login-mail-aruba-online.com Open in urlscan Pro
119.9.54.119 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://pp-aid.com/wp-admin/noto.html?JRozzano183]KabitatoWmateriale344
Effective URL:
http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/56b2a49cc00f81387705d1e2ccc6f9c3/index.php?lang=en&tID=ZuX...
Submission Tags: phishing malicious Search All
Submission: On September 12 via api (September 12th 2021, 9:05:02 pm UTC) from IT — Scanned from DE

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 4 countries across 4 domains to perform 16 HTTP transactions. The main IP is 119.9.54.119, located in Hampton, Australia and belongs to RACKSPACE-AS Rackspace.com Sydney, HK. The main domain is login-mail-aruba-online.com.

This is the only time login-mail-aruba-online.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	167.71.79.8 167.71.79.8	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
13	119.9.54.119 119.9.54.119	58683 (RACKSPACE...) (RACKSPACE-AS Rackspace.com Sydney)
1	151.101.114.137 151.101.114.137	54113 (FASTLY) (FASTLY)
1	162.247.242.19 162.247.242.19	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
16	4

1 167.71.79.8 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

pp-aid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 119.9.54.119 (Hampton, Australia)

ASN58683 (RACKSPACE-AS Rackspace.com Sydney, HK)

login-mail-aruba-online.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.114.137 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.19 (United States)

ASN23467 (NEWRELIC-AS-1, US)
PTR: bam-7.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	login-mail-aruba-online.com login-mail-aruba-online.com	258 KB
1	nr-data.net bam.nr-data.net	322 B
1	newrelic.com js-agent.newrelic.com	12 KB
1	pp-aid.com pp-aid.com	322 B
16	4

	Domain	Requested by
13	login-mail-aruba-online.com	login-mail-aruba-online.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	login-mail-aruba-online.com
1	pp-aid.com
16	4

This site contains no links.

Subject Issuer	Validity	Valid
pp-aid.com R3	`2021-07-05` - `2021-10-03`	3 months	crt.sh
*.newrelic.com R3	`2021-07-19` - `2021-10-17`	3 months	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/56b2a49cc00f81387705d1e2ccc6f9c3/index.php?lang=en&tID=ZuXcWvvQGSA
Frame ID: 58A24637DE2BF9422863A24CF6514744
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WebMail Aruba

Page URL History Show full URLs

https://pp-aid.com/wp-admin/noto.html?JRozzano183]KabitatoWmateriale344 Page URL
http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/ Page URL
http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/56b2a49cc00f81387705d1e2ccc6f9c3/index... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

19 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

270 kB
Transfer

312 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://pp-aid.com/wp-admin/noto.html?JRozzano183]KabitatoWmateriale344 Page URL
http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/ Page URL
http://login-mail-aruba-online.com/email-aruba/v_=v4r2b49.20170112_08000/56b2a49cc00f81387705d1e2ccc6f9c3/index.php?lang=en&tID=ZuXcWvvQGSA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 noto.html Show response
pp-aid.com/wp-admin/ 118 B
322 B 64ms
17ms Document
text/html 167.71.79.8
DIGITALOCEAN-ASN

General

			Domain/Path	Expires	Name / Value
			login-mail-aruba-online.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b4ej10spt8pg165gt1k24kmid6
			.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 2b3cff5db24985f9

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

login-mail-aruba-online.com Open in urlscan Pro 119.9.54.119 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

19 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

4 IPs

4 Countries

270 kBTransfer

312 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

13 JavaScript Global Variables

2 Cookies

Security Headers

Indicators

login-mail-aruba-online.com Open in urlscan Pro
119.9.54.119 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

19 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

4
Countries

270 kB
Transfer

312 kB
Size

2
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!