www.webmail-aruba-riattivare.com Open in urlscan Pro
46.17.41.141 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.webmail-aruba-riattivare.com/page.php
Submission Tags: 7493489
Submission: On April 20 via api (April 20th 2022, 1:57:48 pm UTC) from US — Scanned from IT

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 46.17.41.141, located in Moscow, Russian Federation and belongs to ASBAXET, RU. The main domain is www.webmail-aruba-riattivare.com.
TLS certificate: Issued by R3 on April 19th 2022. Valid for: 3 months.

This is the only time www.webmail-aruba-riattivare.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address		AS Autonomous System
11	46.17.41.141 46.17.41.141		51659 (ASBAXET) (ASBAXET)
11	1

11 46.17.41.141 (Moscow, Russian Federation)

ASN51659 (ASBAXET, RU)

www.webmail-aruba-riattivare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	webmail-aruba-riattivare.com www.webmail-aruba-riattivare.com	254 KB
11	1

	Domain	Requested by
11	www.webmail-aruba-riattivare.com	www.webmail-aruba-riattivare.com
11	1

This site contains no links.

Subject Issuer	Validity	Valid
webmail-aruba-riattivare.com R3	`2022-04-19` - `2022-07-18`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.webmail-aruba-riattivare.com/page.php
Frame ID: 2780DA71F4249C1A78A7A8A11669972A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

WebMail Aruba

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

254 kB
Transfer

447 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request page.php Show response www.webmail-aruba-riattivare.com/	8 KB 2 KB	394ms 134ms	Document text/html	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.webmail-aruba-riattivare.com/page.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `49cd66c0c3bf6e685c13cc1cd59313205785b7dea72bf8f497f74e20f5c4f1ba` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 2056 Content-Type text/html; charset=UTF-8 Date Wed, 20 Apr 2022 13:57:43 GMT Server nginx/1.18.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	login.css www.webmail-aruba-riattivare.com/css/	13 KB 3 KB	131ms 130ms	Stylesheet text/css	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.webmail-aruba-riattivare.com/css/login.css Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/page.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/page.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:43 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "351d-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2665
GET H/1.1	200 OK	dojo.js Show response www.webmail-aruba-riattivare.com/js/	193 KB 38 KB	355ms 224ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.webmail-aruba-riattivare.com/js/dojo.js Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/page.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/page.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:43 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "30567-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 38251
GET H/1.1	200 OK	login.js Show response www.webmail-aruba-riattivare.com/js/	31 KB 8 KB	388ms 136ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://www.webmail-aruba-riattivare.com/js/login.js Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/page.php Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/page.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:43 GMT Content-Encoding gzip Last-Modified Tue, 19 Apr 2022 11:51:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "7ba3-5dd007e39a9c0-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 7552
GET H/1.1	200 OK	aruba-logo.svg www.webmail-aruba-riattivare.com/img/	15 KB 15 KB	468ms 212ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/aruba-logo.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:44 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b00-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 15104
GET H/1.1	200 OK	envelope.svg www.webmail-aruba-riattivare.com/img/	681 B 937 B	382ms 126ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/envelope.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:44 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2a9-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 681
GET H/1.1	200 OK	login-icon.svg www.webmail-aruba-riattivare.com/img/	666 B 922 B	384ms 126ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/login-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:44 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "29a-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 666
GET H/1.1	200 OK	password-icon.svg www.webmail-aruba-riattivare.com/img/	585 B 841 B	388ms 125ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/password-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:44 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "249-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 585
GET H/1.1	200 OK	password-icon-2.svg www.webmail-aruba-riattivare.com/img/	947 B 1 KB	241ms 132ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/password-icon-2.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:43 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b3-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 947
GET H/1.1	200 OK	check.svg www.webmail-aruba-riattivare.com/img/	298 B 554 B	353ms 120ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/check.svg?_v_=v4r2b61.20201014_1430 Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:43 GMT Last-Modified Mon, 18 Apr 2022 17:16:29 GMT Server nginx/1.18.0 (Ubuntu) ETag "12a-5dcf0ebbf5540" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 298
GET H/1.1	200 OK	left-block-image.jpg www.webmail-aruba-riattivare.com/img/	183 KB 184 KB	132ms 131ms	Image image/jpeg	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://www.webmail-aruba-riattivare.com/img/left-block-image.jpg Requested by Host: www.webmail-aruba-riattivare.com URL: https://www.webmail-aruba-riattivare.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash `dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1` Request headers accept-language it-IT,it;q=0.9 Referer https://www.webmail-aruba-riattivare.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 13:57:44 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2ddaa-5da574b2fff80" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 187818

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.webmail-aruba-riattivare.com
46.17.41.141
2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d
49cd66c0c3bf6e685c13cc1cd59313205785b7dea72bf8f497f74e20f5c4f1ba
5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99
6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a
8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97
9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77
a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14
bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236
c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a
d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1
dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1

www.webmail-aruba-riattivare.com Open in urlscan Pro 46.17.41.141 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

254 kBTransfer

447 kBSize

0 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

58 JavaScript Global Variables

0 Cookies

Indicators

www.webmail-aruba-riattivare.com Open in urlscan Pro
46.17.41.141 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

254 kB
Transfer

447 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!