shawnalain.com - urlscan.io

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 173.254.102.245, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is shawnalain.com.
TLS certificate: Issued by R11 on November 18th 2024. Valid for: 3 months.

This is the only time shawnalain.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
3	173.254.102.245 173.254.102.245	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
1	2a02:ec80:300... 2a02:ec80:300:ed1a::2:b	14907 (WIKIMEDIA) (WIKIMEDIA)
1	62.149.186.110 62.149.186.110	31034 (ARUBA-ASN...) (ARUBA-ASN Aruba S.p.A.)
5	3

3 173.254.102.245 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 173-254-102-245.unifiedlayer.com

shawnalain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:ec80:300:ed1a::2:b (United States)

ASN14907 (WIKIMEDIA, US)

upload.wikimedia.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 62.149.186.110 (Arezzo, Italy)

ASN31034 (ARUBA-ASN Aruba S.p.A., IT)

fatturazioneelettronica.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
3	shawnalain.com shawnalain.com	107 KB
1	aruba.it fatturazioneelettronica.aruba.it	13 KB
1	wikimedia.org upload.wikimedia.org — Cisco Umbrella Rank: 3382	68 KB
5	3

	Domain	Requested by
3	shawnalain.com	shawnalain.com
1	fatturazioneelettronica.aruba.it
1	upload.wikimedia.org	shawnalain.com
5	3

This site contains no links.

Subject Issuer	Validity	Valid
shawnalain.com R11	`2024-11-18` - `2025-02-16`	3 months	crt.sh
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2024-09-26` - `2025-10-17`	a year	crt.sh
fatturazioneelettronica.aruba.it Actalis Organization Validated Server CA G3	`2024-10-17` - `2025-10-17`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03
Frame ID: A13E6D1CA90B3174B01F1C5D2975DC5F
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Accesso Fatturazione Elettronica | Aruba.it

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

187 kB
Transfer

189 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
shawnalain.com/fatturazioneelettronica/aruba.it/ 6 KB
2 KB 714ms
223ms Document
text/html 173.254.102.245
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.254.102.245 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 173-254-102-245.unifiedlayer.com
Software: Apache /
Resource Hash: 5e7f42814cd9c8748fc17bd1fa802a864499b9d127816c58ad4bf9e1cf862081

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 1762
content-type: text/html; charset=UTF-8
date: Fri, 20 Dec 2024 09:09:22 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache
vary: Accept-Encoding

GET
H2 200 Logo-Aruba-it-2019.png
upload.wikimedia.org/wikipedia/commons/d/d9/ 67 KB
68 KB 183ms
78ms Image
image/png 2a02:ec80:300:ed1a::2:b
WIKIMEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://upload.wikimedia.org/wikipedia/commons/d/d9/Logo-Aruba-it-2019.png

Requested by

Host: shawnalain.com
URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03

Protocol

H2

Security

TLS 1.3, , AES_128_GCM

Server

2a02:ec80:300:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),

Reverse DNS

Software

envoy /

Resource Hash

ed93d7e318dcd30876f2ee573d4709c30b8a9b0ecea093a468bec6b223e87ebc

Security Headers

Name	Value
Strict-Transport-Security	max-age=106384710; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shawnalain.com/

Response headers

access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
etag: 11ee8d8a5722217d4cc31f412925605b
age: 36
x-object-meta-sha1base36: 3qfl64gwrrze6qtjikgktoygs7blptz
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
x-content-type-options: nosniff
server-timing: cache;desc="hit-front", host;desc="cp3075"
x-cache: cp3075 miss, cp3075 hit/3
date: Fri, 20 Dec 2024 09:08:46 GMT
content-type: image/png
last-modified: Tue, 17 Sep 2019 10:59:59 GMT
x-client-ip: 2001:ac8:24:44::14
x-cache-status: hit-front
strict-transport-security: max-age=106384710; includeSubDomains; preload
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
timing-allow-origin: *
accept-ranges: bytes
access-control-allow-origin: *
content-length: 68497
server: envoy

GET
H2 200 logo.jpg
shawnalain.com/fatturazioneelettronica/aruba.it/ 13 KB
13 KB 173ms
173ms Image
image/jpeg 173.254.102.245
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/logo.jpg
Requested by: Host: shawnalain.com
URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.254.102.245 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 173-254-102-245.unifiedlayer.com
Software: Apache /
Resource Hash: 2dee45b3be099dc5137244c18c57db7fb0a681b586ae113aa30ab95af160342e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03

