salvadorfernandez.net Open in urlscan Pro
46.21.192.6 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html
Submission Tags: @ipnigh
Submission: On April 27 via api (April 27th 2020, 8:38:18 am UTC) from GB

Summary HTTP 11 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 46.21.192.6, located in Madrid, Spain and belongs to EURO-WEB-AS, FR. The main domain is salvadorfernandez.net.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 27th 2020. Valid for: 3 months.

This is the only time salvadorfernandez.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	46.21.192.6 46.21.192.6	35393 (EURO-WEB-AS) (EURO-WEB-AS)
7	62.149.188.175 62.149.188.175	31034 (ARUBA-ASN) (ARUBA-ASN)
11	3

1 46.21.192.6 (Madrid, Spain)

ASN35393 (EURO-WEB-AS, FR)
PTR: web6.magiconline.es

salvadorfernandez.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 62.149.188.175 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)

admin.aruba.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	aruba.it admin.aruba.it	24 KB
1	salvadorfernandez.net salvadorfernandez.net	13 KB
0	arubamediamarketing.it Failed tracks.arubamediamarketing.it Failed visual.arubamediamarketing.it Failed
11	3

	Domain	Requested by
7	admin.aruba.it	salvadorfernandez.net
1	salvadorfernandez.net
0	visual.arubamediamarketing.it Failed	salvadorfernandez.net
0	tracks.arubamediamarketing.it Failed	salvadorfernandez.net
11	4

This site contains links to these domains. Also see Links.

Domain
webmail.aruba.it
hosting.aruba.it
pagamenti.aruba.it
rivenditori.aruba.it
analytics.arubamediamarketing.it
admin.aruba.it
www.aruba.it

Subject Issuer	Validity	Valid
salvadorfernandez.net Let's Encrypt Authority X3	`2020-03-27` - `2020-06-25`	3 months	crt.sh
admin.aruba.it Actalis Extended Validation Server CA G2	`2019-03-20` - `2021-03-20`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html
Frame ID: 008DBBAF98492C28F02C678F44EC811A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

11
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

36 kB
Transfer

42 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://webmail.aruba.it/
Title: webmail

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/Rinnovi/InsDatiRinnovo.asp?Lang=DEFAULT
Title: rinnovi

Search URL Search Domain Scan URL

URL: https://pagamenti.aruba.it/home/default.aspx
Title: pagamenti

Search URL Search Domain Scan URL

URL: http://rivenditori.aruba.it/
Title: affiliazione

Search URL Search Domain Scan URL

URL: https://hosting.aruba.it/areaclienti
Title: area clienti

Search URL Search Domain Scan URL

URL: http://analytics.arubamediamarketing.it/link_outbound/?cvtrac=5&usc=d645920e395fedad7bbbed0eca3fe2e0
Title: assistenza

