www.whtigers.it Open in urlscan Pro
89.46.105.87 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://seginioritaferrrarideluxclinica.clinicauruguai.com/
Effective URL:
http://www.whtigers.it/lucanit/rebyata/denuyjcht.php
Submission: On March 03 via manual (March 3rd 2023, 8:48:33 am UTC) from IT — Scanned from IT

Summary HTTP 3 Redirects Links 93 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 89.46.105.87, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.whtigers.it.

This is the only time www.whtigers.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	81.88.48.97 81.88.48.97	39729 (REGISTER-AS) (REGISTER-AS)
1	89.46.105.87 89.46.105.87	31034 (ARUBA-ASN) (ARUBA-ASN)
1	54.216.93.7 54.216.93.7	16509 (AMAZON-02) (AMAZON-02)
3	4

1 81.88.48.97 (Italy)

ASN39729 (REGISTER-AS, IT)

seginioritaferrrarideluxclinica.clinicauruguai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 89.46.105.87 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1118.aruba.it

www.whtigers.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.216.93.7 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-93-7.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 3338	11 KB
1	whtigers.it www.whtigers.it	270 KB
1	clinicauruguai.com seginioritaferrrarideluxclinica.clinicauruguai.com	340 B
3	3

	Domain	Requested by
1	w.usabilla.com	srcdoc
1	www.whtigers.it	seginioritaferrrarideluxclinica.clinicauruguai.com
1	seginioritaferrrarideluxclinica.clinicauruguai.com
3	3

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.aruba.it
hosting.aruba.it
www.crazyegg.com
www.eyeota.com
policies.google.com
tvty.tv
www.linkedin.com
www.appnexus.com
www.media.net
www.facebook.com
www.adobe.com
www.we-are-adot.com
www.amazon.com
www.bidswitch.com
www.oracle.com
www.casalemedia.com
www.dataxu.com
www.ispot.tv
liveramp.com
www.mediarithmics.com
privacy.microsoft.com
www.home.neustar
www.openx.com
www.salesforce.com
www.sitescout.com
www.sizmek.com
www.spotx.tv
www.tapad.com
tidaltv.com
weborama.com
zetaglobal.com
webstorage.cloud.it
guide.convenzionepel.aruba.it
www.vinciunaducati.com
assistenzaclienti.aruba.it
supporto.aruba.it
supportb2b.aruba.it
www.arubaracing.com
www.arubaracing.it
account.aruba.it
affiliazione.aruba.it
admin.aruba.it
adsl.aruba.it
assistenza.aruba.it
aruba.it
arubacloud.com
arubacloud.es
arubacloud.fr
blog.aruba.it
cart.aruba.it
cart.arubacloud.com
cart.cloud.it
cloud.it
customerarea.aruba.it
datacenter.it
enterprise.aruba.it
fatture.aruba.it
fibra.aruba.it
fotoalbum.aruba.it
gestioneaccessi.aruba.it
guide.aruba.it
guide.hosting.aruba.it
guide.serverdedicati.aruba.it
kb.arubacloud.com
kb.arubacloud.es
kb.arubacloud.fr
kb.cloud.it
login.aruba.it
managehosting.aruba.it
microsoft365.aruba.it
mssql.aruba.it
mysql.aruba.it
pagamenti.aruba.it
serverdedicati.aruba.it
signup.aruba.it
supersite.aruba.it
webmailfreebeta.aruba.it
webmailfree.aruba.it
webmail.aruba.it
webmailbeta.aruba.it
xandmail.com
gestionemail.pec.it
webmail.pec.it

Subject Issuer	Validity	Valid
w.usabilla.com Amazon RSA 2048 M01	`2023-02-09` - `2024-02-09`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://www.whtigers.it/lucanit/rebyata/denuyjcht.php
Frame ID: 2EB2E300876165298CCCE631BB1C9072
Requests: 18 HTTP requests in this frame

Frame: https://w.usabilla.com/719697a0b3af.js?lv=1
Frame ID: 9858E5F1C0CA9BBAFBAB91C1C0AECF09
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: F9E6E2CFBF8FE5D2140919000E814D6E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pagamenti Aruba Powered by Cookiebot

Page URL History Show full URLs

http://seginioritaferrrarideluxclinica.clinicauruguai.com/ Page URL
http://www.whtigers.it/lucanit/rebyata/denuyjcht.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

