webmail-aruba-it.formetindoor.com Open in urlscan Pro
104.238.97.193  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://greynuts.com/group-c/ Page URL
2. https://webmail-aruba-it.formetindoor.com/?id= Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ greynuts.com/group-c/	103 B 408 B	999ms 735ms	Document text/html	31.170.167.197 AS-HOSTINGER
General Check archive.org Show headers Download Go to Full URL https://greynuts.com/group-c/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 31.170.167.197 , Cyprus, ASN47583 (AS-HOSTINGER, CY), Reverse DNS Software LiteSpeed / PHP/7.4.26 Resource Hash Security Headers Name Value Content-Security-Policy upgrade-insecure-requests Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Response headers x-powered-by PHP/7.4.26 content-type text/html; charset=UTF-8 content-length 108 content-encoding br vary Accept-Encoding date Fri, 04 Mar 2022 11:29:34 GMT server LiteSpeed content-security-policy upgrade-insecure-requests alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H/1.1	200 OK	Primary Request / Show response webmail-aruba-it.formetindoor.com/	22 KB 22 KB	1087ms 730ms	Document text/html	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba-it.formetindoor.com/?id= Requested by Host: greynuts.com URL: https://greynuts.com/group-c/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash d3dbffd2c33c800ed83b0701008aee64c69860f73e141d2e1d413cfb10065e4f Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language it-IT,it;q=0.9 Referer https://greynuts.com/ Response headers Date Fri, 04 Mar 2022 11:29:34 GMT Server Apache Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/	160 KB 25 KB	76ms 41ms	Stylesheet text/css	104.16.85.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:35 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 1607586 x-jsd-version 5.1.3 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19122-FRA, cache-mxp6936-MXP timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"28021-7Ba9Gb9K6bwuIzasQJpQO7varK0" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6e6a46643f9f83ae-MXP
GET H2	200	font-awesome.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/	30 KB 6 KB	80ms 34ms	Stylesheet text/css	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:35 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 215401 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 5631 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:07 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e5f-7918" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vqz3YAYhdPh599aGA5XxbCjkPQ7i%2BjV02JvwK8xtAVbHHsts8QH1YeKG9orVegNM6UkHyF7JCaFvjao9HFQEnmGd%2Bgar3IPovo5CyW8ecLAT9vDEhXtAoguU9xQYtvUDWtrPNfDc"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6e6a46644b5659fb-MXP expires Wed, 22 Feb 2023 11:29:35 GMT
GET H2	200	css2 fonts.googleapis.com/	7 KB 1 KB	96ms 34ms	Stylesheet text/css	142.250.186.170 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.186.170 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s08-in-f10.1e100.net Software ESF / Resource Hash d1b077ad91dc6d449f971f581046afff929ab4f742fdfdb7c3017418425c9a56 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Fri, 04 Mar 2022 09:42:42 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Fri, 04 Mar 2022 11:29:35 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Fri, 04 Mar 2022 11:29:35 GMT
GET H/1.1	200 OK	dd.css webmail-aruba-it.formetindoor.com/css/	4 KB 5 KB	299ms 176ms	Stylesheet text/css	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba-it.formetindoor.com/css/dd.css Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash 4e1ff59bad503dcc452e465fc6fd33f102315ef97ef9d1adc764034c6f575e30 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Thu, 03 Mar 2022 18:52:12 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 4545
GET H/1.1	200 OK	flags.css webmail-aruba-it.formetindoor.com/css/	10 KB 10 KB	651ms 349ms	Stylesheet text/css	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba-it.formetindoor.com/css/flags.css Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash 0f9cef4d0719333989cfac690a5c505ed80377624400c22479616da67bcb5253 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Tue, 01 Mar 2022 20:12:58 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 10301
GET H/1.1	200 OK	style.css webmail-aruba-it.formetindoor.com/css/	14 KB 14 KB	499ms 167ms	Stylesheet text/css	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba-it.formetindoor.com/css/style.css Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash 9e3f828e32e08e6fcbdc3ee49b06c750c3b2f1836a5bb26786839b64c34a1097 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Thu, 03 Mar 2022 20:53:10 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14313
GET H/1.1	200 OK	2.jpg webmail-aruba-it.formetindoor.com/images/	139 KB 140 KB	506ms 168ms	Image image/jpeg	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba-it.formetindoor.com/images/2.jpg Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash 9cc8e0ae867e3adf16963edbd0d51e0443cd538380e0c816226065dc15769927 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Tue, 01 Mar 2022 20:12:58 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 142820
