www.vernicispray.net Open in urlscan Pro
31.11.33.204 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rb.gy/4v0tmd
Effective URL:
https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php
Submission: On March 10 via manual (March 10th 2023, 7:42:48 am UTC) from IT — Scanned from AU

Summary HTTP 6 Redirects Links 93 Behaviour Indicators

Summary

This website contacted 3 IPs in 4 countries across 4 domains to perform 6 HTTP transactions. The main IP is 31.11.33.204, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is www.vernicispray.net.
TLS certificate: Issued by Actalis Domain Validation Server CA G3 on November 1st 2022. Valid for: a year.

This is the only time www.vernicispray.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aruba (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 1	13.248.133.123 13.248.133.123	16509 (AMAZON-02) (AMAZON-02)
1 1	77.72.0.134 77.72.0.134	12488 (KRYSTAL) (KRYSTAL)
1	31.11.33.204 31.11.33.204	31034 (ARUBA-ASN) (ARUBA-ASN)
1	54.249.35.220 54.249.35.220	16509 (AMAZON-02) (AMAZON-02)
6	3

1 13.248.133.123 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a2e8596a386b1b4bf.awsglobalaccelerator.com

rb.gy	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.72.0.134 (United Kingdom) 1 redirects

ASN12488 (KRYSTAL, GB)
PTR: phosphorus.cloudhosting.co.uk

bojangleshairdressing.co.uk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 31.11.33.204 (Arezzo, Italy)

ASN31034 (ARUBA-ASN, IT)
PTR: websn2s194.aruba.it

www.vernicispray.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.249.35.220 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-249-35-220.ap-northeast-1.compute.amazonaws.com

w.usabilla.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	usabilla.com w.usabilla.com — Cisco Umbrella Rank: 3248	11 KB
1	vernicispray.net www.vernicispray.net	1 MB
1	bojangleshairdressing.co.uk 1 redirects bojangleshairdressing.co.uk	277 B
1	rb.gy 1 redirects rb.gy — Cisco Umbrella Rank: 153136	167 B
6	4

	Domain	Requested by
1	w.usabilla.com	srcdoc
1	www.vernicispray.net
1	bojangleshairdressing.co.uk	1 redirects
1	rb.gy	1 redirects
6	4

This site contains links to these domains. Also see Links.

Domain
www.cookiebot.com
www.aruba.it
hosting.aruba.it
www.crazyegg.com
www.eyeota.com
policies.google.com
tvty.tv
www.linkedin.com
www.appnexus.com
www.media.net
www.facebook.com
www.adobe.com
www.we-are-adot.com
www.amazon.com
www.bidswitch.com
www.oracle.com
www.casalemedia.com
www.dataxu.com
www.ispot.tv
liveramp.com
www.mediarithmics.com
privacy.microsoft.com
www.home.neustar
www.openx.com
www.salesforce.com
www.sitescout.com
www.sizmek.com
www.spotx.tv
www.tapad.com
tidaltv.com
weborama.com
zetaglobal.com
webstorage.cloud.it
guide.convenzionepel.aruba.it
www.vinciunaducati.com
assistenzaclienti.aruba.it
supporto.aruba.it
supportb2b.aruba.it
www.arubaracing.com
www.arubaracing.it
account.aruba.it
affiliazione.aruba.it
admin.aruba.it
adsl.aruba.it
assistenza.aruba.it
aruba.it
arubacloud.com
arubacloud.es
arubacloud.fr
blog.aruba.it
cart.aruba.it
cart.arubacloud.com
cart.cloud.it
cloud.it
customerarea.aruba.it
datacenter.it
enterprise.aruba.it
fatture.aruba.it
fibra.aruba.it
fotoalbum.aruba.it
gestioneaccessi.aruba.it
guide.aruba.it
guide.hosting.aruba.it
guide.serverdedicati.aruba.it
kb.arubacloud.com
kb.arubacloud.es
kb.arubacloud.fr
kb.cloud.it
login.aruba.it
managehosting.aruba.it
microsoft365.aruba.it
mssql.aruba.it
mysql.aruba.it
pagamenti.aruba.it
serverdedicati.aruba.it
signup.aruba.it
supersite.aruba.it
webmailfreebeta.aruba.it
webmailfree.aruba.it
webmail.aruba.it
webmailbeta.aruba.it
xandmail.com
gestionemail.pec.it
webmail.pec.it

Subject Issuer	Validity	Valid
*.vernicispray.net Actalis Domain Validation Server CA G3	`2022-11-01` - `2023-12-02`	a year	crt.sh
w.usabilla.com Amazon RSA 2048 M01	`2023-02-10` - `2024-02-09`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php
Frame ID: D78340B0160FB0CACA062FB955078C63
Requests: 17 HTTP requests in this frame

Frame: https://w.usabilla.com/719697a0b3af.js?lv=1
Frame ID: 1C80815F129798815AB3281EA113CE55
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: A009288DDACEB4A0CA6C83A894F81B18
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pagamenti Aruba Powered by Cookiebot

