www.boschieriduplicazioni.it
Open in
urlscan Pro
89.46.109.11
Malicious Activity!
Public Scan
Effective URL: https://www.boschieriduplicazioni.it/REYO/intreduction.php
Submission: On February 06 via api from US — Scanned from IT
Summary
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on February 4th 2024. Valid for: a year.
This is the only time www.boschieriduplicazioni.it was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aruba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3035::ac43:87f6 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 89.46.109.11 89.46.109.11 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
6 | 62.149.186.150 62.149.186.150 | 31034 (ARUBA-ASN) (ARUBA-ASN) | |
7 | 2 |
ASN31034 (ARUBA-ASN, IT)
PTR: webx1340.aruba.it
www.boschieriduplicazioni.it |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
aruba.it
pagamenti.aruba.it |
30 KB |
1 |
boschieriduplicazioni.it
www.boschieriduplicazioni.it |
3 KB |
1 |
dikitin.link
1 redirects
dikitin.link |
1 KB |
7 | 3 |
Domain | Requested by | |
---|---|---|
6 | pagamenti.aruba.it |
www.boschieriduplicazioni.it
|
1 | www.boschieriduplicazioni.it | |
1 | dikitin.link | 1 redirects |
7 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
pagamenti.aruba.it |
www.aruba.it |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.boschieriduplicazioni.it Actalis Domain Validation Server CA G3 |
2024-02-04 - 2025-02-04 |
a year | crt.sh |
pagamenti.aruba.it Actalis Organization Validated Server CA G3 |
2023-12-13 - 2024-12-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.boschieriduplicazioni.it/REYO/intreduction.php
Frame ID: 97FA7281C761EC43D9A8F62D5062DE6E
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://dikitin.link/iraan
HTTP 301
https://www.boschieriduplicazioni.it/REYO/intreduction.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Ordini da pagare
Search URL Search Domain Scan URL
Title: Metodi di pagamento
Search URL Search Domain Scan URL
Title: Cookie policy
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://dikitin.link/iraan
HTTP 301
https://www.boschieriduplicazioni.it/REYO/intreduction.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
intreduction.php
www.boschieriduplicazioni.it/REYO/ Redirect Chain
|
18 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Aruba-logo-web.png
pagamenti.aruba.it/images/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icona-lingua.svg
pagamenti.aruba.it/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icona-small-arrow-bottom.svg
pagamenti.aruba.it/images/ |
462 B 944 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icona-assistenza.svg
pagamenti.aruba.it/images/ |
949 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icona-utente.svg
pagamenti.aruba.it/images/ |
811 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
card.svg
pagamenti.aruba.it/images/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aruba (Online)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
dikitin.link/ | Name: XSRF-TOKEN Value: eyJpdiI6InlweDlOZ1ZzZXE0S29pRzZLa1YweWc9PSIsInZhbHVlIjoiQ2FEcUFKUERCZjM3WFpRUmhTckpZcmlYdGRWY0lrTGxxd0Y1elZ4MDJYSUNHYk5CdkV2Rk84Qm1NWDg4ZXRtRnZGOTRBc2xBVlBrekhrNWFwRkJDTG5ZWU9MZ0RCbWxmWW0yT3I4ZnZoTytJMXY1QlNlSDVoc1FkR3hqdExTXC82IiwibWFjIjoiNGM1ZmU2YmU2NmQ5NGQ3YThjZDE2NWIwN2IzZDFlMDMzYTRlNDA5YjkyNmIxODZkMTk4MzRiMWI0ZDdlZWRjOSJ9 |
|
dikitin.link/ | Name: phpshort_session Value: eyJpdiI6IjNLaDd1V2ROSGdFbjVBXC9lUG1WY29nPT0iLCJ2YWx1ZSI6Im5nZ3Q2RkxiUEtLT2tNVnptR053M2dmMFJLa0xFTUhGUDFNRFU5Vnh3V0VDRVVtMkFSQkZ4dFIxRVFETjVSTTJwU3NKQm1HXC9aM25EY1ZkRWlnT1UzV2hXZnBCa0Y4djVCUnN6OWlxckE0MktiQzRINVNFc3lWTHQ1dzU4bkdsTyIsIm1hYyI6ImExMjI5NzA5MjRmMzlmOTdmNDk4N2M2ODU2ODM4NDI0MDU0M2Y3ZGU2OGRlOTIxMjljMTFmMmNhYzE4NDk1N2EifQ%3D%3D |
|
dikitin.link/ | Name: dark_mode Value: 0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
dikitin.link
pagamenti.aruba.it
www.boschieriduplicazioni.it
2606:4700:3035::ac43:87f6
62.149.186.150
89.46.109.11
018848616324e83ebd62bc66a1981a96d9e0f6bdeae25cf3106412d056db26a2
8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694
c509f688d2578a416b988e0b9f4669a3214dad83ef84076b0cda370f042f04e2
d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc
d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1
d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e
dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657