urlscan.io logo urlscan.io
SecurityTrails logo

www.ionos.it.14c702c3pagamento.prolocosantenea.it Open in urlscan Pro
80.211.255.232  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://www.ionos.it.14c702c3pagamento.prolocosantenea.it/it/?facture=14c702c3&auth=ebc70f9c700272d70de0a896c639aeb7&facture=14c702c3&auth=ebc70f9c700272d...
Submission: On February 14 via automatic, source phishtank
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 80.211.255.232, located in Warsaw, Poland and belongs to ARUBA, PL. The main domain is www.ionos.it.14c702c3pagamento.prolocosantenea.it.
This is the only time www.ionos.it.14c702c3pagamento.prolocosantenea.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: 1&1 Ionos (Telecommunication)

Domain & IP information

IP Address AS Autonomous System
1 80.211.255.232 205727 (ARUBA)
2 3 163.43.80.51 9370 (SAKURA-B ...)
2 3
Domain Requested by
3 agri-nagaoka.com 2 redirects text
1 www.ionos.it.14c702c3pagamento.prolocosantenea.it
2 2

This site contains no links.

Subject Issuer Validity Valid
agri-nagaoka.com
Let's Encrypt Authority X3		 2020-01-04 -
2020-04-03		 3 months crt.sh

This page contains 3 frames:

Primary Page: http://www.ionos.it.14c702c3pagamento.prolocosantenea.it/it/?facture=14c702c3&auth=ebc70f9c700272d70de0a896c639aeb7&facture=14c702c3&auth=ebc70f9c700272d70de0a896c639aeb7&ref=14c702c3&id=ebc70f9c700272d70de0a896c639aeb7
Frame ID: 26FC500D8111ED1FC8B2F880A7BB2855
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3BD69224E4B34651D91995195B07203E
Requests: 1 HTTP requests in this frame

Frame: https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/
Frame ID: C4E967C3A17264F43472E7C70959762C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

4 kB
Transfer

4 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://agri-nagaoka.com/1it/ HTTP 302
  • https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6 HTTP 301
  • https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.ionos.it.14c702c3pagamento.prolocosantenea.it/it/ 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.ionos.it.14c702c3pagamento.prolocosantenea.it/it/?facture=14c702c3&auth=ebc70f9c700272d70de0a896c639aeb7&facture=14c702c3&auth=ebc70f9c700272d70de0a896c639aeb7&ref=14c702c3&id=ebc70f9c700272d70de0a896c639aeb7
Protocol
HTTP/1.1
Server
80.211.255.232 Warsaw, Poland, ASN205727 (ARUBA, PL),
Reverse DNS
host232-255-211-80.static.arubacloud.pl
Software
Microsoft-IIS/8.5 /
Resource Hash
39a28e0133ee0be5602c6d95d2cbb13971e07ab34b2319cdf6fa71c76487067a

Request headers

Host
www.ionos.it.14c702c3pagamento.prolocosantenea.it
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/html
Last-Modified
Fri, 07 Feb 2020 15:16:22 GMT
Accept-Ranges
bytes
ETag
"4d5fa28ec9ddd51:0"
Server
Microsoft-IIS/8.5
Date
Fri, 14 Feb 2020 03:52:43 GMT
Content-Length
2764
truncated
/ Frame 3BD6 		1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c6b1ebce61d95cf27cf4860ba5727d7c900e095ec77a9640d1bd678b5f75e3d6

