ecomm-sella.ou-e.eu
Open in
urlscan Pro
104.21.15.197
Malicious Activity!
Public Scan
Effective URL: https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?AUTH_TOKEN=374c9a9bb4c3f993919b3d98f85d631f&cur=home
Submission: On September 15 via api from US — Scanned from IT
Summary
TLS certificate: Issued by GTS CA 1P5 on September 8th 2023. Valid for: 3 months.
This is the only time ecomm-sella.ou-e.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aruba (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.21.14.105 104.21.14.105 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 19 | 104.21.15.197 104.21.15.197 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 142.250.184.234 142.250.184.234 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.74.195 142.250.74.195 | 15169 (GOOGLE) (GOOGLE) | |
19 | 3 |
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
ou-e.eu
2 redirects
ecomm-sella.ou-e.eu |
88 KB |
1 |
gstatic.com
fonts.gstatic.com |
14 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 56 |
812 B |
1 |
artmedya.eu
1 redirects
random.artmedya.eu |
625 B |
19 | 4 |
Domain | Requested by | |
---|---|---|
19 | ecomm-sella.ou-e.eu |
2 redirects
ecomm-sella.ou-e.eu
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
ecomm-sella.ou-e.eu
|
1 | random.artmedya.eu | 1 redirects |
19 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
ou-e.eu GTS CA 1P5 |
2023-09-08 - 2023-12-07 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-08-14 - 2023-11-06 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-08-14 - 2023-11-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?AUTH_TOKEN=374c9a9bb4c3f993919b3d98f85d631f&cur=home
Frame ID: 3DB031C7DF8718025C3DFC3457F1DAEE
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
Pagamenti ArubaPage URL History Show full URLs
-
http://random.artmedya.eu/aru27154%E2%80%AF752
HTTP 302
https://ecomm-sella.ou-e.eu/?456TY289HYU=45VGI90K2ED HTTP 302
https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?a01620835aab62bb0bb94a66f2359f01=ETIDVCGRx... HTTP 302
https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?AUTH_TOKEN=374c9a9bb4c3f993919b3d98f85d631... Page URL
Detected technologies
Google Font API (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://random.artmedya.eu/aru27154%E2%80%AF752
HTTP 302
https://ecomm-sella.ou-e.eu/?456TY289HYU=45VGI90K2ED HTTP 302
https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?a01620835aab62bb0bb94a66f2359f01=ETIDVCGRxmO&AUTH_TOKEN HTTP 302
https://ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/?AUTH_TOKEN=374c9a9bb4c3f993919b3d98f85d631f&cur=home Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/ Redirect Chain
|
13 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
4 KB 812 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/js/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
validation.js
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
stylese42d.css
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/css/ |
62 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ico_language.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
1 KB 680 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icona-small-arrow-bottom-2.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
521 B 687 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
italia-flag.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
596 B 548 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ico_assistenza.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
1008 B 823 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Aruba-logo-web.png
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
23 KB 23 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icona-small-arrow-bottom.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
464 B 555 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icona-assistenza.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
953 B 727 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icona-utente.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
815 B 634 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icona-notifiche-ko.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
1 KB 776 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
info-sm.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
834 B 662 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
form-icona-mostra-password.svg
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/assets/img/ |
836 B 682 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
ecomm-sella.ou-e.eu/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ecomm-sella.ou-e.eu/a01620835aab62bb0bb94a66f2359f01/ |
13 KB 13 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
S6u9w4BMUTPHh6UVSwiPGQ3q5d0.woff2
fonts.gstatic.com/s/lato/v24/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aruba (Online)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| $ function| jQuery function| isIdentOk number| countalog function| sendlog function| OnShowPassword1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
ecomm-sella.ou-e.eu/ | Name: PHPSESSID Value: mi4scusalc187m4dspdba386td |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ecomm-sella.ou-e.eu
fonts.googleapis.com
fonts.gstatic.com
random.artmedya.eu
104.21.14.105
104.21.15.197
142.250.184.234
142.250.74.195
05fd3d0b9d3a0b217788f0921f8c4b768d4c75ae5784e643f877cd2595ad3e82
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
1cb02c1b0e69e5af557e79a14331efca5fc053ef2e119559405d48d684f99563
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28b6796c524eba16a92ace27654997ef9c100232ea9b65c95f09e59f3aedd3aa
34dd9580aa3ec678f534475c7f0e915775291916ea7c4c3a3cc2382461da6aec
65ebb27f553b3dcea49b4444752f73ce8f024eb56dfe4754bd81f975ae628e46
7a7ce1a34f3e9944fe88fc61abbc93b6db383afa2b90815fd7ccea456fbce4e5
8f5a51ab8aba6dd40c4083d89d06ee87ed8d76590470b1bdb6eab337e6db5694
96bd5b6dd68d76c43af00a91b29eb5210d389b5b07f2c74f81453a16d3dbb34e
b2a12ecfb458dde3bdb5ac7c1272b7b9f5cd53fadb85da9bdc83cae7fa563b96
b5039d1e1721b351b9e075cf1b787fa4b3f746fbe5d5038aefc9e3ecfc6f7941
b50ca9372d9ed5c1988648576e71bcc07a49577986ecad69a4cc2a876bb8150c
b662d227bde54375492c640f081f9a1b006579a33521ca205e4d857e318524fb
c3dddd42208204cb68a6740a5cfa7edd5b8f469a85c7fe4630027bc9db4ace9b
de01982b900c8580bab5690e3ad14406fd55e0f1dd2c1875435a2ed93c0c9dd1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f185ca786bc36da40722d6fea6619c78b4a1c10e69207f59933ab530b955f0
fe4a41d44ee3252c133f2e2fb72cef6519fb469ba04384dcb1eaed9f097892bd