www.didaweb.net Open in urlscan Pro
31.11.36.22 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.didaweb.net/risorse/admin/news/index.html
Submission: On August 30 via manual (August 30th 2023, 10:00:12 am UTC) from IT — Scanned from IT

Summary HTTP 2 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 31.11.36.22, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.didaweb.net.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on January 13th 2023. Valid for: a year.

This is the only time www.didaweb.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NatWest (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	31.11.36.22 31.11.36.22	31034 (ARUBA-ASN) (ARUBA-ASN)
1	69.16.175.42 69.16.175.42	20446 (STACKPATH...) (STACKPATH-CDN)
2	3

1 31.11.36.22 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: webx1496.aruba.it

www.didaweb.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 733	29 KB
1	didaweb.net www.didaweb.net	127 KB
2	2

	Domain	Requested by
1	code.jquery.com	www.didaweb.net
1	www.didaweb.net
2	2

This site contains no links.

Subject Issuer	Validity	Valid
*.didaweb.net Actalis Domain Validation Server CA G3	`2023-01-13` - `2024-02-13`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.didaweb.net/risorse/admin/news/index.html
Frame ID: CADC1D626DCC19FC59F76B11DAD7D82E
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login to NatWest Online Banking

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

156 kB
Transfer

373 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
17 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.html Show response www.didaweb.net/risorse/admin/news/	198 KB 127 KB	163ms 55ms	Document text/html	31.11.36.22 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.didaweb.net/risorse/admin/news/index.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 31.11.36.22 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webx1496.aruba.it Software aruba-proxy / Resource Hash `160da373d44846c0bb07f5ca7566d280c2998e45b48cd92e92d4057215faf0e7` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers content-encoding gzip content-type text/html date Wed, 30 Aug 2023 10:00:07 GMT last-modified Fri, 11 Aug 2023 09:53:04 GMT server aruba-proxy vary Accept-Encoding x-servername ipvsproxy249.ad.aruba.it
GET H2	200	jquery-2.2.4.min.js Show response code.jquery.com/	84 KB 29 KB	59ms 20ms	Script application/javascript	69.16.175.42 STACKPATH-CDN
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-2.2.4.min.js Requested by Host: www.didaweb.net URL: https://www.didaweb.net/risorse/admin/news/index.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US), Reverse DNS tlb.hwcdn.net Software nginx / Resource Hash `05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e` Request headers accept-language it-IT,it;q=0.9 Referer https://www.didaweb.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers date Wed, 30 Aug 2023 10:00:07 GMT content-encoding gzip last-modified Fri, 20 Aug 2021 17:47:53 GMT server nginx etag W/"611feac9-14e4a" vary Accept-Encoding x-hw 1693389607.dop001.ml1.t,1693389607.cds034.ml1.hn,1693389607.cds220.ml1.c content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control max-age=315360000, public accept-ranges bytes content-length 29811
GET DATA	200 OK	truncated /	6 KB 0		Stylesheet text/css
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `0bfd75bdb0b02580963ddb2ce2fafec55850b52837ca42619b754cd0054e6600` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type text/css
GET DATA	200 OK	truncated /	20 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `39439b339447989a92bb100f3baf0e8853a7810fec87c28acf1dbb1e594caf76` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	992 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1d90b893bafefc19de4ec421a9cfd762f370874b15a58cbf6b5fa92b6bf2df30` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	9 KB 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `03285bdf8ae7b6e9c5c2b5c177c54fa80f45c85282902d72ac13797ef70c0fce` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `39e04c9873784832d9d3675aae27369a440b8c5df621d7c142c39375ee0f4dcd` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e63f205e2b3dc276450b50b90f22aebad35aea51251bdb8355385936744da54b` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	4 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d0c46b7a5cd9ef78456024a9fc5266e81727c9e4d48701b1fee7c44f16b3744a` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `36aa0647ba26b54031cf8a6d6ad4504769c4e30ad49a43d1320c1833318252e4` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `299e049b090dd6904f96fbde6d56e1fb270eff4044ca4ceffe6bc1a7534443b5` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	911 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `95794078859c3c312fdcda67f70e14a8a24002eae9dd3c862b05f26d0527a6c4` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `070248a201dbfa8e4a8576c0e4966536bd7d0a032acb52e0a1c7554d0a758603` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	10 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `eec5f052a7b3380ef36946303eaf3967207424645715dae08120adedae2887f0` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	5 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `fc7b7728dfd3af5912ffb05292105231a79219e8acb487f6089180094eae0e74` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	2 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e27f7ff05294b931f19b0b671d99e80ad490f8135760d282acc0f73a5877dd56` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	14 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5e4c8bb69eb386091380d09195b931c656709bfc8687fd2887cef6a7512d0dc3` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	743 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b5e5fe9b13be2d9a0c433907ac06f0102c3b944b906ee3785f6625bdf0013b34` Request headers accept-language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36 Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NatWest (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery function| formatCardNumber

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
www.didaweb.net
31.11.36.22
69.16.175.42
03285bdf8ae7b6e9c5c2b5c177c54fa80f45c85282902d72ac13797ef70c0fce
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
070248a201dbfa8e4a8576c0e4966536bd7d0a032acb52e0a1c7554d0a758603
0bfd75bdb0b02580963ddb2ce2fafec55850b52837ca42619b754cd0054e6600
160da373d44846c0bb07f5ca7566d280c2998e45b48cd92e92d4057215faf0e7
1d90b893bafefc19de4ec421a9cfd762f370874b15a58cbf6b5fa92b6bf2df30
299e049b090dd6904f96fbde6d56e1fb270eff4044ca4ceffe6bc1a7534443b5
36aa0647ba26b54031cf8a6d6ad4504769c4e30ad49a43d1320c1833318252e4
39439b339447989a92bb100f3baf0e8853a7810fec87c28acf1dbb1e594caf76
39e04c9873784832d9d3675aae27369a440b8c5df621d7c142c39375ee0f4dcd
5e4c8bb69eb386091380d09195b931c656709bfc8687fd2887cef6a7512d0dc3
95794078859c3c312fdcda67f70e14a8a24002eae9dd3c862b05f26d0527a6c4
b5e5fe9b13be2d9a0c433907ac06f0102c3b944b906ee3785f6625bdf0013b34
d0c46b7a5cd9ef78456024a9fc5266e81727c9e4d48701b1fee7c44f16b3744a
e27f7ff05294b931f19b0b671d99e80ad490f8135760d282acc0f73a5877dd56
e63f205e2b3dc276450b50b90f22aebad35aea51251bdb8355385936744da54b
eec5f052a7b3380ef36946303eaf3967207424645715dae08120adedae2887f0
f2b557317fb851b3ed73c2d8203192e9ed433bd006ca5025ccb3317ef15e1b8d
fc7b7728dfd3af5912ffb05292105231a79219e8acb487f6089180094eae0e74

www.didaweb.net Open in urlscan Pro 31.11.36.22 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

156 kBTransfer

373 kBSize

0 Cookies

0 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 17 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

4 JavaScript Global Variables

0 Cookies

Indicators

www.didaweb.net Open in urlscan Pro
31.11.36.22 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

156 kB
Transfer

373 kB
Size

0
Cookies

2 HTTP transactions
17 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!