www.leonardoprojectsrl.it Open in urlscan Pro
62.149.144.108 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.leonardoprojectsrl.it/app/it/App/icc.php
Effective URL:
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Submission Tags: 7569097
Submission: On June 28 via api (June 28th 2022, 9:52:11 am UTC) from DE — Scanned from IT

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 16 HTTP transactions. The main IP is 62.149.144.108, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.leonardoprojectsrl.it.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on February 26th 2022. Valid for: a year.

This is the only time www.leonardoprojectsrl.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 14	62.149.144.108 62.149.144.108	31034 (ARUBA-ASN) (ARUBA-ASN)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
16	2

14 62.149.144.108 (Arezzo, Italy) 1 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: webx586.aruba.it

www.leonardoprojectsrl.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	leonardoprojectsrl.it 1 redirects www.leonardoprojectsrl.it	318 KB
3	gstatic.com fonts.gstatic.com	69 KB
16	2

	Domain	Requested by
14	www.leonardoprojectsrl.it	1 redirects www.leonardoprojectsrl.it
3	fonts.gstatic.com	www.leonardoprojectsrl.it
16	2

This site contains no links.

Subject Issuer	Validity	Valid
*.leonardoprojectsrl.it Actalis Domain Validation Server CA G3	`2022-02-26` - `2023-03-29`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Frame ID: 04282E2AFDA8F8737CF9DFDD9FD8CC2A
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aruba - Dati Cliente

Page URL History Show full URLs

https://www.leonardoprojectsrl.it/app/it/App/icc.php HTTP 302
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<(?:div|html)[^>]+ng-app=

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

387 kB
Transfer

384 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.leonardoprojectsrl.it/app/it/App/icc.php HTTP 302
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request loadingtootp.php Show response
www.leonardoprojectsrl.it/app/it/App/
Redirect Chain

https://www.leonardoprojectsrl.it/app/it/App/icc.php
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php

8 KB
8 KB

207ms
206ms

Document
text/html

62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: 4eef0c239138e1f6208cfbbbcc24ba87d21572f743dd7328c92af80765196dd6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 28 Jun 2022 09:52:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
x-aruba-cache: NA

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Tue, 28 Jun 2022 09:52:03 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./loadingtootp.php
pragma: no-cache
server: Apache
x-aruba-cache: NA

GET
H2 200 css.css
www.leonardoprojectsrl.it/app/it/App/ndart/ 2 KB
2 KB 35ms
34ms Stylesheet
text/css 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css.css
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: f254afeb185cf5b7d55c7a3ca41fe9e0620a63f31eb86c17ccafc85cc4a1e4d4

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
last-modified: Sat, 18 Jun 2022 12:28:39 GMT
server: Apache
etag: "8d8-5e1b802bef76e"
x-aruba-cache: NA
content-type: text/css
accept-ranges: bytes
content-length: 2264

GET
H2 200 css_002.css
www.leonardoprojectsrl.it/app/it/App/ndart/ 191 KB
192 KB 34ms
34ms Stylesheet
text/css 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: 78ab4cfcda46745b2e060b4eb8a85747fda7d34356317d41dfabe9b2af27b151

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
last-modified: Sat, 18 Jun 2022 12:28:39 GMT
server: Apache
etag: "2fb7e-5e1b802bf130f"
x-aruba-cache: NA
content-type: text/css
accept-ranges: bytes
content-length: 195454

GET
H2 200 LoadArt.gif
www.leonardoprojectsrl.it/app/it/App/ndart/ 39 KB
40 KB 117ms
117ms Image
image/gif 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/LoadArt.gif
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: 16503fec005b242d5b7cf80d5c8ff55b5df3c0f4c03aebed6f74d36734b3fd35

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
last-modified: Sat, 18 Jun 2022 12:28:39 GMT
server: Apache
etag: "9d13-5e1b802bf2e22"
x-aruba-cache: NA
content-type: image/gif
accept-ranges: bytes
content-length: 40211

GET
H2 200 logo-group.png
www.leonardoprojectsrl.it/app/it/App/ndart/ 2 KB
2 KB 34ms
34ms Image
image/png 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/logo-group.png
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: 248e9cde92ebcc6a23a162784324e223736136514e580b06087deb58afa70696

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
last-modified: Sat, 18 Jun 2022 12:28:39 GMT
server: Apache
etag: "84d-5e1b802bf1e83"
x-aruba-cache: NA
content-type: image/png
accept-ranges: bytes
content-length: 2125

GET
H2 404 0_003.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ 7 KB
7 KB 2295ms
2295ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0_003.txt
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: ce00e4cf93a7423fedb3d07862cff701c0ce1acd51b4df8448cabaee89397e59

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 404 0_002.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ 18 KB
18 KB 2660ms
2659ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0_002.txt
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: e795e80e0ac262d3f96441f5cd88deff3d207b0d56ed2b08e603bda1abd76415

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 404 0.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ 11 KB
11 KB 1617ms
1617ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0.txt
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: c347d47c9553d7e10d70812bee403ccd15eac9ba5fe36c499ec18e7373a37810

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 404 separator.png
www.leonardoprojectsrl.it/Content/Images/ 7 KB
7 KB 2179ms
2178ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/Content/Images/separator.png
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: ce00e4cf93a7423fedb3d07862cff701c0ce1acd51b4df8448cabaee89397e59

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 404 logo-aruba-standard.png
www.leonardoprojectsrl.it/Content/Images/ 16 KB
16 KB 2252ms
2251ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/Content/Images/logo-aruba-standard.png
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: 4d8e904c55baa9b45141aa3867ad463054d18a3143a1c913f0ad65358589da41

