titanactivewear.com - urlscan.io

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 7 HTTP transactions. The main IP is 50.116.94.47, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is titanactivewear.com.
TLS certificate: Issued by R3 on November 29th 2023. Valid for: 3 months.

This is the only time titanactivewear.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
2 3	50.116.94.47 50.116.94.47	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
6	62.149.186.150 62.149.186.150	31034 (ARUBA-ASN) (ARUBA-ASN)
7	2

3 50.116.94.47 (United States) 2 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 50-116-94-47.unifiedlayer.com

titanactivewear.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 62.149.186.150 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

pagamenti.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	aruba.it pagamenti.aruba.it	30 KB
3	titanactivewear.com 2 redirects titanactivewear.com	4 KB
7	2

	Domain	Requested by
6	pagamenti.aruba.it	titanactivewear.com
3	titanactivewear.com	2 redirects
7	2

This site contains links to these domains. Also see Links.

Domain
pagamenti.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
titanactivewear.com R3	`2023-11-29` - `2024-02-27`	3 months	crt.sh
pagamenti.aruba.it Actalis Organization Validated Server CA G3	`2023-12-13` - `2024-12-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://titanactivewear.com/db/SMA/intreduction.php
Frame ID: 5D619CAEAEEC14BF368D79AA2D5C6994
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://titanactivewear.com/db/SMA HTTP 301
https://titanactivewear.com/db/SMA/ HTTP 302
https://titanactivewear.com/db/SMA/intreduction.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

34 kB
Transfer

45 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://pagamenti.aruba.it/home/default.aspx

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/ComunicaDatiPagamento/OrdiniDaPagare.aspx
Title: Ordini da pagare

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/ComunicaDatiPagamento/GestioneMetodiPagamento.aspx
Title: Metodi di pagamento

Search URL Search Domain Scan URL

URL: https://www.aruba.it/cookie-policy.aspx?lang=it-IT
Title: Cookie policy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://titanactivewear.com/db/SMA HTTP 301
https://titanactivewear.com/db/SMA/ HTTP 302
https://titanactivewear.com/db/SMA/intreduction.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request intreduction.php Show response
titanactivewear.com/db/SMA/
Redirect Chain

https://titanactivewear.com/db/SMA
https://titanactivewear.com/db/SMA/
https://titanactivewear.com/db/SMA/intreduction.php

18 KB
4 KB

218ms
218ms

Document
text/html

50.116.94.47
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://titanactivewear.com/db/SMA/intreduction.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 50.116.94.47 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 50-116-94-47.unifiedlayer.com
Software: Apache /
Resource Hash: 018848616324e83ebd62bc66a1981a96d9e0f6bdeae25cf3106412d056db26a2

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

content-encoding: gzip
content-length: 4279
content-type: text/html; charset=UTF-8
date: Tue, 09 Jan 2024 00:45:12 GMT
server: Apache
vary: Accept-Encoding

Redirect headers

content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 09 Jan 2024 00:45:12 GMT
location: intreduction.php
server: Apache

GET
H/1.1 200
OK Aruba-logo-web.png
pagamenti.aruba.it/images/ 23 KB
23 KB 211ms
83ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/Aruba-logo-web.png

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:46 GMT
Server: Microsoft-IIS/8.5
ETag: "03f472c4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 23052

GET
H/1.1 200
OK icona-lingua.svg
pagamenti.aruba.it/images/ 1 KB
2 KB 222ms
95ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-lingua.svg

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:48 GMT
Server: Microsoft-IIS/8.5
ETag: "06c782d4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1117

GET
H/1.1 200
OK icona-small-arrow-bottom.svg
pagamenti.aruba.it/images/ 462 B
944 B 214ms
88ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-small-arrow-bottom.svg

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:48 GMT
Server: Microsoft-IIS/8.5
ETag: "06c782d4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 462

GET
H/1.1 200
OK icona-assistenza.svg
pagamenti.aruba.it/images/ 949 B
1 KB 224ms
97ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-assistenza.svg

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:48 GMT
Server: Microsoft-IIS/8.5
ETag: "06c782d4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 949

GET
H/1.1 200
OK icona-utente.svg
pagamenti.aruba.it/images/ 811 B
1 KB 211ms
84ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/icona-utente.svg

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:48 GMT
Server: Microsoft-IIS/8.5
ETag: "06c782d4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 811

GET
H/1.1 200
OK card.svg
pagamenti.aruba.it/images/ 1 KB
2 KB 205ms
79ms Image
image/svg+xml 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagamenti.aruba.it/images/card.svg

Requested by

Host: titanactivewear.com
URL: https://titanactivewear.com/db/SMA/intreduction.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

c509f688d2578a416b988e0b9f4669a3214dad83ef84076b0cda370f042f04e2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000
X-Frame-Options	DENY

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://titanactivewear.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self'
Strict-Transport-Security: max-age=31536000
Date: Tue, 09 Jan 2024 00:45:12 GMT
Last-Modified: Thu, 23 Nov 2023 20:46:48 GMT
Server: Microsoft-IIS/8.5
ETag: "06c782d4e1eda1:0"
X-Powered-By: ASP.NET
X-Frame-Options: DENY
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 1450

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pagamenti.aruba.it
titanactivewear.com
50.116.94.47
62.149.186.150
018848616324e83ebd62bc66a1981a96d9e0f6bdeae25cf3106412d056db26a2
8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694
c509f688d2578a416b988e0b9f4669a3214dad83ef84076b0cda370f042f04e2
d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc
d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1
d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e
dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657

titanactivewear.com Open in urlscan Pro 50.116.94.47 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

34 kBTransfer

45 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

titanactivewear.com Open in urlscan Pro
50.116.94.47 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

34 kB
Transfer

45 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!