Search URL Search Domain Scan URL

URL: https://admin.aruba.it/oldlogin.aspx
Title: Versione precedente

Search URL Search Domain Scan URL

URL: http://hosting.aruba.it/Domini/spediscidatidominio.asp?lang=IT
Title: Hai perso i dati?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Logon.html Show response salvadorfernandez.net/drupal/webmail.aruba.it/	12 KB 13 KB	158ms 29ms	Document text/html	46.21.192.6 EURO-WEB-AS
General Check archive.org Show headers Download Go to Full URL https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 46.21.192.6 Madrid, Spain, ASN35393 (EURO-WEB-AS, FR), Reverse DNS web6.magiconline.es Software Apache / PleskLin Resource Hash `b62fe5fb9f3a3a7ee7f322bc3cf1cf4cdc1d485b5d8dd8dc8395cf0d66a4b5cf` Request headers Host salvadorfernandez.net Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Server Apache Last-Modified Sun, 16 Jun 2019 18:08:46 GMT ETag "30aa-58b74c557ba8b" Accept-Ranges bytes Content-Length 12458 Cache-Control max-age=1 Expires Mon, 27 Apr 2020 08:37:44 GMT X-Powered-By PleskLin Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	javascript_cookies.js Show response admin.aruba.it/PannelloAdmin/	2 KB 2 KB	472ms 63ms	Script application/javascript	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://admin.aruba.it/PannelloAdmin/javascript_cookies.js Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `e89c0f39c5016431213a8d45f4d5f4639b2bd38af7c45711975746bbe6aef4da` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:42 GMT Last-Modified Sat, 11 Apr 2020 13:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0aedbac410d61:0" Content-Type application/javascript Accept-Ranges bytes Content-Length 2112
GET H/1.1	200 OK	Login.css admin.aruba.it/PannelloAdmin/	11 KB 3 KB	470ms 62ms	Stylesheet text/css	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://admin.aruba.it/PannelloAdmin/Login.css?v1.0 Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `9cccb34e1743089bb7cbd1596f51dea4fe898adb1118fb7bd44c49812083182e` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:42 GMT Content-Encoding gzip Last-Modified Sat, 11 Apr 2020 13:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0aedbac410d61:0" Vary Accept-Encoding Content-Type text/css Accept-Ranges bytes Content-Length 2828
GET H/1.1	200 OK	logo_aruba.png admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/	9 KB 9 KB	66ms 63ms	Image image/png	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://admin.aruba.it/PannelloAdmin/UI/Images/general_tmpl/logo_aruba.png Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Last-Modified Sat, 11 Apr 2020 13:25:26 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "02748a9410d61:0" Content-Type image/png Accept-Ranges bytes Content-Length 9433
GET H/1.1	200 OK	imgCaratteristicheAccesso.png admin.aruba.it/PannelloAdmin/image_pannello_controllo/	508 B 753 B	62ms 59ms	Image image/png	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgCaratteristicheAccesso.png Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Last-Modified Sat, 11 Apr 2020 13:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0aedbac410d61:0" Content-Type image/png Accept-Ranges bytes Content-Length 508
GET H/1.1	200 OK	arrox_previous.png admin.aruba.it/PannelloAdmin/image_pannello_controllo/	338 B 583 B	123ms 61ms	Image image/png	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/arrox_previous.png Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Last-Modified Sat, 11 Apr 2020 13:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0aedbac410d61:0" Content-Type image/png Accept-Ranges bytes Content-Length 338
GET H/1.1	200 OK	imgHaiPersoDati.png admin.aruba.it/PannelloAdmin/image_pannello_controllo/	775 B 1020 B	128ms 62ms	Image image/png	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/imgHaiPersoDati.png Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96` Request headers Referer https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Last-Modified Sat, 11 Apr 2020 13:25:32 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0aedbac410d61:0" Content-Type image/png Accept-Ranges bytes Content-Length 775
GET		tsends.js tracks.arubamediamarketing.it/track/	0 0

GET		59b1da0be8266e06e6a75a5d0f2aa14d.js visual.arubamediamarketing.it/cjs/	0 0

GET		include.js visual.arubamediamarketing.it/track/	0 0

GET H/1.1	200 OK	PannelloControlloBottomLogo.png admin.aruba.it/PannelloAdmin/image_pannello_controllo/	6 KB 7 KB	218ms 109ms	Image image/png	62.149.188.175 ARUBA-ASN
General Check archive.org Show headers Download Go to Show image Full URL https://admin.aruba.it/PannelloAdmin/image_pannello_controllo/PannelloControlloBottomLogo.png Requested by Host: salvadorfernandez.net URL: https://salvadorfernandez.net/drupal/webmail.aruba.it/Logon.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 62.149.188.175 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12` Request headers Referer https://admin.aruba.it/PannelloAdmin/Login.css?v1.0 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Response headers Date Mon, 27 Apr 2020 08:37:43 GMT Last-Modified Sat, 11 Apr 2020 13:25:34 GMT Server Microsoft-IIS/8.5 X-Powered-By ASP.NET ETag "0dbcae410d61:0" Content-Type image/png Accept-Ranges bytes Content-Length 6604

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tracks.arubamediamarketing.it
URL: https://tracks.arubamediamarketing.it/track/tsends.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/cjs/59b1da0be8266e06e6a75a5d0f2aa14d.js

Domain: visual.arubamediamarketing.it
URL: https://visual.arubamediamarketing.it/track/include.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aruba (Online)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

admin.aruba.it
salvadorfernandez.net
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
tracks.arubamediamarketing.it
visual.arubamediamarketing.it
46.21.192.6
62.149.188.175
2b5da352f8cac1ec98ed11f27d0d4661aac2f6473096a11bbeb636d34fd20e67
336a136d1ec7b4f2fa42ebaf724293a544b0451fa6b254778d59672d49a1ac12
399db74019a306cb82125431dbbb99137dffa0669d9b84b3cd4dded32b438f5d
8ab2d4dd46d9a7d2997be422628f891222a304e1b0c9bed486129ae6f0f9eb96
9cccb34e1743089bb7cbd1596f51dea4fe898adb1118fb7bd44c49812083182e
b1adb27a5e38c7bbbfd8712b4103eb8e405d2bca562e600c7787a214be6c99e9
b62fe5fb9f3a3a7ee7f322bc3cf1cf4cdc1d485b5d8dd8dc8395cf0d66a4b5cf
e89c0f39c5016431213a8d45f4d5f4639b2bd38af7c45711975746bbe6aef4da

salvadorfernandez.net Open in urlscan Pro 46.21.192.6 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

11 Requests

73 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

36 kBTransfer

42 kBSize

0 Cookies

9 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

16 JavaScript Global Variables

0 Cookies

Indicators

salvadorfernandez.net Open in urlscan Pro
46.21.192.6 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

73 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

36 kB
Transfer

42 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!