GET H/1.1	200 OK	login-icon.svg webmail-aruba-it.formetindoor.com/images/	666 B 912 B	511ms 170ms	Image image/svg+xml	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba-it.formetindoor.com/images/login-icon.svg Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Thu, 03 Mar 2022 02:28:50 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 666
GET H/1.1	200 OK	password-icon.svg webmail-aruba-it.formetindoor.com/images/	585 B 831 B	525ms 175ms	Image image/svg+xml	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba-it.formetindoor.com/images/password-icon.svg Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Thu, 03 Mar 2022 02:28:50 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 585
GET H/1.1	200 OK	logo.png webmail-aruba-it.formetindoor.com/images/	3 KB 3 KB	170ms 170ms	Image image/png	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba-it.formetindoor.com/images/logo.png Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash e308749bad7c7db57e7ba217165f133f9dde883c075a646d8df8f79f2cfe72dd Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Tue, 01 Mar 2022 20:12:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 2578
GET H2	200	jquery.min.js Show response cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/	87 KB 28 KB	29ms 28ms	Script application/javascript	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:35 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 1262462 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 27938 timing-allow-origin * last-modified Tue, 02 Mar 2021 18:58:36 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "603e8adc-15d9d" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHReNHb7oFzltihE0AuPDUvvXLV7KEnpMGFRHCdN323zF4qHhG58TnP4M9DS9Wa%2FvDTuV8ywIciOtqS5ESbrTRzwNypYSPFdWzWg2L9ot5re9ILclTgT1mbq3%2BbZrhWdIkXR0T%2FK"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6e6a4664cd1259fb-MXP expires Wed, 22 Feb 2023 11:29:35 GMT
GET H2	200	bootstrap.bundle.min.js Show response cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/	76 KB 23 KB	37ms 36ms	Script application/javascript	104.16.85.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.85.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:35 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT age 1607586 x-jsd-version 5.1.3 x-cache HIT, HIT cross-origin-resource-policy cross-origin strict-transport-security max-age=31536000; includeSubDomains; preload alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra19150-FRA, cache-mxp6929-MXP timing-allow-origin * x-jsd-version-type version server cloudflare etag W/"13131-qF5oFiTJGhBqUUwx6s+A3oF7LMM" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable cf-ray 6e6a4664c92a83ae-MXP
GET H/1.1	200 OK	dd.min.js Show response webmail-aruba-it.formetindoor.com/js/	29 KB 29 KB	204ms 168ms	Script application/javascript	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL https://webmail-aruba-it.formetindoor.com/js/dd.min.js Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/?id= Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash d09463239bf45089402992f0f9981dd42ef267c1515d3f8d583de342be5c94c1 Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/?id= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:35 GMT Last-Modified Thu, 03 Mar 2022 17:53:20 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 29824
GET H2	200	aruba-logo.svg webmail.aruba.it/web_imgs/login/images/	15 KB 6 KB	220ms 34ms	Image image/svg+xml	62.149.158.90 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://webmail.aruba.it/web_imgs/login/images/aruba-logo.svg?_v_=v4r2b73.20220125_1300 Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.149.158.90 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webmaildomini.aruba.it Software openresty / Resource Hash a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:36 GMT content-encoding gzip x-content-type-options nosniff x-fe webxmaildh05.ad.aruba.it strict-transport-security max-age=63072000 vary Accept-Encoding x-xss-protection 1; mode=block last-modified Tue, 25 Jan 2022 12:17:28 GMT server openresty x-frame-options SAMEORIGIN, SAMEORIGIN etag W/"3b00-5d667118d4600" access-control-max-age 1000 access-control-allow-methods GET, POST content-type image/svg+xml access-control-allow-origin * content-security-policy frame-ancestors 'self' access-control-allow-headers Content-Type, Authorization, X-Requested-With
GET H2	200	envelope.svg webmail.aruba.it/web_imgs/login/images/	681 B 890 B	215ms 29ms	Image image/svg+xml	62.149.158.90 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://webmail.aruba.it/web_imgs/login/images/envelope.svg?_v_=v4r2b73.20220125_1300 Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/css/style.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 62.149.158.90 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS webmaildomini.aruba.it Software openresty / Resource Hash 5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=63072000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN, SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:36 GMT content-encoding gzip x-content-type-options nosniff x-fe webxmaildh05.ad.aruba.it strict-transport-security max-age=63072000 vary Accept-Encoding x-xss-protection 1; mode=block last-modified Tue, 25 Jan 2022 12:17:28 GMT server openresty x-frame-options SAMEORIGIN, SAMEORIGIN etag W/"2a9-5d667118d4600" access-control-max-age 1000 access-control-allow-methods GET, POST content-type image/svg+xml access-control-allow-origin * content-security-policy frame-ancestors 'self' access-control-allow-headers Content-Type, Authorization, X-Requested-With
