www.login-aruba.eu
Open in
urlscan Pro
81.88.52.78
Malicious Activity!
Public Scan
Effective URL: https://www.login-aruba.eu/login/ab1f30747651298/login.php
Submission Tags: 6605271
Submission: On June 01 via api from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 1st 2020. Valid for: 3 months.
This is the only time www.login-aruba.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aruba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 81.88.52.78 81.88.52.78 | 39729 (REGISTER-AS) (REGISTER-AS) | |
15 | 1 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
login-aruba.eu
www.login-aruba.eu |
471 KB |
15 | 1 |
Domain | Requested by | |
---|---|---|
15 | www.login-aruba.eu |
www.login-aruba.eu
|
15 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login-aruba.eu Let's Encrypt Authority X3 |
2020-06-01 - 2020-08-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.login-aruba.eu/login/ab1f30747651298/login.php
Frame ID: D9A70FE36DA1AA3A8F2E667A2B7CA2F3
Requests: 15 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
www.login-aruba.eu/login/ab1f30747651298/ |
6 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.login-aruba.eu/login/assets/css/ |
152 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helpers.css
www.login-aruba.eu/login/assets/css/ |
41 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
www.login-aruba.eu/login/assets/css/ |
2 KB 407 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
www.login-aruba.eu/login/assets/css/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
www.login-aruba.eu/login/assets/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
top.png
www.login-aruba.eu/login/assets/images/ |
255 B 330 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bottom.png
www.login-aruba.eu/login/assets/images/ |
217 B 322 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.login-aruba.eu/login/assets/js/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
www.login-aruba.eu/login/assets/js/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
www.login-aruba.eu/login/assets/js/ |
59 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fontawesome.min.js
www.login-aruba.eu/login/assets/js/ |
1 MB 381 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
www.login-aruba.eu/login/assets/js/ |
2 KB 603 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Black.woff
www.login-aruba.eu/login/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OpenSans-Black.ttf
www.login-aruba.eu/login/assets/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aruba (Online)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| Popper object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome boolean| isShift string| seperator string| dash function| cc_date function| date_of_birth1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.login-aruba.eu/ | Name: PHPSESSID Value: 544c2235acdeb3f2a844c45b14da1a81 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
www.login-aruba.eu
81.88.52.78
21bd54c766f0a1385f24f0b9a074e83881d82288d9d31bab0e3076721121f52e
248ee279171fa7def1dda86885448a1ce596c373304fbf0e2c29e64a21b5b15e
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
2d4665ef8dc6ec0bf1562f327e94b1ef0aee2f112c1478894eab1bc6b50b463d
315ac5479007d2e864a4b51f505fd0785ebbbe931a6b511467fa49504a082c58
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
7ae9d54377c94f21af6b59a0c1b95d5ee7091fcb44632334968813df5abaa273
b34381e819aa1659b1e53356a308f9be0d3ce0c6afcbfd3a11962b575bf95c72
e2863c4e12fa53b3ea1764004074bdc431de2d1a5b3eba00765db5253bd1a26e
e9c4d60c7b427abc4dc9c06fbfb4f06f17f4dcfaa940a84441d8b20cc0904ab8
eb962cc680e593e9f2211882a88be1fcd002745bad3a45e0c9b5b14ebef4c164
ef0db86b27a2af625c872123fb5ed369ecb2c5b8668c4528da916ed7283f8554
f839760d1621714efedeb3eb08b25e619812dcc33d77aceb0daf405ac727a765