www.annalisamancini.com Open in urlscan Pro
89.46.110.66 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.annalisamancini.com/reyosucces/intreduction.php
Submission: On April 29 via manual (April 29th 2024, 5:21:36 pm UTC) from IT — Scanned from IT

Summary HTTP 8 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 8 HTTP transactions. The main IP is 89.46.110.66, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.annalisamancini.com.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on April 12th 2024. Valid for: a year.

This is the only time www.annalisamancini.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	89.46.110.66 89.46.110.66	31034 (ARUBA-ASN) (ARUBA-ASN)
6	62.149.186.150 62.149.186.150	31034 (ARUBA-ASN) (ARUBA-ASN)
8	2

2 89.46.110.66 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1464.aruba.it

www.annalisamancini.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.149.186.150 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

pagamenti.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	aruba.it pagamenti.aruba.it	30 KB
2	annalisamancini.com www.annalisamancini.com	3 KB
8	2

	Domain	Requested by
6	pagamenti.aruba.it	www.annalisamancini.com
2	www.annalisamancini.com
8	2

This site contains links to these domains. Also see Links.

Domain
pagamenti.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
*.annalisamancini.com Actalis Domain Validation Server CA G3	`2024-04-12` - `2025-04-12`	a year	crt.sh
pagamenti.aruba.it Actalis Organization Validated Server CA G3	`2023-12-13` - `2024-12-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.annalisamancini.com/reyosucces/intreduction.php
Frame ID: BFB3D8D2A4A9938B5C2F8C16A4D5DD25
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

33 kB
Transfer

46 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pagamenti.aruba.it/home/default.aspx

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/ComunicaDatiPagamento/OrdiniDaPagare.aspx
Title: Ordini da pagare

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/ComunicaDatiPagamento/GestioneMetodiPagamento.aspx
Title: Metodi di pagamento

Search URL Search Domain Scan URL

URL: https://www.aruba.it/cookie-policy.aspx?lang=it-IT
Title: Cookie policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request intreduction.php Show response
www.annalisamancini.com/reyosucces/ 18 KB
3 KB 255ms
75ms Document
text/html 89.46.110.66
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.46.110.66 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

webx1464.aruba.it

Software

aruba-proxy /

Resource Hash

018848616324e83ebd62bc66a1981a96d9e0f6bdeae25cf3106412d056db26a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language: it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

content-encoding: gzip
content-type: text/html
date: Mon, 29 Apr 2024 17:21:31 GMT
server: aruba-proxy
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-aruba-cache: HIT
x-servername: ipvsproxy232.ad.aruba.it

GET
H/1.1 200
OK Aruba-logo-web.png
pagamenti.aruba.it/images/ 23 KB
23 KB 233ms
60ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/Aruba-logo-web.png

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:39:58 GMT
Server: Microsoft-IIS/10.0
ETag: "02bc4b9e184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 23052

GET
H/1.1 200
OK icona-lingua.svg
pagamenti.aruba.it/images/ 1 KB
2 KB 240ms
60ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-lingua.svg

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:39:58 GMT
Server: Microsoft-IIS/10.0
ETag: "02bc4b9e184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1117

GET
H/1.1 200
OK icona-small-arrow-bottom.svg
pagamenti.aruba.it/images/ 462 B
945 B 231ms
57ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-small-arrow-bottom.svg

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:39:58 GMT
Server: Microsoft-IIS/10.0
ETag: "02bc4b9e184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 462

GET
H/1.1 200
OK icona-assistenza.svg
pagamenti.aruba.it/images/ 949 B
1 KB 208ms
52ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-assistenza.svg

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:40:00 GMT
Server: Microsoft-IIS/10.0
ETag: "058f5bae184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 949

GET
H/1.1 200
OK icona-utente.svg
pagamenti.aruba.it/images/ 811 B
1 KB 242ms
62ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-utente.svg

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:40:00 GMT
Server: Microsoft-IIS/10.0
ETag: "058f5bae184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 811

GET
H/1.1 200
OK card.svg
pagamenti.aruba.it/images/ 1 KB
2 KB 237ms
64ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/card.svg

Requested by

Host: www.annalisamancini.com
URL: https://www.annalisamancini.com/reyosucces/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

c509f688d2578a416b988e0b9f4669a3214dad83ef84076b0cda370f042f04e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Mon, 29 Apr 2024 17:21:31 GMT
Last-Modified: Tue, 02 Apr 2024 09:39:58 GMT
Server: Microsoft-IIS/10.0
ETag: "02bc4b9e184da1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1450

GET
H2 404 favicon.ico
www.annalisamancini.com/ 196 B
332 B 67ms
67ms Other
text/html 89.46.110.66
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://www.annalisamancini.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

89.46.110.66 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

webx1464.aruba.it

Software

aruba-proxy /

Resource Hash

80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://www.annalisamancini.com/reyosucces/intreduction.php
Accept-Language: it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 17:21:31 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: aruba-proxy
vary: Accept-Encoding
content-type: text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.annalisamancini.com/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pagamenti.aruba.it
www.annalisamancini.com
62.149.186.150
89.46.110.66
018848616324e83ebd62bc66a1981a96d9e0f6bdeae25cf3106412d056db26a2
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694
c509f688d2578a416b988e0b9f4669a3214dad83ef84076b0cda370f042f04e2
d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc
d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1
d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e
dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657

www.annalisamancini.com Open in urlscan Pro 89.46.110.66 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

33 kBTransfer

46 kBSize

0 Cookies

4 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

1 Console Messages

Security Headers

Indicators

www.annalisamancini.com Open in urlscan Pro
89.46.110.66 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

33 kB
Transfer

46 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!