www.tredicicomfort.it Open in urlscan Pro
31.11.33.200 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Effective URL:
http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Submission Tags: @ipnigh
Submission: On October 12 via api (October 12th 2019, 5:26:33 pm UTC) from GB

Summary HTTP 13 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 31.11.33.200, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.tredicicomfort.it.

This is the only time www.tredicicomfort.it was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Optus (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	62.149.128.151 62.149.128.151	31034 (ARUBA-ASN) (ARUBA-ASN)
10	31.11.33.200 31.11.33.200	31034 (ARUBA-ASN) (ARUBA-ASN)
1	2001:4de0:ac1... 2001:4de0:ac19::1:b:2a	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
2	2a04:4e42:1b:... 2a04:4e42:1b::621	54113 (FASTLY) (FASTLY - Fastly)
13	4

1 62.149.128.151 (Arezzo, Italy) 1 redirects

ASN31034 (ARUBA-ASN, IT)
PTR: mxd6.aruba.it

tredicicomfort.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 31.11.33.200 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: websn2s190.aruba.it

www.tredicicomfort.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac19::1:b:2a (Netherlands)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	tredicicomfort.it 1 redirects tredicicomfort.it www.tredicicomfort.it	626 KB
2	jsdelivr.net cdn.jsdelivr.net	13 KB
1	jquery.com code.jquery.com	33 KB
13	3

	Domain	Requested by
10	www.tredicicomfort.it	www.tredicicomfort.it
2	cdn.jsdelivr.net	www.tredicicomfort.it
1	code.jquery.com	www.tredicicomfort.it
1	tredicicomfort.it	1 redirects
13	4

This site contains links to these domains. Also see Links.

Domain
www.optus.com.au
memberservices.optuszoo.com.au
webmail.optusnet.com.au
yescrowd.optus.com.au
sport.optus.com.au
www.facebook.com
twitter.com
www.youtube.com
www.linkedin.com
plus.google.com
www.pinterest.com
instagram.com
www.singtel.com
offer.optus.com.au

Subject Issuer	Validity	Valid
jquery.org COMODO RSA Domain Validation Secure Server CA	`2018-10-17` - `2020-10-16`	2 years	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Frame ID: 5D9F06E1E6BDAE7884746818471D4982
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php HTTP 301
http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

13
Requests

23 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

671 kB
Transfer

4382 kB
Size

0
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://www.optus.com.au/my-account-login?TYPE=100663297&REALMOID=06-8ddf53bb-43cf-4d85-9334-da38d3f555e9&GUID=1&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-qrO%2f7pv80kBPNdyFsh4xzrcFhAaZ5fTczH%2bJYZKe%2fnANBOvXuad%2b5m86DCkkpnnb&TARGET=-SM-HTTP%3a%2f%2fwww%2eoptus%2ecom%2eau%2fsecure%2fsm%2flogin%2eprocess%3ftarget%3dhttps-%3A-%2F-%2Fwww%2eoptus%2ecom%2eau-%2Fmy--account#nav-primary-level
Title: Skip to Primary Navigation

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/for-you
Title: For You

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/business
Title: For Business

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/enterprise
Title: For Enterprise

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/about
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/shop/shoppingcart
Title: Cart

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/my-account
Title: My Account

Search URL Search Domain Scan URL

URL: https://memberservices.optuszoo.com.au/myaccount/
Title: Member Services

Search URL Search Domain Scan URL

URL: https://webmail.optusnet.com.au/
Title: Webmail

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/customercentre/rewards/login
Title: Optus Perks

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/customercentre/yescrowd/login
Title: Yes Crowd

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/yesbusiness
Title:

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/support/answer?id=8396&typeId=3&refId=1
Title: Register for My Account

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/support/answer?id=8395&typeId=3&refId=1
Title: My Account: Username & Password Help

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/support/answer?id=8394&typeId=3&refId=1
Title: My Account & Member Services: Eligibility & Benefits

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/support/answer?id=8397&typeId=3&refId=1
Title: Save card details in My Account

Search URL Search Domain Scan URL

URL: http://www.optus.com.au/shop/support
Title: Find more articles in Help and support

Search URL Search Domain Scan URL

URL: https://yescrowd.optus.com.au/t5/Android/Help-for-Order-Delivery-Activation-and-your-First-Bill/m-p/132374#M7007
Title: Help for Order Delivery, Activation and your First Bill

Search URL Search Domain Scan URL

URL: https://yescrowd.optus.com.au/t5/Mobile/How-to-unlock-Your-Prepaid-Mobile-Phone-or-Device/m-p/108228#M18462
Title: How to unlock Your Prepaid Mobile Phone or Device

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/customer-extras/mobile-apps/my-optus-app
Title: My Optus App

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/entertainment/hype
Title: Hype

Search URL Search Domain Scan URL

URL: https://sport.optus.com.au/
Title: Optus Sport

Search URL Search Domain Scan URL

URL: https://yescrowd.optus.com.au/
Title: Yes Crowd

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/support
Title: Support

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/about/legal/privacy-and-security
Title: Privacy, Security and Safety