GET DATA	200 OK	truncated /	93 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 859790d507acd06e12295953099b5025fc6d49d41683e0af085c5f8513f3c3c7 Request headers Accept-Language it-IT,it;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	S6u9w4BMUTPHh6UVSwiPGQ.woff2 fonts.gstatic.com/s/lato/v22/	23 KB 23 KB	83ms 25ms	Font font/woff2	142.250.184.195 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/lato/v22/S6u9w4BMUTPHh6UVSwiPGQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,100;0,300;0,400;0,700;0,900;1,100;1,300;1,400;1,700;1,900&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.250.184.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f3.1e100.net Software sffe / Resource Hash c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://webmail-aruba-it.formetindoor.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 02 Mar 2022 19:30:31 GMT x-content-type-options nosniff age 143945 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 23040 x-xss-protection 0 last-modified Wed, 26 Jan 2022 19:21:19 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 02 Mar 2023 19:30:31 GMT
GET H3	200	fontawesome-webfont.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/	75 KB 76 KB	99ms 60ms	Font application/octet-stream	104.16.18.94 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.16.18.94 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers Referer https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css Origin https://webmail-aruba-it.formetindoor.com Accept-Language it-IT,it;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Fri, 04 Mar 2022 11:29:36 GMT x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 657708 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 77160 timing-allow-origin * last-modified Mon, 04 May 2020 16:10:07 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03e5f-12d68" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" strict-transport-security max-age=15780000 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2bY%2FF%2B5v7PPzVDyk6iAERQDNRsQTXM5K62nN8mEtjdOGdhSwcmL%2BnG32%2FmeTTEAEiNO27PJhEwc6g6nnWWVYIl210yrRF2PRi0nfd6A94vxRWwHUMR70siqTtHXKUS1iu3Y8ZtE8"}],"group":"cf-nel","max_age":604800} content-type application/octet-stream; charset=utf-8 access-control-allow-origin * vary Accept-Encoding cache-control public, max-age=30672000 accept-ranges bytes cf-ray 6e6a4668aa093753-MXP expires Wed, 22 Feb 2023 11:29:36 GMT
GET H/1.1	200 OK	flagssprite_small.png webmail-aruba-it.formetindoor.com/images/	70 KB 70 KB	169ms 169ms	Image image/png	104.238.97.193 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL https://webmail-aruba-it.formetindoor.com/images/flagssprite_small.png Requested by Host: webmail-aruba-it.formetindoor.com URL: https://webmail-aruba-it.formetindoor.com/css/flags.css Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.238.97.193 , United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS ip-104-238-97-193.ip.secureserver.net Software Apache / Resource Hash c846698cc448da3901ed709b89a3a0e103b90c500d8ac60d210865616057059d Request headers Accept-Language it-IT,it;q=0.9 Referer https://webmail-aruba-it.formetindoor.com/css/flags.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Date Fri, 04 Mar 2022 11:29:36 GMT Last-Modified Tue, 01 Mar 2022 20:12:58 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 71836

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery number| uidEvent object| bootstrap function| MsDropdown

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
cdnjs.cloudflare.com
fonts.googleapis.com
fonts.gstatic.com
greynuts.com
webmail-aruba-it.formetindoor.com
webmail.aruba.it
104.16.18.94
104.16.85.20
104.238.97.193
142.250.184.195
142.250.186.170
31.170.167.197
62.149.158.90
0f9cef4d0719333989cfac690a5c505ed80377624400c22479616da67bcb5253
4e1ff59bad503dcc452e465fc6fd33f102315ef97ef9d1adc764034c6f575e30
5e96c408271ce2999c052da5821e78872d784aa9a08b87fc6f4fb036e46eab99
62f74b1cf824a89f03554c638e719594c309b4d8a627a758928c0516fa7890ab
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
859790d507acd06e12295953099b5025fc6d49d41683e0af085c5f8513f3c3c7
9cc8e0ae867e3adf16963edbd0d51e0443cd538380e0c816226065dc15769927
9e3f828e32e08e6fcbdc3ee49b06c750c3b2f1836a5bb26786839b64c34a1097
a32e14929dae4030d8fe0164ac57453ec28a2927b4e6f22d445934b829f6df14
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c7eca97d84ed3469e7d1a20a8c28ef7177270b93a2d9913a0adad9a3e4bdfc9a
c846698cc448da3901ed709b89a3a0e103b90c500d8ac60d210865616057059d
d09463239bf45089402992f0f9981dd42ef267c1515d3f8d583de342be5c94c1
d1a498e72f62f80af25d958364158a781a8cdee723e700756b28756c97ee2fa1
d1b077ad91dc6d449f971f581046afff929ab4f742fdfdb7c3017418425c9a56
d3dbffd2c33c800ed83b0701008aee64c69860f73e141d2e1d413cfb10065e4f
d792afdac7f7ae5de7c6964950c6c61dc6e3f3813180a59e141c7cb4ac4364dc
e308749bad7c7db57e7ba217165f133f9dde883c075a646d8df8f79f2cfe72dd
f5210fa3e7f0245a4c51eb7f280092c0ef99fdd28c45e17dab8cc5854fdf4fd3
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e