webmail-aruba.com Open in urlscan Pro
46.17.41.141  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response webmail-aruba.com/	8 KB 2 KB	487ms 133ms	Document text/html	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 46a60bbee6e3b99b76568bde0bb9bb78d6bdba76c91b58f452a3f9cfea8c0de0 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language it-IT,it;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Length 2072 Content-Type text/html; charset=UTF-8 Date Wed, 20 Apr 2022 07:26:16 GMT Server nginx/1.18.0 (Ubuntu) Vary Accept-Encoding
GET H/1.1	200 OK	login.css webmail-aruba.com/css/	13 KB 3 KB	127ms 127ms	Stylesheet text/css	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/css/login.css Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "351d-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 2665
GET H/1.1	200 OK	dojo.js Show response webmail-aruba.com/js/	193 KB 38 KB	346ms 218ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/js/dojo.js Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Content-Encoding gzip Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "30567-5da574b2fff80-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 38251
GET H/1.1	200 OK	login.js Show response webmail-aruba.com/js/	31 KB 8 KB	359ms 121ms	Script application/javascript	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba.com/js/login.js Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/?c=MzI0TFZSbFJVNWcrNURMbmFXNEVjWDIzbXpTcERqTT0= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Content-Encoding gzip Last-Modified Tue, 19 Apr 2022 11:51:11 GMT Server nginx/1.18.0 (Ubuntu) ETag "7ba3-5dd007e39a9c0-gzip" Vary Accept-Encoding Content-Type application/javascript Connection keep-alive Accept-Ranges bytes Content-Length 7552
GET H/1.1	200 OK	aruba-logo.svg webmail-aruba.com/img/	15 KB 15 KB	352ms 122ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/aruba-logo.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b00-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 15104
GET H/1.1	200 OK	envelope.svg webmail-aruba.com/img/	681 B 937 B	361ms 118ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/envelope.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2a9-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 681
GET H/1.1	200 OK	login-icon.svg webmail-aruba.com/img/	666 B 922 B	375ms 126ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/login-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "29a-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 666
GET H/1.1	200 OK	password-icon.svg webmail-aruba.com/img/	585 B 841 B	380ms 125ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/password-icon.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "249-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 585
GET H/1.1	200 OK	password-icon-2.svg webmail-aruba.com/img/	947 B 1 KB	237ms 129ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/password-icon-2.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash 8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "3b3-5da574b2fff80" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 947
GET H/1.1	200 OK	check.svg webmail-aruba.com/img/	298 B 554 B	332ms 126ms	Image image/svg+xml	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/check.svg?_v_=v4r2b61.20201014_1430 Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Mon, 18 Apr 2022 17:16:29 GMT Server nginx/1.18.0 (Ubuntu) ETag "12a-5dcf0ebbf5540" Content-Type image/svg+xml Connection keep-alive Accept-Ranges bytes Content-Length 298
GET H/1.1	200 OK	left-block-image.jpg webmail-aruba.com/img/	183 KB 184 KB	201ms 195ms	Image image/jpeg	46.17.41.141 ASBAXET
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba.com/img/left-block-image.jpg Requested by Host: webmail-aruba.com URL: https://webmail-aruba.com/css/login.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 46.17.41.141 Moscow, Russian Federation, ASN51659 (ASBAXET, RU), Reverse DNS Software nginx/1.18.0 (Ubuntu) / Resource Hash dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1 Request headers accept-language it-IT,it;q=0.9 Referer https://webmail-aruba.com/css/login.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Wed, 20 Apr 2022 07:26:17 GMT Last-Modified Wed, 16 Mar 2022 15:09:02 GMT Server nginx/1.18.0 (Ubuntu) ETag "2ddaa-5da574b2fff80" Content-Type image/jpeg Connection keep-alive Accept-Ranges bytes Content-Length 187818

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| dojo object| dijit object| dojox string| UX_LEGGERA string| UX_WEB2CS string| UX_FIZZER string| UX_HTML string| UX_PEC boolean| manage boolean| classic object| i18n_login function| isBrowserSupported object| JsonFormatter function| encodeCredentials function| login_setCredentials function| login_getCookie function| login_setCookie function| login_initAdvancedPage function| login_initPage function| login_initRadios function| displayTab function| getLanguage function| login_showPopup function| login_errorPopup function| login_getSelectedUx function| launchUser function| launchAdmin function| login_web2cs function| login_errorCallback function| isBetaOptimizable function| login_leggera function| auto_login function| isPecDomain function| login_pec function| login_html function| login_fizzer function| display_redirect function| showPassword function| onInputFocus function| onInputBlur function| onInputChange function| DOMContentLoadedListener function| login_setLanguageCookie function| loginGetLanguage function| login_initLocalization function| changeLanguage function| showLanguage function| hideLanguage function| login_localize function| fstring function| focusFirstInput function| validateForm function| keyup string| _domain

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

webmail-aruba.com
46.17.41.141
2769b657782eb332897d00cc4b4aa1d093a109dbe0efae4d0a0fbcbe2a38152d
46a60bbee6e3b99b76568bde0bb9bb78d6bdba76c91b58f452a3f9cfea8c0de0
5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99
6ec247348bc2eff9c1a12d3bbc8e553a30a536679ee4f442644e195fe0fc7b6a
8955ee5e3071f91ed2460b5b634cdab6f6c15d5d8adefac0e3328de7f5889a97
9499d557d67e15a8e682e8b8ec23e80cff64e6b0ba55a0a5696acd1d52db8f77
a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14
bf4e3b74bd09dd7fad26258518cc633279df367c545eaa668bbca0a81c4f6236
c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a
d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1
dc6450f154b8613cd1ba7a36f672e82df3d6b9d92957252ec67580d454b008a1