Search URL Search Domain Scan URL

URL: http://www.optus.com.au/about/legal#link/legal/0
Title: Standard Agreement

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/shop/cis
Title: Critical Information Summaries

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/shop/usageguides
Title: Optus Usage Guidelines

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/about/legal/copyright
Title: Copyright

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/about/inclusion-diversity/differing-abilities/disability-services
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/shop/devicewarrtechinfo
Title: Device Warranties

Search URL Search Domain Scan URL

URL: http://www.facebook.com/optus
Title: ""

Search URL Search Domain Scan URL

URL: http://twitter.com/Optus
Title: ""

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/yesoptus
Title: ""

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/optus
Title: ""

Search URL Search Domain Scan URL

URL: http://plus.google.com/+optus/posts
Title: ""

Search URL Search Domain Scan URL

URL: http://www.pinterest.com/optus
Title: ""

Search URL Search Domain Scan URL

URL: http://instagram.com/optus
Title: ""

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/shop/stores
Title: Store Locator

Search URL Search Domain Scan URL

URL: https://www.optus.com.au/contactus
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.singtel.com/about-us
Title: About Singtel

Search URL Search Domain Scan URL

URL: https://offer.optus.com.au/for-you/support/complaints1?sid=complaints:source:homepage
Title: Lodge a complaint

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php HTTP 301
http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/
Redirect Chain

http://tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php

57 KB
57 KB

292ms
259ms

Document
text/html

31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 4d573d01b6571cd4dd2295e81d22056f8647f7202735cd19c6e3a4bd8d6b884d

Request headers

Host: www.tredicicomfort.it
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Sat, 12 Oct 2019 17:26:15 GMT
Content-Length: 57940

Redirect headers

Date: Sat, 12 Oct 2019 17:26:15 GMT
Server: Apache
Location: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Content-Length: 278
Connection: close
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1 200
OK lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 493 KB
49 KB 120ms
103ms Stylesheet
text/css 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 3e0794fdbb1561c6d6eee0b549a1de096648afa0e80a64a93c4f6acae1c03a7f

Request headers

Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Content-Encoding: gzip
Last-Modified: Sat, 12 Oct 2019 00:34:31 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "80c5f8cf9480d51:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 49799

GET
H/1.1 200
OK lux.49c32e08060172d8b8758ebe235b7642.css
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 3 MB
264 KB 119ms
103ms Stylesheet
text/css 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.49c32e08060172d8b8758ebe235b7642.css
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 4021c370201dcacd62f04ad5f1aab11bb59a4477bf0fe0b01ea57a81f76cef2c

Request headers

Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Content-Encoding: gzip
Last-Modified: Sat, 12 Oct 2019 00:35:16 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "03acbea9480d51:0"
Vary: Accept-Encoding
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 270264

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: eea41981c12ea68bbb642bc6fccdcfce8ce0c6ac21f998c6621a486db6f8e004

Request headers

Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK jquery-1.11.1.min.js Show response
code.jquery.com/ 94 KB
33 KB 17ms
7ms Script
application/javascript 2001:4de0:ac19::1:b:2a
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-1.11.1.min.js
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: nginx /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Content-Encoding: gzip
Last-Modified: Fri, 24 Oct 2014 00:16:07 GMT
Server: nginx
ETag: W/"54499a47-1762a"
Vary: Accept-Encoding
X-HW: 1570901176.dop011.fr8.shc,1570901176.dop011.fr8.t,1570901176.cds148.fr8.c
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=315360000, public
Connection: Keep-Alive
Accept-Ranges: bytes
Content-Length: 33202

GET
H2 200 jquery.validate.min.js Show response
cdn.jsdelivr.net/jquery.validation/1.16.0/ 23 KB
7 KB 21ms
6ms Script
application/javascript 2a04:4e42:1b::621
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.validation/1.16.0/jquery.validate.min.js

Requested by

Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
status: 200
content-length: 7446
etag: W/"5a1e-IUhhlLqiLrEVX+mL969jFOd3PMc"
x-served-by: cache-ams21035-AMS, cache-hhn4062-HHN
date: Sat, 12 Oct 2019 17:26:16 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 additional-methods.min.js Show response
cdn.jsdelivr.net/jquery.validation/1.16.0/ 17 KB
5 KB 20ms
6ms Script
application/javascript 2a04:4e42:1b::621
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/jquery.validation/1.16.0/additional-methods.min.js

Requested by

Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
status: 200
content-length: 5297
etag: W/"4587-uIBUYLV1S+ixaiI99zfZV32kwYI"
x-served-by: cache-ams21023-AMS, cache-hhn4062-HHN
date: Sat, 12 Oct 2019 17:26:16 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H/1.1 200
OK login.js Show response
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 574 B
833 B 59ms
59ms Script
application/javascript 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/login.js
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: ef2a6a7aa916168bc41df843565870ac016bc988368947eccd06158f84eb82ac

Request headers

Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Last-Modified: Sat, 12 Oct 2019 00:31:55 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "31983739480d51:0"
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 574

