www.roleplaystar.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Submission: On January 09 via automatic, source openphish (January 9th 2024, 1:31:41 pm UTC) — Scanned from NL

Summary HTTP 11 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.roleplaystar.com.

This is the only time www.roleplaystar.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	2a06:98c1:312... 2a06:98c1:3121::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	62.149.186.150 62.149.186.150	31034 (ARUBA-ASN) (ARUBA-ASN)
11	3

1 2a06:98c1:3121::3 (United States)

ASN13335 (CLOUDFLARENET, US)

www.roleplaystar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 62.149.186.150 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

admin.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	aruba.it admin.aruba.it	43 KB
1	roleplaystar.com www.roleplaystar.com	4 KB
0	arubamediamarketing.it Failed tracks.arubamediamarketing.it Failed visual.arubamediamarketing.it Failed
11	3

	Domain	Requested by
7	admin.aruba.it	www.roleplaystar.com admin.aruba.it
1	www.roleplaystar.com
0	visual.arubamediamarketing.it Failed	www.roleplaystar.com
0	tracks.arubamediamarketing.it Failed	www.roleplaystar.com
11	4

This site contains links to these domains. Also see Links.

Domain
webmail.aruba.it
hosting.aruba.it
pagamenti.aruba.it
rivenditori.aruba.it
analytics.arubamediamarketing.it
admin.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
admin.aruba.it Actalis Organization Validated Server CA G3	`2023-12-18` - `2024-12-18`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Frame ID: C8265502C228BFB9BE3A4ED2C4C271C2
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Aruba.it - Control Panel Login

Page Statistics

11
Requests

64 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

46 kB
Transfer

48 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://webmail.aruba.it/
Title: webmail

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/Rinnovi/InsDatiRinnovo.asp?Lang=DEFAULT
Title: rinnovi

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/home/default.aspx
Title: pagamenti

Search URL Search Domain Scan URL

URL: http://rivenditori.aruba.it/
Title: affiliazione

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/areaclienti
Title: area clienti

Search URL Search Domain Scan URL

URL: http://analytics.arubamediamarketing.it/link_outbound/?cvtrac=5&usc=d645920e395fedad7bbbed0eca3fe2e0
Title: assistenza

Search URL Search Domain Scan URL

URL: https://admin.aruba.it/oldlogin.aspx
Title: Versione precedente

Search URL Search Domain Scan URL

URL: http://hosting.aruba.it/Domini/spediscidatidominio.asp?lang=IT
Title: Hai perso i dati?

Search URL Search Domain Scan URL

URL: http://www.aruba.it/
Title: Copyright © print_date(); 2024 Aruba S.p.A. - P.I. 01573850516 - All rights reserved

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/ 12 KB
4 KB 295ms
259ms Document
text/html 2a06:98c1:3121::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d912661ba3ad025316d67f4028bd112c028ca01bc4ab4954b2b37aad36b3b0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 842d0a036b6666c0-AMS
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 09 Jan 2024 13:31:11 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pmOW80ypfJX2ME%2BWh24gfkriwtio416rp1pSWNV00Jsuajlwpcw2Y3Lbhh6%2Fy3ezsv5CzNT4bah8mlRh9ygzkCF3u5H4jy%2FZL%2FtpVtRSSrHEMYzO6Q2AqV2nC6jZ%2B87dVzAXTVEIwMfaNjc4DkfnVIuOQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
alt-svc: h3=":443"; ma=86400
vary: Accept-Encoding

GET
H/1.1 200
OK javascript_cookies.js Show response
admin.aruba.it/PannelloAdmin/ 2 KB
3 KB 213ms
77ms Script
application/javascript 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://admin.aruba.it/PannelloAdmin/javascript_cookies.js

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

87de8401a3a5db02c8df9346fe330e9a725dbd987c60ae8a1935f07cc1a9acc0

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Accept-Ranges: bytes
Content-Length: 1922

GET
H/1.1 200
OK Login.css
admin.aruba.it/PannelloAdmin/ 17 KB
18 KB 216ms
80ms Stylesheet
text/css 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to

