webmail-aruba.com Open in urlscan Pro
46.17.41.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://artificialgrasscumbria.com/VJB090TZP?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah
Effective URL:
https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0=
Submission Tags: 7493229
Submission: On April 20 via api (April 20th 2022, 8:01:12 am UTC) from US — Scanned from IT

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 46.17.41.141, located in Moscow, Russian Federation and belongs to ASBAXET, RU. The main domain is webmail-aruba.com.
TLS certificate: Issued by R3 on April 19th 2022. Valid for: 3 months.

This is the only time webmail-aruba.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	92.255.57.122 92.255.57.122	57523 (CHANGWAY-AS) (CHANGWAY-AS)
1 12	46.17.41.141 46.17.41.141	51659 (ASBAXET) (ASBAXET)
11	1

1 92.255.57.122 (Hong Kong) 1 redirects

ASN57523 (CHANGWAY-AS, HK)

artificialgrasscumbria.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 46.17.41.141 (Moscow, Russian Federation) 1 redirects

ASN51659 (ASBAXET, RU)

arbrdrcts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webmail-aruba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	webmail-aruba.com webmail-aruba.com	254 KB
1	arbrdrcts.com 1 redirects arbrdrcts.com	258 B
1	artificialgrasscumbria.com 1 redirects artificialgrasscumbria.com	280 B
11	3

	Domain	Requested by
11	webmail-aruba.com	webmail-aruba.com
1	arbrdrcts.com	1 redirects
1	artificialgrasscumbria.com	1 redirects
11	3

This site contains no links.

Subject Issuer	Validity	Valid
webmail-aruba.com R3	`2022-04-19` - `2022-07-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0=
Frame ID: B8B92EA8CE2565D9063C971F95D02DD0
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WebMail Aruba

Page URL History Show full URLs

https://artificialgrasscumbria.com/VJB090TZP?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah HTTP 301
https://arbrdrcts.com/?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah HTTP 302
https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

254 kB
Transfer

447 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://artificialgrasscumbria.com/VJB090TZP?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah HTTP 301
https://arbrdrcts.com/?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah HTTP 302
https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response webmail-aruba.com/ Redirect Chain https://artificialgrasscumbria.com/VJB090TZP?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah https://arbrdrcts.com/?c=ogpmWbc2FsYUBzdHVkaW9mcmVkZWxsYS5jb20=kLjah https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0=	8 KB 2 KB	380ms 126ms	Document text/html	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `46a60bbee6e3b99b76568bde0bb9bb78d6bdba76c91b58f452a3f9cfea8c0de0` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 2072 Content-Type text/html; charset=UTF-8 Date Wed, 20 Apr 2022 08:01:07 GMT Server nginx/1.18.0 (Ubuntu) Vary Accept-Encoding Redirect headers Connection keep-alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Wed, 20 Apr 2022 08:01:06 GMT Location https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Server nginx/1.18.0 (Ubuntu)
GET H/1.1	200 OK	login.css webmail-aruba.com/css/	13 KB 3 KB	120ms 119ms	Stylesheet text/css	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/css/login.css Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "351d-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2665
GET H/1.1	200 OK	dojo.js Show response webmail-aruba.com/js/	193 KB 38 KB	339ms 218ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/js/dojo.js Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "30567-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 38251
GET H/1.1	200 OK	login.js Show response webmail-aruba.com/js/	31 KB 8 KB	381ms 120ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/js/login.js Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Content-Encoding gzip Last-Modified Tue, 19 Apr 2022 11:51:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "7ba3-5dd007e39a9c0-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 7552
GET H/1.1	200 OK	aruba-logo.svg webmail-aruba.com/img/	15 KB 15 KB	459ms 206ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/aruba-logo.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b00-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 15104
GET H/1.1	200 OK	envelope.svg webmail-aruba.com/img/	681 B 937 B	374ms 121ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/envelope.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2a9-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 681
GET H/1.1	200 OK	login-icon.svg webmail-aruba.com/img/	666 B 922 B	378ms 118ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/login-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "29a-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 666
GET H/1.1	200 OK	password-icon.svg webmail-aruba.com/img/	585 B 841 B	389ms 125ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/password-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "249-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 585
GET H/1.1	200 OK	password-icon-2.svg webmail-aruba.com/img/	947 B 1 KB	253ms 126ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/password-icon-2.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b3-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 947
GET H/1.1	200 OK	check.svg webmail-aruba.com/img/	298 B 554 B	357ms 121ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/check.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Mon, 18 Apr 2022 17:16:29 GMT Server nginx/1.18.0 (Ubuntu) ETag "12a-5dcf0ebbf5540" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 298
GET H/1.1	200 OK	left-block-image.jpg webmail-aruba.com/img/	183 KB 184 KB	122ms 122ms	Image image/jpeg	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/left-block-image.jpg Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1` Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 08:01:07 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2ddaa-5da574b2fff80" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 187818

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

arbrdrcts.com
artificialgrasscumbria.com
webmail-aruba.com
46.17.41.141
92.255.57.122
2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d
46a60bbee6e3b99b76568bde0bb9bb78d6bdba76c91b58f452a3f9cfea8c0de0
5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99
6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a
8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97
9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77
a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14
bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236
c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a
d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1
dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1

webmail-aruba.com Open in urlscan Pro 46.17.41.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

254 kBTransfer

447 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

58 JavaScript Global Variables

0 Cookies

Indicators

webmail-aruba.com Open in urlscan Pro
46.17.41.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

254 kB
Transfer

447 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!