304 kB
Transfer

1396 kB
Size

0
Cookies

93 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/
Title: Powered by Cookiebot

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ seginioritaferrrarideluxclinica.clinicauruguai.com/	113 B 340 B	117ms 21ms	Document text/html	81.88.48.97 REGISTER-AS
General Check archive.org Show headers Download Go to Full URL http://seginioritaferrrarideluxclinica.clinicauruguai.com/ Protocol HTTP/1.1 Server 81.88.48.97 , Italy, ASN39729 (REGISTER-AS, IT), Reverse DNS Software Apache / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Accept-Ranges bytes Connection close Content-Language pt Content-Length 113 Content-Type text/html Date Fri, 03 Mar 2023 08:48:27 GMT Last-Modified Fri, 03 Mar 2023 07:44:40 GMT Server Apache
GET H/1.1	200 OK	Primary Request denuyjcht.php Show response www.whtigers.it/lucanit/rebyata/	1 MB 270 KB	571ms 488ms	Document text/html	89.46.105.87 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL http://www.whtigers.it/lucanit/rebyata/denuyjcht.php Requested by Host: seginioritaferrrarideluxclinica.clinicauruguai.com URL: http://seginioritaferrrarideluxclinica.clinicauruguai.com/ Protocol HTTP/1.1 Server 89.46.105.87 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1118.aruba.it Software aruba-proxy / Resource Hash `787b46dde1e01ebc36b3100d5638ee2aa83329bdc090e6adaee460c44f38ccf6` Request headers Referer http://seginioritaferrrarideluxclinica.clinicauruguai.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Fri, 03 Mar 2023 08:48:28 GMT Server aruba-proxy Transfer-Encoding chunked Vary Accept-Encoding X-ServerName ipvsproxy59.ad.aruba.it
GET DATA	200 OK	truncated /	921 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `15c001519dc1296f39660e3857f63ee90b0196835ec033c7026435de0cb752ce` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	293 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `583d7246009e1632b8abb3356f92cf2a52f4548d11347950966751f98223221e` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	517 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5e67cd17b90275703e47b051d6dbdc25e6ee7accc2cbe31b4c63d39894d7590a` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	590 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3c602eb7ccd4ec28f132120ba8e687f4cea1352dff8be42757e16ea55c2e7289` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `84e976dbb25388b4032c156cd4bf9d9766b422c3bc6cc1db3a199bbc8fc0a1b2` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	234 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7ca555033bd461de508445898db7c321e8b52b37f6259a5ff76adeae28cb7b0d` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1002 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `36d9ce3b8c204e0d7644e5fbef7e88655ec2350798562eda0ca1f6e274a260d6` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	811 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	23 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	719697a0b3af.js Show response w.usabilla.com/ Frame 9858	36 KB 11 KB	181ms 49ms	Script text/javascript	54.216.93.7 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://w.usabilla.com/719697a0b3af.js?lv=1 Requested by Host: srcdoc URL: about:srcdoc Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.216.93.7 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-216-93-7.eu-west-1.compute.amazonaws.com Software / Resource Hash `8ff0d1316168879aefe3dc9c4744d978f3a20ab2f62376226daa8d60ef886fa8` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers pragma no-cache date Fri, 03 Mar 2023 08:48:28 GMT content-encoding gzip x-widget-server 2.1 etag "64bdbb5315c8bd6c4a3532c7122be499" content-type text/javascript cache-control public,max-age=0 content-length 11077
GET DATA	200 OK	truncated /	462 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	949 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	832 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ea77e158ef03a63cf878b55deac25e3e315af605ac14d62a4cda18df7e841686` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	833 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db791d8dc960a0992a825f76194812642980622bd3cfab6fbe267cfcc63eac26` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	23 KB 23 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49` Request headers Referer http://www.whtigers.it/ Origin http://www.whtigers.it accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame F9E6	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `52897547cfc7be3ea57d0a07398a6c8d5f01c9cb02309c7ab2ba9ab27ebd73a4` Request headers accept-language it-IT,it;q=0.9 Referer http://www.whtigers.it/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Content-Type image/png

www.whtigers.it Open in urlscan Pro 89.46.105.87 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

33 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

304 kBTransfer

1396 kBSize

0 Cookies

93 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.whtigers.it Open in urlscan Pro
89.46.105.87 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

33 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

304 kB
Transfer

1396 kB
Size

0
Cookies

3 HTTP transactions
17 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!