Full URL

https://admin.aruba.it/PannelloAdmin/Login.css?v1.0

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

4b229f16b7c6fe884e116ac5044e8fb9c5f3498ebca592bb2f809fd8ecaaafa1

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 17132

GET
H/1.1 200
OK logo_aruba.png
admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/ 9 KB
10 KB 218ms
78ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/logo_aruba.png

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:44:58 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "0e138f7573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 9433

GET
H/1.1 200
OK imgCaratteristicheAccesso.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 508 B
2 KB 211ms
76ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgCaratteristicheAccesso.png

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 508

GET
H/1.1 200
OK arrox_previous.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 338 B
1 KB 41ms
41ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/arrox_previous.png

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:08 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "0c22efd573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 338

GET
H/1.1 200
OK imgHaiPersoDati.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 775 B
2 KB 40ms
40ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgHaiPersoDati.png

Requested by

Host: www.roleplaystar.com
URL: http://www.roleplaystar.com/wp-content3/themes/twentytwentythree/styles/aruba/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: http://www.roleplaystar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 775

GET tsends.js
tracks.arubamediamarketing.it/track/ 0
0

GET 59b1da0be8266e06e6a75a5d0f2aa14d.js
visual.arubamediamarketing.it/cjs/ 0
0

GET include.js
visual.arubamediamarketing.it/track/ 0
0

GET
H/1.1 200
OK PannelloControlloBottomLogo.png
admin.aruba.it/PannelloAdmin/image_pannello_controllo/ 6 KB
7 KB 42ms
42ms Image
image/png 62.149.186.150
ARUBA-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/PannelloControlloBottomLogo.png

Requested by

Host: admin.aruba.it
URL: https://admin.aruba.it/PannelloAdmin/Login.css?v1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

62.149.186.150 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),

Reverse DNS

Software

Resource Hash

336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net .usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ .usabilla.com
Strict-Transport-Security	max-age: 31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://admin.aruba.it/PannelloAdmin/Login.css?v1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

Content-Security-Policy: script-src 'self' https://www.google.com/ https://bs.serving-sys.com https://www.googletagmanager.com https://www.gstatic.com https://secure-ds.serving-sys.com https://consent.cookiebot.com https://w.usabilla.com https://consentcdn.cookiebot.com https://d6tizftlrpuof.cloudfront.net *.usabilla.com 'unsafe-inline' 'unsafe-eval'; frame-src https://www.google.com/ https://www.googletagmanager.com https://consentcdn.cookiebot.com/ https://admin.aruba.it https://d6tizftlrpuof.cloudfront.net/ *.usabilla.com
Strict-Transport-Security: max-age: 31536000
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Jan 2024 08:45:06 GMT
X-Permitted-Cross-Domain-Policies: none
Server
ETag: "095fdfb573dda1:0"
Date: Tue, 09 Jan 2024 13:31:10 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6604

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tracks.arubamediamarketing.it
URL: https://tracks.arubamediamarketing.it/track/tsends.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/cjs/59b1da0be8266e06e6a75a5d0f2aa14d.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/track/include.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin.aruba.it
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
www.roleplaystar.com
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
2a06:98c1:3121::3
62.149.186.150
2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67
336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12
399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d
3d912661ba3ad025316d67f4028bd112c028ca01bc4ab4954b2b37aad36b3b0e
4b229f16b7c6fe884e116ac5044e8fb9c5f3498ebca592bb2f809fd8ecaaafa1
87de8401a3a5db02c8df9346fe330e9a725dbd987c60ae8a1935f07cc1a9acc0
8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96
b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9

www.roleplaystar.com Open in urlscan Pro 2a06:98c1:3121::3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

11 Requests

64 %HTTPS

50 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

46 kBTransfer

48 kBSize

0 Cookies

9 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

0 Cookies

Indicators

www.roleplaystar.com Open in urlscan Pro
2a06:98c1:3121::3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

64 %
HTTPS

50 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

46 kB
Transfer

48 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!