www.leonardoprojectsrl.it
Open in
urlscan Pro
62.149.144.108
Malicious Activity!
Public Scan
Effective URL: https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Submission Tags: 7569097
Submission: On June 28 via api from DE — Scanned from IT
Summary
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on February 26th 2022. Valid for: a year.
This is the only time www.leonardoprojectsrl.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aruba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 62.149.144.108 62.149.144.108 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
3 | 2a00:1450:400... 2a00:1450:4001:828::2003 | 15169 (GOOGLE) (GOOGLE) | |
16 | 2 |
ASN31034 (ARUBA-ASN, IT)
PTR: webx586.aruba.it
www.leonardoprojectsrl.it |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
leonardoprojectsrl.it
1 redirects
www.leonardoprojectsrl.it |
318 KB |
3 |
gstatic.com
fonts.gstatic.com |
69 KB |
16 | 2 |
Domain | Requested by | |
---|---|---|
14 | www.leonardoprojectsrl.it |
1 redirects
www.leonardoprojectsrl.it
|
3 | fonts.gstatic.com |
www.leonardoprojectsrl.it
|
16 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.leonardoprojectsrl.it Actalis Domain Validation Server CA G3 |
2022-02-26 - 2023-03-29 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-06-06 - 2022-08-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php
Frame ID: 04282E2AFDA8F8737CF9DFDD9FD8CC2A
Requests: 16 HTTP requests in this frame
Screenshot
Page Title
Aruba - Dati ClientePage URL History Show full URLs
-
https://www.leonardoprojectsrl.it/app/it/App/icc.php
HTTP 302
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- <(?:div|html)[^>]+ng-app=
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.leonardoprojectsrl.it/app/it/App/icc.php
HTTP 302
https://www.leonardoprojectsrl.it/app/it/App/loadingtootp.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
loadingtootp.php
www.leonardoprojectsrl.it/app/it/App/ Redirect Chain
|
8 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css.css
www.leonardoprojectsrl.it/app/it/App/ndart/ |
2 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_002.css
www.leonardoprojectsrl.it/app/it/App/ndart/ |
191 KB 192 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
LoadArt.gif
www.leonardoprojectsrl.it/app/it/App/ndart/ |
39 KB 40 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-group.png
www.leonardoprojectsrl.it/app/it/App/ndart/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0_003.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ |
7 KB 7 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0_002.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ |
18 KB 18 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.txt
www.leonardoprojectsrl.it/app/it/App/ndart/ |
11 KB 11 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
separator.png
www.leonardoprojectsrl.it/Content/Images/ |
7 KB 7 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-aruba-standard.png
www.leonardoprojectsrl.it/Content/Images/ |
16 KB 16 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
maincontent-bg.png
www.leonardoprojectsrl.it/Content/images/ |
13 KB 13 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v14/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyphicons-halflings-regular.woff
www.leonardoprojectsrl.it/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v14/ |
22 KB 22 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh7USSwiPGQ.woff2
fonts.gstatic.com/s/lato/v14/ |
23 KB 23 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
glyphicons-halflings-regular.ttf
www.leonardoprojectsrl.it/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aruba (Online)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation string| dispatch1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.leonardoprojectsrl.it/ | Name: PHPSESSID Value: 34789d9b1ca219fa0b49da8cb6496038 |
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
fonts.gstatic.com
www.leonardoprojectsrl.it
2a00:1450:4001:828::2003
62.149.144.108
16503fec005b242d5b7cf80d5c8ff55b5df3c0f4c03aebed6f74d36734b3fd35
1670565574aab8aa0a287a4cd8f49cf0d8b0959ebe344f90ca8af696ede9c23b
248e9cde92ebcc6a23a162784324e223736136514e580b06087deb58afa70696
4d8e904c55baa9b45141aa3867ad463054d18a3143a1c913f0ad65358589da41
4eef0c239138e1f6208cfbbbcc24ba87d21572f743dd7328c92af80765196dd6
78ab4cfcda46745b2e060b4eb8a85747fda7d34356317d41dfabe9b2af27b151
9e42e92231a8198158ff0296ba69f0495069daaad816faed54cd356247ca451b
c347d47c9553d7e10d70812bee403ccd15eac9ba5fe36c499ec18e7373a37810
ce00e4cf93a7423fedb3d07862cff701c0ce1acd51b4df8448cabaee89397e59
e795e80e0ac262d3f96441f5cd88deff3d207b0d56ed2b08e603bda1abd76415
ead13ccfbdea5462c3af37aa6ae04e64ed65a31c33f76e46da5e86ec85c52064
f254afeb185cf5b7d55c7a3ca41fe9e0620a63f31eb86c17ccafc85cc4a1e4d4
f39968a4cc47cb87c4a90fdc6a3f1fea55b21ae09b8342b6953743941d8c8b8c