su.gov.mn Open in urlscan Pro
103.87.69.136 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://su.gov.mn/.well-known/aruba/auth/
Submission Tags: phishing malicious Search All
Submission: On December 20 via api (December 20th 2023, 1:06:49 pm UTC) from NL — Scanned from NL

Summary HTTP 90 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 13 IPs in 5 countries across 11 domains to perform 90 HTTP transactions. The main IP is 103.87.69.136, located in Mongolia and belongs to MN-NDC-MN National Data Center building, MN. The main domain is su.gov.mn.
TLS certificate: Issued by cPanel, Inc. Certification Authority on December 4th 2023. Valid for: 3 months.

This is the only time su.gov.mn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
44	103.87.69.136 103.87.69.136	56301 (MN-NDC-MN...) (MN-NDC-MN National Data Center building)
5	2606:4700::68... 2606:4700::6813:9408	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a02:26f0:350... 2a02:26f0:3500:18::1724:a29a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2a00:1450:400... 2a00:1450:4001:80f::2008	15169 (GOOGLE) (GOOGLE)
2	23.50.131.81 23.50.131.81	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
7	2a02:26f0:480... 2a02:26f0:480:5a6::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
2	54.73.7.216 54.73.7.216	16509 (AMAZON-02) (AMAZON-02)
2	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	62.149.188.146 62.149.188.146	31034 (ARUBA-ASN) (ARUBA-ASN)
3	13.227.211.28 13.227.211.28	16509 (AMAZON-02) (AMAZON-02)
90	13

44 103.87.69.136 (Mongolia)

ASN56301 (MN-NDC-MN National Data Center building, MN)

su.gov.mn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9408 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:3500:18::1724:a29a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.50.131.81 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-50-131-81.deploy.static.akamaitechnologies.com

secure-ds.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a02:26f0:480:5a6::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.73.7.216 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-73-7-216.eu-west-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 62.149.188.146 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

wa.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.227.211.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-227-211-28.ams54.r.cloudfront.net

d6tizftlrpuof.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
44	su.gov.mn su.gov.mn	669 KB
11	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4340 consentcdn.cookiebot.com — Cisco Umbrella Rank: 4841	55 KB
5	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 2199	101 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	321 KB
3	cloudfront.net d6tizftlrpuof.cloudfront.net	15 KB
2	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2189	304 B
2	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 4494	21 KB
2	gstatic.com fonts.gstatic.com	46 KB
2	serving-sys.com secure-ds.serving-sys.com — Cisco Umbrella Rank: 2632	990 B
2	aruba.it wa.aruba.it — Cisco Umbrella Rank: 849638 Failed	22 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	852 B
90	11

	Domain	Requested by
44	su.gov.mn	su.gov.mn
7	consentcdn.cookiebot.com	su.gov.mn consent.cookiebot.com
5	script.crazyegg.com	su.gov.mn script.crazyegg.com
4	www.googletagmanager.com	su.gov.mn www.googletagmanager.com
4	consent.cookiebot.com	su.gov.mn consent.cookiebot.com www.googletagmanager.com
3	d6tizftlrpuof.cloudfront.net	su.gov.mn w.usabilla.com
2	region1.google-analytics.com	www.googletagmanager.com
2	w.usabilla.com	su.gov.mn
2	fonts.gstatic.com	fonts.googleapis.com
2	secure-ds.serving-sys.com	su.gov.mn
2	wa.aruba.it	su.gov.mn wa.aruba.it
1	fonts.googleapis.com	su.gov.mn
90	12

This site contains links to these domains. Also see Links.

Domain
managehosting.aruba.it
hosting.aruba.it
webmail.aruba.it
pagamenti.aruba.it
assistenza.aruba.it
gestioneaccessi.aruba.it
signup.aruba.it
mysql.aruba.it
mssql.aruba.it
admin.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
su.gov.mn cPanel, Inc. Certification Authority	`2023-12-04` - `2024-03-03`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-03-09` - `2024-03-08`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-06` - `2024-04-06`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
secure-ds.serving-sys.com R3	`2023-11-28` - `2024-02-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2023-04-17` - `2024-04-17`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
w.usabilla.com Amazon RSA 2048 M02	`2023-12-12` - `2025-01-09`	a year	crt.sh
wa.aruba.it Actalis Organization Validated Server CA G3	`2023-03-15` - `2024-03-15`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh

This page contains 18 frames:

Primary Page: https://su.gov.mn/.well-known/aruba/auth/
Frame ID: 6AA88D4631373AFE385797B0C28351C4
Requests: 70 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/saved_resource.html
Frame ID: 5F3E47E94ACF30CB0C33F1E39AC13422
Requests: 3 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: A85B375634690B02357B6271B7DEA4DE
Requests: 1 HTTP requests in this frame

Frame: https://w.usabilla.com/d3349b0179ab.js?lv=1
Frame ID: 54946D578794959987BD9492EADE02A4
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 112CE5FCC9D921600996182CB00E5CBC
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 5E639E50C404B89EDCFF9CE59E79F816
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 9A5E7CD5AC97E9BEC371B99B7B3CB6FA
Requests: 1 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/saved_resource(1).html
Frame ID: D06B3632023E6AFF7AF240021FE88202
Requests: 1 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/bc-v4.min.html
Frame ID: 1E65A2660011DBBACE8AA6F53D2CC518
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 014F7659ED87827CAE7435C6A80623DD
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 89B6B702B1E96C5498197BD936B92386
Requests: 1 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/saved_resource(2).html
Frame ID: 8191C6658B102667E678E66024F6D04C
Requests: 2 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/saved_resource(3).html
Frame ID: F663C6A2039ACB7C2960F2209181FA2B
Requests: 1 HTTP requests in this frame

Frame: https://su.gov.mn/.well-known/aruba/auth/Servizio%20Hosting%20-%20Aruba.it_files/saved_resource(4).html
Frame ID: 3D0163C82941B492D7336543D155924C
Requests: 1 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 6C96482F40436C4CB5FE5799B9C865F1
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-button-893ab594803d182f13c4211cf27ab17a.png
Frame ID: A36694B5EF2CD7D19F035D6AF1FFDA9E
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-button-893ab594803d182f13c4211cf27ab17a.png
Frame ID: 31D3CA788BB1900907F02E87F28AD79F
Requests: 1 HTTP requests in this frame

Frame: https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-button-893ab594803d182f13c4211cf27ab17a.png
Frame ID: 1780003768A97BC81312BDC82782237D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Servizio Hosting - Aruba.it