roleplaystar.com Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Submission: On January 09 via api (January 9th 2024, 7:19:04 am UTC) from GB — Scanned from IT

Summary HTTP 11 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 188.114.97.3, located in Amsterdam, Netherlands and belongs to CLOUDFLARENET, US. The main domain is roleplaystar.com.
TLS certificate: Issued by GTS CA 1P5 on November 22nd 2023. Valid for: 3 months.

This is the only time roleplaystar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	62.149.186.150 62.149.186.150	31034 (ARUBA-ASN) (ARUBA-ASN)
11	3

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

roleplaystar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 62.149.186.150 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

admin.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	aruba.it admin.aruba.it	43 KB
1	roleplaystar.com roleplaystar.com	3 KB
0	arubamediamarketing.it Failed tracks.arubamediamarketing.it Failed visual.arubamediamarketing.it Failed
11	3

	Domain	Requested by
7	admin.aruba.it	roleplaystar.com admin.aruba.it
1	roleplaystar.com
0	visual.arubamediamarketing.it Failed	roleplaystar.com
0	tracks.arubamediamarketing.it Failed	roleplaystar.com
11	4

This site contains links to these domains. Also see Links.

Domain
webmail.aruba.it
hosting.aruba.it
pagamenti.aruba.it
rivenditori.aruba.it
analytics.arubamediamarketing.it
admin.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
roleplaystar.com GTS CA 1P5	`2023-11-22` - `2024-02-20`	3 months	crt.sh
admin.aruba.it Actalis Organization Validated Server CA G3	`2023-12-18` - `2024-12-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Frame ID: 7FCF0A136933F2D260F6FABB33CC4DAE
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aruba.it - Control Panel Login

Page Statistics

11
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

46 kB
Transfer

48 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://webmail.aruba.it/
Title: webmail

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/Rinnovi/InsDatiRinnovo.asp?Lang=DEFAULT
Title: rinnovi

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/home/default.aspx
Title: pagamenti

Search URL Search Domain Scan URL

URL: http://rivenditori.aruba.it/
Title: affiliazione

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/areaclienti
Title: area clienti

Search URL Search Domain Scan URL

URL: http://analytics.arubamediamarketing.it/link_outbound/?cvtrac=5&usc=d645920e395fedad7bbbed0eca3fe2e0
Title: assistenza

Search URL Search Domain Scan URL

URL: https://admin.aruba.it/oldlogin.aspx
Title: Versione precedente

Search URL Search Domain Scan URL

URL: http://hosting.aruba.it/Domini/spediscidatidominio.asp?lang=IT
Title: Hai perso i dati?

Search URL Search Domain Scan URL

URL: http://www.aruba.it/
Title: Copyright © print_date(); 2024 Aruba S.p.A. - P.I. 01573850516 - All rights reserved

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/ 12 KB
3 KB 971ms
541ms Document
text/html 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d912661ba3ad025316d67f4028bd112c028ca01bc4ab4954b2b37aad36b3b0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: it-IT,it;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 842ae82ecd150e19-MXP
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 09 Jan 2024 07:18:34 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tg7ktHXOIuYfZPOC%2FpvZvw8GEVR3QyKHMAIqihMI4IP7AyRNTPOXjwweYYPNEJ2Co59WGwg3WvhnWIYTGJJOrQGjWOg5fsnFUZEhc3TMjZtiPO1L7SmqM1is6z7asuZrAwKM"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1 200
OK javascript_cookies.js Show response
admin.aruba.it/PannelloAdmin/ 2 KB
3 KB 207ms
60ms Script
application/javascript 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://admin.aruba.it/PannelloAdmin/javascript_cookies.js

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

87de8401a3a5db02c8df9346fe330e9a725dbd987c60ae8a1935f07cc1a9acc0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1922

GET
H/1.1 200
OK Login.css
admin.aruba.it/PannelloAdmin/ 17 KB
18 KB 210ms
63ms Stylesheet
text/css 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://admin.aruba.it/PannelloAdmin/Login.css?v1.0

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

4b229f16b7c6fe884e116ac5044e8fb9c5f3498ebca592bb2f809fd8ecaaafa1

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 17132

GET
H/1.1 200
OK logo_aruba.png
admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/ 9 KB
10 KB 241ms
78ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/logo_aruba.png

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:44:58 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "0e138f7573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 9433

GET
H/1.1 200
OK imgCaratteristicheAccesso.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 508 B
2 KB 268ms
72ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgCaratteristicheAccesso.png

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 508

GET
H/1.1 200
OK arrox_previous.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 338 B
1 KB 42ms
41ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/arrox_previous.png

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:08 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "0c22efd573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 338

GET
H/1.1 200
OK imgHaiPersoDati.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 775 B
2 KB 42ms
41ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgHaiPersoDati.png

Requested by

Host: roleplaystar.com
URL: https://roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://roleplaystar.com/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 775

GET tsends.js
tracks.arubamediamarketing.it/track/ 0
0

GET 59b1da0be8266e06e6a75a5d0f2aa14d.js
visual.arubamediamarketing.it/cjs/ 0
0

GET include.js
visual.arubamediamarketing.it/track/ 0
0

GET
H/1.1 200
OK PannelloControlloBottomLogo.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 6 KB
7 KB 78ms
52ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/PannelloControlloBottomLogo.png

Requested by

Host: admin.aruba.it
URL: https://admin.aruba.it/PannelloAdmin/Login.css?v1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: it-IT,it;q=0.9
Referer: https://admin.aruba.it/PannelloAdmin/Login.css?v1.0
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 07:18:33 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6604

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tracks.arubamediamarketing.it
URL: https://tracks.arubamediamarketing.it/track/tsends.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/cjs/59b1da0be8266e06e6a75a5d0f2aa14d.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/track/include.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://visual.arubamediamarketing.it/cjs/59b1da0be8266e06e6a75a5d0f2aa14d.js Message: Failed to load resource: net::ERR_TIMED_OUT
network	error	URL: https://visual.arubamediamarketing.it/track/include.js Message: Failed to load resource: net::ERR_TIMED_OUT

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin.aruba.it
roleplaystar.com
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
188.114.97.3
62.149.186.150
2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67
336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12
399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d
3d912661ba3ad025316d67f4028bd112c028ca01bc4ab4954b2b37aad36b3b0e
4b229f16b7c6fe884e116ac5044e8fb9c5f3498ebca592bb2f809fd8ecaaafa1
87de8401a3a5db02c8df9346fe330e9a725dbd987c60ae8a1935f07cc1a9acc0
8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96
b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9

roleplaystar.com Open in urlscan Pro 188.114.97.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

73 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

46 kBTransfer

48 kBSize

0 Cookies

9 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

0 Cookies

2 Console Messages

Indicators

roleplaystar.com Open in urlscan Pro
188.114.97.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

46 kB
Transfer

48 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!