Page URL History Show full URLs

https://rb.gy/4v0tmd HTTP 301
http://bojangleshairdressing.co.uk/ HTTP 301
https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

6
Requests

33 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

1107 kB
Transfer

1405 kB
Size

0
Cookies

93 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cookiebot.com/
Title: Powered by Cookiebot

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request udjr.php Show response www.vernicispray.net/eytrhzdb/yteehrjn/ Redirect Chain https://rb.gy/4v0tmd http://bojangleshairdressing.co.uk/ https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php	1 MB 1 MB	2595ms 981ms	Document text/html	31.11.33.204 ARUBA-ASN
General Check archive.org Show headers Download Go to Full URL https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_CBC Server 31.11.33.204 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT), Reverse DNS websn2s194.aruba.it Software Microsoft-IIS/8.5 / ASP.NET Resource Hash `787b46dde1e01ebc36b3100d5638ee2aa83329bdc090e6adaee460c44f38ccf6` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Content-Length 1089469 Content-Type text/html Date Fri, 10 Mar 2023 07:42:38 GMT Server Microsoft-IIS/8.5 X-Aruba-Cache NA X-Aruba2-Cache NA X-Powered-By ASP.NET Redirect headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-length 707 content-type text/html date Fri, 10 Mar 2023 07:42:37 GMT location https://www.vernicispray.net/eytrhzdb/yteehrjn/udjr.php server LiteSpeed vary User-Agent
GET DATA	200 OK	truncated /	921 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `15c001519dc1296f39660e3857f63ee90b0196835ec033c7026435de0cb752ce` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	293 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8181a739bd0ed0fd64624c4aa15b7847bc9d4fd0660bff56c8c9192c4ef75979` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `583d7246009e1632b8abb3356f92cf2a52f4548d11347950966751f98223221e` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	517 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `5e67cd17b90275703e47b051d6dbdc25e6ee7accc2cbe31b4c63d39894d7590a` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	590 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `3c602eb7ccd4ec28f132120ba8e687f4cea1352dff8be42757e16ea55c2e7289` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `84e976dbb25388b4032c156cd4bf9d9766b422c3bc6cc1db3a199bbc8fc0a1b2` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET H2	200	719697a0b3af.js Show response w.usabilla.com/ Frame 1C80	36 KB 11 KB	728ms 239ms	Script text/javascript	54.249.35.220 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://w.usabilla.com/719697a0b3af.js?lv=1 Requested by Host: srcdoc URL: about:srcdoc Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 54.249.35.220 Tokyo, Japan, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-249-35-220.ap-northeast-1.compute.amazonaws.com Software / Resource Hash `9688a35b02c64dcfb60af2016a32966dfc052c58e4c9f6fdcfa2464afa2a727e` Request headers accept-language en-AU,en;q=0.9 Referer https://www.vernicispray.net/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers pragma no-cache date Fri, 10 Mar 2023 07:42:42 GMT content-encoding gzip x-widget-server 2.1 etag "64bdbb5315c8bd6c4a3532c7122be499" content-type text/javascript cache-control public,max-age=0 content-length 11077
GET DATA	200 OK	truncated /	234 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7ca555033bd461de508445898db7c321e8b52b37f6259a5ff76adeae28cb7b0d` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	1002 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `36d9ce3b8c204e0d7644e5fbef7e88655ec2350798562eda0ca1f6e274a260d6` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	811 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d881edf6d1763df2e5ce27f39ea76d82a18c15760a0c2de14fd78fba172e19a1` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	23 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	1 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d9742fea080b09269a5500e8cbd1c490946d044b0cbf0a2412c00c13b8eeb49e` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	462 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `d54c051c8168ccffcd35424f00d7b6140e6311bff3e66308b8ff1bb47399ebbc` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	949 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dfbe1bbb320b496b9fef73b4787a01fa50f124e2db758567316b07c2be04b657` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	832 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ea77e158ef03a63cf878b55deac25e3e315af605ac14d62a4cda18df7e841686` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	833 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db791d8dc960a0992a825f76194812642980622bd3cfab6fbe267cfcc63eac26` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	23 KB 23 KB		Font font/woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49` Request headers Referer Origin https://www.vernicispray.net accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type font/woff2
GET DATA	200 OK	truncated / Frame A009	6 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `52897547cfc7be3ea57d0a07398a6c8d5f01c9cb02309c7ab2ba9ab27ebd73a4` Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36 Response headers Content-Type image/png

www.vernicispray.net Open in urlscan Pro 31.11.33.204 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

6 Requests

33 %HTTPS

0 %IPv6

4 Domains

4 Subdomains

3 IPs

4 Countries

1107 kBTransfer

1405 kBSize

0 Cookies

93 Outgoing links

Page URL History

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 13 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

0 Cookies

Indicators

www.vernicispray.net Open in urlscan Pro
31.11.33.204 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

33 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

3
IPs

4
Countries

1107 kB
Transfer

1405 kB
Size

0
Cookies

6 HTTP transactions
13 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!