www.caione.it - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 89.46.105.24, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.caione.it.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on November 15th 2023. Valid for: a year.

This is the only time www.caione.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	89.46.105.24 89.46.105.24		31034 (ARUBA-ASN) (ARUBA-ASN)
5	1

5 89.46.105.24 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1055.aruba.it

www.caione.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	caione.it www.caione.it	159 KB
5	1

	Domain	Requested by
5	www.caione.it	www.caione.it
5	1

This site contains no links.

Subject Issuer	Validity	Valid
*.caione.it Actalis Domain Validation Server CA G3	`2023-11-15` - `2024-12-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0
Frame ID: ED3E5B3304975327756F3EC5F1C61F8F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

RBC Secure formRBC

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

159 kB
Transfer

470 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response www.caione.it/wp-lib/	67 KB 15 KB	422ms 326ms	Document text/html	89.46.105.24 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.46.105.24 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1055.aruba.it Software aruba-proxy / Resource Hash `36e3016e156646e02d269e5ab1e7dc48a2b9238868742d1d6d030029652235f2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers content-encoding gzip content-type text/html; charset=UTF-8 date Wed, 14 Feb 2024 17:25:17 GMT server aruba-proxy vary Accept-Encoding x-aruba-cache BYPASS x-servername ipvsproxy27.ad.aruba.it
GET H2	200	styles.css www.caione.it/wp-lib/R817218Y281/	326 KB 67 KB	47ms 47ms	Stylesheet text/css	89.46.105.24 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.caione.it/wp-lib/R817218Y281/styles.css Requested by Host: www.caione.it URL: https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.46.105.24 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1055.aruba.it Software aruba-proxy / Resource Hash `2b6c6365b4433c5dee0b264f0ffb8125f809af60046a77786cfb275be7516eae` Request headers accept-language it-IT,it;q=0.9 Referer https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers x-servername ipvsproxy27.ad.aruba.it date Wed, 14 Feb 2024 17:25:17 GMT content-encoding gzip last-modified Mon, 05 Dec 2022 01:57:42 GMT server aruba-proxy vary Accept-Encoding content-type text/css
GET H2	200	8424a042624210828b0fbe7a8c533b2a.woff2 www.caione.it/wp-lib/R817218Y281/	23 KB 24 KB	43ms 43ms	Font font/woff2	89.46.105.24 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.caione.it/wp-lib/R817218Y281/8424a042624210828b0fbe7a8c533b2a.woff2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.46.105.24 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1055.aruba.it Software aruba-proxy / Resource Hash `d1e87295d125e7f5f258383b2e35751dbec33675f7ac6ebcb7570ede83413ba6` Request headers Referer https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 Origin https://www.caione.it accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers x-servername ipvsproxy27.ad.aruba.it date Wed, 14 Feb 2024 17:25:17 GMT last-modified Sat, 01 Feb 2020 15:05:54 GMT server aruba-proxy accept-ranges bytes content-length 23992 content-type font/woff2
GET H2	200	fd1c0f449fc8540f82c47e1629cbd5dd.woff2 www.caione.it/wp-lib/R817218Y281/	23 KB 23 KB	44ms 43ms	Font font/woff2	89.46.105.24 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.caione.it/wp-lib/R817218Y281/fd1c0f449fc8540f82c47e1629cbd5dd.woff2 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.46.105.24 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1055.aruba.it Software aruba-proxy / Resource Hash `e1f8e67d54b287369f8fb000d14af4ea5ea2da8519ffae2e04f4be83d3af9141` Request headers Referer https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 Origin https://www.caione.it accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers x-servername ipvsproxy27.ad.aruba.it date Wed, 14 Feb 2024 17:25:17 GMT last-modified Sat, 01 Feb 2020 15:05:58 GMT server aruba-proxy accept-ranges bytes content-length 23716 content-type font/woff2
GET H2	200	8fd30bd010d9e2c7677ec339685f958b.woff www.caione.it/wp-lib/R817218Y281/	30 KB 30 KB	44ms 44ms	Font font/woff	89.46.105.24 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.caione.it/wp-lib/R817218Y281/8fd30bd010d9e2c7677ec339685f958b.woff Protocol H2 Security TLS 1.3, , AES_256_GCM Server 89.46.105.24 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1055.aruba.it Software aruba-proxy / Resource Hash `5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366` Request headers Referer https://www.caione.it/wp-lib/index.php?uwy=%24bwfyy2jhymluqgjlbgwubmv0 Origin https://www.caione.it accept-language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36 Response headers x-servername ipvsproxy27.ad.aruba.it date Wed, 14 Feb 2024 17:25:17 GMT last-modified Tue, 04 Feb 2020 10:50:42 GMT server aruba-proxy accept-ranges bytes content-length 30656 content-type font/woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.caione.it
89.46.105.24
2b6c6365b4433c5dee0b264f0ffb8125f809af60046a77786cfb275be7516eae
36e3016e156646e02d269e5ab1e7dc48a2b9238868742d1d6d030029652235f2
5f45b253b0621b40b352b1ec52c4b2066bca8e71c5ac54d922459fc8109d9366
d1e87295d125e7f5f258383b2e35751dbec33675f7ac6ebcb7570ede83413ba6
e1f8e67d54b287369f8fb000d14af4ea5ea2da8519ffae2e04f4be83d3af9141

www.caione.it Open in urlscan Pro 89.46.105.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

5 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

159 kBTransfer

470 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

www.caione.it Open in urlscan Pro
89.46.105.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

159 kB
Transfer

470 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!