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
text/html
/
agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/ Frame C4E9
Redirect Chain
  • https://agri-nagaoka.com/1it/
  • https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6
  • https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/
Requested by
Host: text
URL: data:text/html;base64,PGh0bWw+DQo8bWV0YSBjaGFyc2V0PSJ1dGYtOCI+DQo8bGluayByZWw9InNob3J0Y3V0IGljb24iIGhyZWY9Imh0dHA6Ly93d3cuaWNvbmouY29tL2ljby9wL2QvcGRzbnJ5dGN2ai5pY28iIHR5cGU9ImltYWdlL3gtaWNvbiIgLz4NCjx0aXRsZT5odHRwczovL2lvbm9zLml0PC90aXRsZT4NCjxzY3JpcHQ+DQoNCglkb2N1bWVudC5vbmtleWRvd24gPSBmdW5jdGlvbihlKSB7DQoJICBpZihldmVudC5rZXlDb2RlID09IDEyMykgew0KCSAgICAgcmV0dXJuIGZhbHNlOw0KCSAgfQ0KCSAgaWYoZS5jdHJsS2V5ICYmIGUuc2hpZnRLZXkgJiYgZS5rZXlDb2RlID09ICdJJy5jaGFyQ29kZUF0KDApKSB7DQoJICAgICByZXR1cm4gZmFsc2U7DQoJICB9DQoJICBpZihlLmN0cmxLZXkgJiYgZS5zaGlmdEtleSAmJiBlLmtleUNvZGUgPT0gJ0onLmNoYXJDb2RlQXQoMCkpIHsNCgkgICAgIHJldHVybiBmYWxzZTsNCgkgIH0NCgkgIGlmKGUuY3RybEtleSAmJiBlLmtleUNvZGUgPT0gJ1UnLmNoYXJDb2RlQXQoMCkpIHsNCgkgICAgIHJldHVybiBmYWxzZTsNCgkgIH0NCgl9DQoNCg0KCQ0KCWRvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ2NvbnRleHRtZW51JywgZnVuY3Rpb24oZSkgew0KCSAgZS5wcmV2ZW50RGVmYXVsdCgpOw0KCX0pOw0KDQo8L3NjcmlwdD4NCiAgICA8aGVhZD4NCiAgICAgICAgPHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCiAgICAgICAgICAgIGJvZHkNCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBtYXJnaW46ICAgMDsNCiAgICAgICAgICAgICAgICBvdmVyZmxvdzogaGlkZGVuOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgI2lmcmFtZTENCiAgICAgICAgICAgIHsNCiAgICAgICAgICAgICAgICBoZWlnaHQ6ICAgMTAwJTsNCiAgICAgICAgICAgICAgICBsZWZ0OiAgICAgMHB4Ow0KICAgICAgICAgICAgICAgIHBvc2l0aW9uOiBhYnNvbHV0ZTsNCiAgICAgICAgICAgICAgICB0b3A6ICAgICAgMHB4Ow0KICAgICAgICAgICAgICAgIHdpZHRoOiAgICAxMDAlOw0KICAgICAgICAgICAgfQ0KICAgICAgICA8L3N0eWxlPg0KICAgIDwvaGVhZD4NCiAgICA8Ym9keT4NCiAgICAgICAgPGlmcmFtZSBpZD0iaWZyYW1lMSIgc3JjPSJodHRwczovL2FncmktbmFnYW9rYS5jb20vMWl0LyIgZnJhbWVib3JkZXI9IjAiPjwvaWZyYW1lPg0KICAgIDwvYm9keT4NCjwvaHRtbD4=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
163.43.80.51 Osaka, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS
www3741.sakura.ne.jp
Software
nginx /
Resource Hash

Request headers

:method
GET
:authority
agri-nagaoka.com
:scheme
https
:path
/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
iframe
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe

Response headers

status
200
server
nginx
date
Fri, 14 Feb 2020 03:52:46 GMT
content-type
text/html; charset=UTF-8

Redirect headers

status
301
server
nginx
date
Fri, 14 Feb 2020 03:52:45 GMT
content-type
text/html; charset=iso-8859-1
content-length
270
location
https://agri-nagaoka.com/1it/08f1c55a2ce09e6fab7632bb6ca9d3a6/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: 1&1 Ionos (Telecommunication)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

agri-nagaoka.com
www.ionos.it.14c702c3pagamento.prolocosantenea.it
163.43.80.51
80.211.255.232
39a28e0133ee0be5602c6d95d2cbb13971e07ab34b2319cdf6fa71c76487067a
c6b1ebce61d95cf27cf4860ba5727d7c900e095ec77a9640d1bd678b5f75e3d6