GET
H/1.1 200
OK ee10f7196c1b125a3b8222341465bf5e.woff
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 65 KB
65 KB 54ms
54ms Font
font/x-woff 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ee10f7196c1b125a3b8222341465bf5e.woff
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 7b1443ccd9f5702ad832d5f8f58cd7955da80b6be466208e37900863097dbb12

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Last-Modified: Sat, 12 Oct 2019 00:33:10 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "f22c45a09480d51:0"
Content-Type: font/x-woff
Accept-Ranges: bytes
Content-Length: 66552

GET
H/1.1 200
OK 507b76aa0351c57ece90f02239b62ba3.woff
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 66 KB
66 KB 56ms
56ms Font
font/x-woff 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/507b76aa0351c57ece90f02239b62ba3.woff
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 06e6ac46fef95be90de802cbf8f07aefa9d2c9416ea8e32bccef5d526bb96e5f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Last-Modified: Sat, 12 Oct 2019 00:33:03 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "3959a49b9480d51:0"
Content-Type: font/x-woff
Accept-Ranges: bytes
Content-Length: 67824

GET
H/1.1 200
OK b7b268c962e2855acf62186c96a55466.woff
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 66 KB
66 KB 55ms
55ms Font
font/x-woff 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/b7b268c962e2855acf62186c96a55466.woff
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 4447d75f8502cc1989762d2281eb12cf991055b71f94215ad2b3d6aca6295ab7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Last-Modified: Sat, 12 Oct 2019 00:33:05 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "2f65329d9480d51:0"
Content-Type: font/x-woff
Accept-Ranges: bytes
Content-Length: 67808

GET
H/1.1 404
Not Found cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/assets/fonts/lux-icons/ 0
0 110ms
95ms Font
text/html 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/assets/fonts/lux-icons/cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.49c32e08060172d8b8758ebe235b7642.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Cache-Control: private
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 5150
Content-Type: text/html; charset=utf-8

GET
H/1.1 404
Not Found e1055008ac141ccf27da8fbe95009134.ttf
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/assets/fonts/lux-icons/ 0
0 54ms
54ms Font
text/html 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/assets/fonts/lux-icons/e1055008ac141ccf27da8fbe95009134.ttf
Requested by: Host: www.tredicicomfort.it
URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/login.php
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Cache-Control: private
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Content-Length: 5148
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/ 56 KB
56 KB 55ms
54ms Font
font/x-woff 31.11.33.200
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/cdf06c294d7cc3d6664b0dc9edf2c7ea.woff
Protocol: HTTP/1.1
Server: 31.11.33.200 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS: websn2s190.aruba.it
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: abb2805631568056488332283a9cde15bb8fe0c2100d41963f673dba10d0fd8f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/lux.base.40b79b2dff70805dc551aaca7c6f6a4b.css
Origin: http://www.tredicicomfort.it

Response headers

Date: Sat, 12 Oct 2019 17:26:16 GMT
Last-Modified: Sat, 12 Oct 2019 00:33:08 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
ETag: "2c7bc9e9480d51:0"
Content-Type: font/x-woff
Accept-Ranges: bytes
Content-Length: 57556

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Optus (Telecommunication)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: http://www.tredicicomfort.it/css/8754DFS/HJQSGHJQS5454/optus/files/login.js(Line 29) Message: ready!

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
code.jquery.com
tredicicomfort.it
www.tredicicomfort.it
2001:4de0:ac19::1:b:2a
2a04:4e42:1b::621
31.11.33.200
62.149.128.151
06e6ac46fef95be90de802cbf8f07aefa9d2c9416ea8e32bccef5d526bb96e5f
3e0794fdbb1561c6d6eee0b549a1de096648afa0e80a64a93c4f6acae1c03a7f
4021c370201dcacd62f04ad5f1aab11bb59a4477bf0fe0b01ea57a81f76cef2c
4447d75f8502cc1989762d2281eb12cf991055b71f94215ad2b3d6aca6295ab7
4d573d01b6571cd4dd2295e81d22056f8647f7202735cd19c6e3a4bd8d6b884d
50e497b00818378dcffe856b994f89947b620c66163768879c9b8a63d583f898
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
7b1443ccd9f5702ad832d5f8f58cd7955da80b6be466208e37900863097dbb12
8b1554032d2cfbf0e858518df6460b2b4336be2cfb1f188dfd1108a3ae50b2e8
abb2805631568056488332283a9cde15bb8fe0c2100d41963f673dba10d0fd8f
eea41981c12ea68bbb642bc6fccdcfce8ce0c6ac21f998c6621a486db6f8e004
ef2a6a7aa916168bc41df843565870ac016bc988368947eccd06158f84eb82ac

www.tredicicomfort.it Open in urlscan Pro 31.11.33.200 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

23 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

4 IPs

3 Countries

671 kBTransfer

4382 kBSize

0 Cookies

45 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

www.tredicicomfort.it Open in urlscan Pro
31.11.33.200 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

23 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

4
IPs

3
Countries

671 kB
Transfer

4382 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!