urlscan.io logo urlscan.io
SecurityTrails logo

dadivosos.sa.com Open in urlscan Pro
185.221.216.115  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nkisa.link/owYjJ
Effective URL: https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Submission: On September 10 via manual from PH — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 4 HTTP transactions. The main IP is 185.221.216.115, located in London, United Kingdom and belongs to HOST4GEEKS-LLC, US. The main domain is dadivosos.sa.com.
TLS certificate: Issued by R11 on August 23rd 2024. Valid for: 3 months.
This is the only time dadivosos.sa.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 94.199.200.174 42807 (AEROTEK-AS)
1 185.221.216.115 393960 (HOST4GEEK...)
3 199.232.192.193 54113 (FASTLY)
4 2
Apex Domain
Subdomains		 Transfer
3 imgur.com
i.imgur.com — Cisco Umbrella Rank: 7108
259 KB
1 sa.com
dadivosos.sa.com
33 KB
1 nkisa.link
nkisa.link
485 B
4 3
Domain Requested by
3 i.imgur.com dadivosos.sa.com
1 dadivosos.sa.com
1 nkisa.link 1 redirects
4 3

This site contains no links.

Subject Issuer Validity Valid
dadivosos.sa.com
R11		 2024-08-23 -
2024-11-21		 3 months crt.sh
*.imgur.com
Sectigo RSA Domain Validation Secure Server CA		 2024-02-15 -
2025-02-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Frame ID: F3255A1A8F0B3AB9A79E29A74E4CC9DE
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Webmail Aruba

Page URL History Show full URLs

  1. https://nkisa.link/owYjJ HTTP 301
    https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index... Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

292 kB
Transfer

291 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nkisa.link/owYjJ HTTP 301
    https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.htm
dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/
Redirect Chain
  • https://nkisa.link/owYjJ
  • https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
33 KB
33 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.221.216.115 London, United Kingdom, ASN393960 (HOST4GEEKS-LLC, US),
Reverse DNS
sokhanedoost.com
Software
Apache /
Resource Hash
501c4206437492e5db8acbfbb4cc71cfc97286950fc2c50275e57e9667be8ecf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
Keep-Alive
Content-Length
33464
Content-Type
text/html
Date
Tue, 10 Sep 2024 05:52:17 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Tue, 10 Sep 2024 03:26:33 GMT
Server
Apache

Redirect headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 10 Sep 2024 05:52:17 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
pragma
no-cache
x-powered-by
PHP/7.4.33
InC2AcA.png
i.imgur.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/InC2AcA.png
Requested by
Host: dadivosos.sa.com
URL: https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
bbcdba4675d85ee2908b4962ddf715e6c4e5a7270882cf5383b2454b290787f0
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://dadivosos.sa.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 05:52:18 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD89-P1
age
1398114
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
content-length
2080
x-served-by
cache-iad-kcgs7200087-IAD, cache-fra-eddf8230071-FRA
last-modified
Tue, 14 Nov 2023 01:35:39 GMT
server
cat factory 1.0
x-timer
S1725947538.263076,VS0,VE1
etag
"1f6b75522a2e39f18c0ba06b8a30fdfc"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
g-6J5alplLooe_fOrbrIqy0iF_Kv4pnUt0WfXKvJzsL44-AkYD2UjQ==
x-cache-hits
868, 0
XqLrK4C.png
i.imgur.com/ 		255 KB
256 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.imgur.com/XqLrK4C.png
Requested by
Host: dadivosos.sa.com
URL: https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
1b0872bf34d2f0427ba38da1615b575cde9704a827c16a2207292fe510fb21c9
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://dadivosos.sa.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 05:52:18 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-amz-cf-pop
IAD89-P1
age
9149
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront, HIT, HIT
content-length
261367
x-served-by
cache-iad-kiad7000079-IAD, cache-fra-eddf8230071-FRA
last-modified
Tue, 10 Sep 2024 03:19:49 GMT
server
cat factory 1.0
x-timer
S1725947538.263205,VS0,VE1
etag
"21205ecec9f14b9c9d02b2e9a151de0e"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
JS26Jt3nnBT1Vw_S2wROBKGypyD43qpCgoz-Lo_i0ZLJdf1cbUmuig==
x-cache-hits
22, 0
20hdBFK.png
i.imgur.com/ 		609 B
832 B 		Other
General
Check archive.org
Download Go to
Full URL
https://i.imgur.com/20hdBFK.png
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.192.193 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
cat factory 1.0 /
Resource Hash
ca8abfd1e71a10c486a26be86954293c5f62e1ff94ac52f9270a41c285243c5a
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://dadivosos.sa.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 05:52:18 GMT
strict-transport-security
max-age=300
x-content-type-options
nosniff
age
375658
x-amz-cf-pop
JFK50-P6
x-cache
Miss from cloudfront, HIT, HIT
content-length
609
x-served-by
cache-iad-kiad7000120-IAD, cache-fra-eddf8230071-FRA
last-modified
Tue, 31 May 2022 07:42:56 GMT
server
cat factory 1.0
x-timer
S1725947538.405182,VS0,VE1
etag
"0ecb135733886ee9f5b6b3fb54baa6cf"
access-control-allow-methods
GET, OPTIONS
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
x-amz-cf-id
6R1PkyZNdO9TdZsUY7Jxev3S9DIyDy2BtA2Zr3K5NKTMqi17oY4xPg==
x-cache-hits
86, 0

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| _TnvD4h58gdI59ysb45Rcn1oyyI8S39T7LDG0U0DYCLNKHpfo function| _XEs5oG59W9h3nQY3KK8NBxY057j0R63Uw28gpAf7xXMfV5kvM object| _$ object| _LaIQ84Ms8rZH09r8gfj8EH9A25CgyT2Ksb3MIs37q number| _SpP66Vb3kXEg95Sa9o2uD98LO object| _JJvC0a2dy0Wh421p9aNS4g object| _VFrGvH27MR9xPiQ64 object| _BwtI52wKNbxUdf1qZTJ26m5Ak5BI

2 Cookies

Domain/Path Name / Value
nkisa.link/ Name: PHPSESSID
Value: 9d9aefbdcc037c654457835e74ecd0c0
nkisa.link/ Name: short_876
Value: 1

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://dadivosos.sa.com/js/webmailbeta.aruba.it/main.user_aruba.verifica/mailbox.aruba.sign_in/index.htm
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o