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 404 maincontent-bg.png
www.leonardoprojectsrl.it/Content/images/ 13 KB
13 KB 2528ms
2527ms Image
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.leonardoprojectsrl.it/Content/images/maincontent-bg.png
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash: f39968a4cc47cb87c4a90fdc6a3f1fea55b21ae09b8342b6953743941d8c8b8c

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v14/ 23 KB
23 KB 105ms
32ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1670565574aab8aa0a287a4cd8f49cf0d8b0959ebe344f90ca8af696ede9c23b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.leonardoprojectsrl.it/
Origin: https://www.leonardoprojectsrl.it
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Fri, 24 Jun 2022 01:45:13 GMT
x-content-type-options: nosniff
age: 374811
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23316
x-xss-protection: 0
last-modified: Wed, 11 Oct 2017 18:23:15 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 24 Jun 2023 01:45:13 GMT

GET
H2 404 glyphicons-halflings-regular.woff
www.leonardoprojectsrl.it/fonts/ 0
0 2655ms
2653ms Font
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leonardoprojectsrl.it/fonts/glyphicons-halflings-regular.woff
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash

Request headers

Referer: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Origin: https://www.leonardoprojectsrl.it
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:04 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v14/ 22 KB
22 KB 134ms
62ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ead13ccfbdea5462c3af37aa6ae04e64ed65a31c33f76e46da5e86ec85c52064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.leonardoprojectsrl.it/
Origin: https://www.leonardoprojectsrl.it
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 08:48:08 GMT
x-content-type-options: nosniff
age: 3836
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22820
x-xss-protection: 0
last-modified: Wed, 11 Oct 2017 18:24:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 08:48:08 GMT

GET
H2 200 S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v14/ 23 KB
23 KB 147ms
78ms Font
font/woff2 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v14/S6u9w4BMUTPHh7USSwiPGQ.woff2

Requested by

Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9e42e92231a8198158ff0296ba69f0495069daaad816faed54cd356247ca451b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.leonardoprojectsrl.it/
Origin: https://www.leonardoprojectsrl.it
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Mon, 27 Jun 2022 21:18:09 GMT
x-content-type-options: nosniff
age: 45235
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23208
x-xss-protection: 0
last-modified: Wed, 11 Oct 2017 18:24:02 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Tue, 27 Jun 2023 21:18:09 GMT

GET
H2 404 glyphicons-halflings-regular.ttf
www.leonardoprojectsrl.it/fonts/ 0
0 1740ms
1739ms Font
text/html 62.149.144.108
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://www.leonardoprojectsrl.it/fonts/glyphicons-halflings-regular.ttf
Requested by: Host: www.leonardoprojectsrl.it
URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 62.149.144.108 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: webx586.aruba.it
Software: Apache /
Resource Hash

Request headers

Referer: https://www.leonardoprojectsrl.it/app/it/App/ndart/css_002.css
Origin: https://www.leonardoprojectsrl.it
accept-language: it-IT,it;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 09:52:07 GMT
cache-control: no-cache, must-revalidate, max-age=0
expires: Wed, 11 Jan 1984 05:00:00 GMT
server: Apache
link: <https://www.leonardoprojectsrl.it/wp-json/>; rel="https://api.w.org/"
x-aruba-cache: NA
content-type: text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.leonardoprojectsrl.it/	1969-12-31 23:59:59	Name: PHPSESSID Value: 34789d9b1ca219fa0b49da8cb6496038

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0.txt Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/Content/Images/separator.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/Content/Images/logo-aruba-standard.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0_003.txt Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/Content/images/maincontent-bg.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/app/it/App/ndart/0_002.txt Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/fonts/glyphicons-halflings-regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.leonardoprojectsrl.it/fonts/glyphicons-halflings-regular.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.gstatic.com
www.leonardoprojectsrl.it
2a00:1450:4001:828::2003
62.149.144.108
16503fec005b242d5b7cf80d5c8ff55b5df3c0f4c03aebed6f74d36734b3fd35
1670565574aab8aa0a287a4cd8f49cf0d8b0959ebe344f90ca8af696ede9c23b
248e9cde92ebcc6a23a162784324e223736136514e580b06087deb58afa70696
4d8e904c55baa9b45141aa3867ad463054d18a3143a1c913f0ad65358589da41
4eef0c239138e1f6208cfbbbcc24ba87d21572f743dd7328c92af80765196dd6
78ab4cfcda46745b2e060b4eb8a85747fda7d34356317d41dfabe9b2af27b151
9e42e92231a8198158ff0296ba69f0495069daaad816faed54cd356247ca451b
c347d47c9553d7e10d70812bee403ccd15eac9ba5fe36c499ec18e7373a37810
ce00e4cf93a7423fedb3d07862cff701c0ce1acd51b4df8448cabaee89397e59
e795e80e0ac262d3f96441f5cd88deff3d207b0d56ed2b08e603bda1abd76415
ead13ccfbdea5462c3af37aa6ae04e64ed65a31c33f76e46da5e86ec85c52064
f254afeb185cf5b7d55c7a3ca41fe9e0620a63f31eb86c17ccafc85cc4a1e4d4
f39968a4cc47cb87c4a90fdc6a3f1fea55b21ae09b8342b6953743941d8c8b8c

www.leonardoprojectsrl.it Open in urlscan Pro 62.149.144.108 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

387 kBTransfer

384 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

1 Cookies

8 Console Messages

Indicators

www.leonardoprojectsrl.it Open in urlscan Pro
62.149.144.108 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

387 kB
Transfer

384 kB
Size

1
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!