Response headers

accept-ranges: bytes
content-length: 13095
date: Fri, 20 Dec 2024 09:09:23 GMT
last-modified: Tue, 26 Nov 2024 04:05:46 GMT
content-type: image/jpeg
server: Apache

GET
H2 200 left.jpg
shawnalain.com/fatturazioneelettronica/aruba.it/ 92 KB
92 KB 326ms
326ms Image
image/jpeg 173.254.102.245
UNIFIEDLAYER-AS-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/left.jpg
Requested by: Host: shawnalain.com
URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 173.254.102.245 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US),
Reverse DNS: 173-254-102-245.unifiedlayer.com
Software: Apache /
Resource Hash: d9c4dc01a1f330a8977640bee6abe25a451c1f698623958ce894b66989590e4e

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03

Response headers

accept-ranges: bytes
content-length: 94035
date: Fri, 20 Dec 2024 09:09:23 GMT
last-modified: Tue, 26 Nov 2024 04:05:48 GMT
content-type: image/jpeg
server: Apache

GET
H/1.1 200
OK favicon.ico
fatturazioneelettronica.aruba.it/resources/favicon/ 12 KB
13 KB 131ms
45ms Other
image/x-icon 62.149.186.110
ARUBA-ASN Aruba S...

General

Check archive.org

Show headers Download Go to

Full URL

https://fatturazioneelettronica.aruba.it/resources/favicon/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

62.149.186.110 Arezzo, Italy, ASN31034 (ARUBA-ASN Aruba S.p.A., IT),

Reverse DNS

Software

nginx /

Resource Hash

c292dac34b5d68752088e4ca6d999de2d2c6ccacc462181ef3e6746f3b2f62fb

Security Headers

Name	Value
Content-Security-Policy	img-src 'self' data: https://www.google-analytics.com https://fatturazioneelettronica.aruba.it https://www.paypalobjects.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://i.ytimg.com; media-src 'self' data:; object-src 'self'; child-src 'self'; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.google.com https://consentcdn.cookiebot.com https://www.youtube.com; frame-ancestors 'self'; upgrade-insecure-requests; worker-src 'self' blob:;
Strict-Transport-Security	max-age=15552000; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer: https://shawnalain.com/

Response headers

Strict-Transport-Security: max-age=15552000; includeSubDomains;
Content-Security-Policy: img-src 'self' data: https://www.google-analytics.com https://fatturazioneelettronica.aruba.it https://www.paypalobjects.com https://*.usabilla.com https://d6tizftlrpuof.cloudfront.net https://i.ytimg.com; media-src 'self' data:; object-src 'self'; child-src 'self'; frame-src 'self' https://d6tizftlrpuof.cloudfront.net https://www.google.com https://consentcdn.cookiebot.com https://www.youtube.com; frame-ancestors 'self'; upgrade-insecure-requests; worker-src 'self' blob:;
ETag: "6762fe7d-2eee"
Connection: keep-alive
X-Permitted-Cross-Domain-Policies: none
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer
Accept-Ranges: bytes
Content-Length: 12014
Date: Fri, 20 Dec 2024 09:09:23 GMT
X-XSS-Protection: 1; mode=block
Content-Type: image/x-icon
Last-Modified: Wed, 18 Dec 2024 16:55:25 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			shawnalain.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 1cc726f5badab87f8956416ec25b0674

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://shawnalain.com/fatturazioneelettronica/aruba.it/?id=e68987575ff646658ce0b4db72d1cb03 Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fatturazioneelettronica.aruba.it
shawnalain.com
upload.wikimedia.org
173.254.102.245
2a02:ec80:300:ed1a::2:b
62.149.186.110
2dee45b3be099dc5137244c18c57db7fb0a681b586ae113aa30ab95af160342e
5e7f42814cd9c8748fc17bd1fa802a864499b9d127816c58ad4bf9e1cf862081
c292dac34b5d68752088e4ca6d999de2d2c6ccacc462181ef3e6746f3b2f62fb
d9c4dc01a1f330a8977640bee6abe25a451c1f698623958ce894b66989590e4e
ed93d7e318dcd30876f2ee573d4709c30b8a9b0ecea093a468bec6b223e87ebc

shawnalain.com Open in urlscan Pro 173.254.102.245 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

187 kBTransfer

189 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

shawnalain.com Open in urlscan Pro
173.254.102.245 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

187 kB
Transfer

189 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!