html	148.72.144.180 AS-30083-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource.html Requested by Host: login.parintinsparasurdover.online URL: https://login.parintinsparasurdover.online/login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.144.180 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US), Reverse DNS york.intelsrv.net Software Apache / Resource Hash `5cf3cf18c5f9b0b38aa22c8682d16201debc0d0ea3c92545a0712ba584aa44af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Referer https://login.parintinsparasurdover.online/login.html Response headers Date Tue, 15 Mar 2022 16:54:32 GMT Server Apache Content-Length 688 Connection close Content-Type text/html; charset=iso-8859-1
GET H/1.1	500 Internal Server Error	saved_resource(1).html Show response login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/ Frame AF50	688 B 864 B	135ms 135ms	Document text/html	148.72.144.180 AS-30083-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource(1).html Requested by Host: login.parintinsparasurdover.online URL: https://login.parintinsparasurdover.online/login.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 148.72.144.180 St Louis, United States, ASN30083 (AS-30083-GO-DADDY-COM-LLC, US), Reverse DNS york.intelsrv.net Software Apache / Resource Hash `5cf3cf18c5f9b0b38aa22c8682d16201debc0d0ea3c92545a0712ba584aa44af` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Referer https://login.parintinsparasurdover.online/login.html Response headers Date Tue, 15 Mar 2022 16:54:32 GMT Server Apache Content-Length 688 Connection close Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Agos Ducato (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource.html Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)
network	error	URL: https://login.parintinsparasurdover.online/Portale%20Clienti%20Agos_files/saved_resource(1).html Message: Failed to load resource: the server responded with a status of 500 (Internal Server Error)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

login.parintinsparasurdover.online
148.72.144.180
1f1ab7f1b22c02d93e5bd37b04e7e848afd14337697f652c1454d14e801676f2
46ae526afdb75c93347bb522b905a7a0ca481a9d813ee9d2550e8cfc32c69cc5
5cf3cf18c5f9b0b38aa22c8682d16201debc0d0ea3c92545a0712ba584aa44af
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
7e6207a3283baac127cf49ee0810a4c10ae7bad31e4fd0feff1ebeca5c801327
aac3d03363b5d44a6e5a6c4712243839c131c3f91903deb8a49e69f5d5074c55
cac962e2528b5b1d2d0d1356c93c6f00983f2a4279ccdc0ccd866e8bba9fabf1
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

login.parintinsparasurdover.online Open in urlscan Pro 148.72.144.180 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

824 kBTransfer

869 kBSize

0 Cookies

7 Outgoing links

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

login.parintinsparasurdover.online Open in urlscan Pro
148.72.144.180 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

824 kB
Transfer

869 kB
Size

0
Cookies

3 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!