urlscan.io logo urlscan.io
SecurityTrails logo

orodelsele.com Open in urlscan Pro
80.88.87.160  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Submission: On October 26 via api from CA — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 80.88.87.160, located in Arezzo, Italy and belongs to ARUBA-ASN, IT. The main domain is orodelsele.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 24th 2022. Valid for: 3 months.
This is the only time orodelsele.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Outlook (Online)

Domain & IP information

IP Address AS Autonomous System
10 80.88.87.160 31034 (ARUBA-ASN)
10 1
Apex Domain
Subdomains		 Transfer
10 orodelsele.com
orodelsele.com
646 KB
10 1
Domain Requested by
10 orodelsele.com orodelsele.com
10 1

This site contains no links.

Subject Issuer Validity Valid
orodelsele.com
cPanel, Inc. Certification Authority		 2022-10-24 -
2023-01-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Frame ID: 3E496CF7E24846660A08241051E27161
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login into your Outlook Webapp Account

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

646 kB
Transfer

1669 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request mapped.php
orodelsele.com/cplfile/outlook/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx / PHP/7.3.33
Resource Hash
9ae91a98a60159391ac5fdb2d0a1c3279e01d4e389ff19914e41256570fca637
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 26 Oct 2022 10:59:39 GMT
server
nginx
vary
Accept-Encoding
x-content-type-options
nosniff
x-nginx-cache-status
EXPIRED
x-powered-by
PHP/7.3.33
x-server-powered-by
Engintron
x-xss-protection
1; mode=block
bootstrap.min.css
orodelsele.com/cplfile/outlook/vendor/bootstrap/css/ 		138 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/vendor/bootstrap/css/bootstrap.min.css
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Feb 2020 15:44:16 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
all.css
orodelsele.com/cplfile/outlook/font-awesome/css/ 		69 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/font-awesome/css/all.css
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
05b29e731ac5a3e11c7b0fcde0785296c564342bcd8831c9c9206ca967224d88

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Feb 2020 15:43:08 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
logo.png
orodelsele.com/cplfile/outlook/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://orodelsele.com/cplfile/outlook/logo.png
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
52dc127d5e6245dd9b1f1ff1c75448817a69b5cc1bc6b64f6c0ee82b81e84cfa

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:40 GMT
last-modified
Fri, 14 Feb 2020 15:44:16 GMT
server
nginx
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
content-length
16949
expires
Sun, 25 Dec 2022 10:59:40 GMT
outlook.png
orodelsele.com/cplfile/outlook/ 		47 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://orodelsele.com/cplfile/outlook/outlook.png
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
ea470c3755ab03df351ecd688c7a30dd0f98be3bcdb60df5a410c8ba582fc220

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
last-modified
Fri, 14 Feb 2020 15:44:16 GMT
server
nginx
content-type
image/png
cache-control
max-age=5184000
accept-ranges
bytes
content-length
48430
expires
Sun, 25 Dec 2022 10:59:39 GMT
jquery-2.2.3.min.js
orodelsele.com/cplfile/outlook/vendor/jquery/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/vendor/jquery/jquery-2.2.3.min.js
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
6b6de0d4db7876d1183a3edb47ebd3bbbf93f153f5de1ba6645049348628109a

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Feb 2020 15:44:18 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
bootstrap.min.js
orodelsele.com/cplfile/outlook/vendor/bootstrap/js/ 		50 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/vendor/bootstrap/js/bootstrap.min.js
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Feb 2020 15:44:18 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
all.js
orodelsele.com/cplfile/outlook/font-awesome/js/ 		1 MB
427 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/font-awesome/js/all.js
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
f3c8ccac95cb1dfdcb72f5addf1d0042ff1de141904ed5e2e2e9797e2abd2861

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Fri, 14 Feb 2020 15:43:08 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
data.js
orodelsele.com/cplfile/outlook/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/js/data.js
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/mapped.php?authe=4UY432
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
2d9df312028db60989b9d2067b550fe36692f99dd75e7730a8757c769346ff21

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://orodelsele.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:39 GMT
content-encoding
gzip
last-modified
Thu, 10 Feb 2022 10:21:52 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
expires
Fri, 25 Nov 2022 10:59:39 GMT
fa-solid-900.woff2
orodelsele.com/cplfile/outlook/font-awesome/webfonts/ 		74 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://orodelsele.com/cplfile/outlook/font-awesome/webfonts/fa-solid-900.woff2
Requested by
Host: orodelsele.com
URL: https://orodelsele.com/cplfile/outlook/font-awesome/css/all.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
80.88.87.160 Arezzo, Italy, ASN31034 (ARUBA-ASN, IT),
Reverse DNS
linc061.arubabusiness.it
Software
nginx /
Resource Hash
2c3097237d60f42e800ebe4009c9af144bb19e5581e1c0501c7b259eee7e210c

Request headers

Referer
https://orodelsele.com/cplfile/outlook/font-awesome/css/all.css
Origin
https://orodelsele.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
public
date
Wed, 26 Oct 2022 10:59:40 GMT
last-modified
Fri, 14 Feb 2020 15:44:16 GMT
server
nginx
content-type
font/woff2
cache-control
max-age=5184000
accept-ranges
bytes
content-length
76120
expires
Sun, 25 Dec 2022 10:59:40 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Outlook (Online)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| bootstrap object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| email object| password number| counter

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block