izazov.cl
Open in
urlscan Pro
190.107.177.249
Malicious Activity!
Public Scan
Effective URL: https://izazov.cl/OF/z1eebee40yxa0s6q44289yaezt.php?a=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&.verify?service=nfpb=tr...
Submission: On September 16 via api from US
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on September 8th 2020. Valid for: 3 months.
This is the only time izazov.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.115.54 167.89.115.54 | 11377 (SENDGRID) (SENDGRID) | |
1 7 | 190.107.177.249 190.107.177.249 | 265831 (SOC. COME...) (SOC. COMERCIAL WIRENET CHILE LTDA.) | |
2 3 | 65.215.162.240 65.215.162.240 | 13690 (AMR) (AMR) | |
7 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789115x54.outbound-mail.sendgrid.net
u4811780.ct.sendgrid.net |
ASN265831 (SOC. COMERCIAL WIRENET CHILE LTDA., CL)
PTR: srv19.cpanelhost.cl
izazov.cl |
ASN13690 (AMR, US)
PTR: services.amr.net
amr.net | |
www.amr.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
izazov.cl
1 redirects
izazov.cl |
1 MB |
3 |
amr.net
2 redirects
amr.net www.amr.net |
598 B |
1 |
sendgrid.net
1 redirects
u4811780.ct.sendgrid.net |
318 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
7 | izazov.cl |
1 redirects
izazov.cl
|
2 | amr.net | 2 redirects |
1 | www.amr.net |
izazov.cl
|
1 | u4811780.ct.sendgrid.net | 1 redirects |
7 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
izazov.cl cPanel, Inc. Certification Authority |
2020-09-08 - 2020-12-07 |
3 months | crt.sh |
*.amr.net Go Daddy Secure Certificate Authority - G2 |
2020-01-07 - 2022-01-07 |
2 years | crt.sh |
This page contains 2 frames:
Primary Page:
https://izazov.cl/OF/z1eebee40yxa0s6q44289yaezt.php?a=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&.verify?service=nfpb=true&_pageLabel=smep_portal_page_login&timedOut=true&_nfls&c=&i=0&false=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&loginID=&.
Frame ID: A9ED51CD58B4078BD34210CCC0C6A27D
Requests: 2 HTTP requests in this frame
Frame:
https://izazov.cl/OF/ova.php?a=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&i=0&c=
Frame ID: 3D83303F0D7A038973D5F4843AAE39C7
Requests: 5 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://u4811780.ct.sendgrid.net/ls/click?upn=kdGDDMd5f5hgPgBcrGRstYl1IuREv6iYORkBz-2FkKMXbQzgX-2BTePNBzJVd4V...
HTTP 302
https://izazov.cl/OF/?x=x&a=rebecca.middleton@amr.net&utm_campaign=sendgrid&utm_source=newslet... HTTP 302
https://izazov.cl/OF/z1eebee40yxa0s6q44289yaezt.php?a=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&.ve... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u4811780.ct.sendgrid.net/ls/click?upn=kdGDDMd5f5hgPgBcrGRstYl1IuREv6iYORkBz-2FkKMXbQzgX-2BTePNBzJVd4VPTuEVh5WvXKa3OE66MM9lrQopQtcv8bhZ-2BKmhXu6jo3fVy2K6mU4kl1CYcF5yKqtZu7pzTHS3WDe65Lz9DB28CJ-2Fc0j0KBwG1K1WhzkF8IDysf8c-3D787N_97Vc9gsq-2BP71Bq-2BpKJEWQIKHtOfwqzT6TJHfnPl-2FzrbAajmE6NL92VlXGsu7PXMK080HUZT2OhOA62alvJhIK1t21li-2BoAi833H4MSueeI6k2T1G2Jb6VGgbP52o-2BiXS8VoYft73i71YrDWPaVB7j-2FvK5PQ6zFCtaSaZSa9SgAShvVyyJrwwTEd4WgYrVuF5QFOdlIAZQi4k7Bxc6zXh6OY8e9azVLrWr6uABVkqYhU-3D
HTTP 302
https://izazov.cl/OF/?x=x&a=rebecca.middleton@amr.net&utm_campaign=sendgrid&utm_source=newsletter&utm_medium=email HTTP 302
https://izazov.cl/OF/z1eebee40yxa0s6q44289yaezt.php?a=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&.verify?service=nfpb=true&_pageLabel=smep_portal_page_login&timedOut=true&_nfls&c=&i=0&false=cmViZWNjYS5taWRkbGV0b25AYW1yLm5ldA==&loginID=&. Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 4- http://amr.net/favicon.ico HTTP 302
- https://amr.net/favicon.ico HTTP 301
- https://www.amr.net/favicon.ico
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
z1eebee40yxa0s6q44289yaezt.php
izazov.cl/OF/ Redirect Chain
|
938 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ova.php
izazov.cl/OF/ Frame 3D83 |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.jpg
izazov.cl/OF/ico/bg/ |
1 MB 1 MB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
izazov.cl/OF/css/ Frame 3D83 |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js.js
izazov.cl/OF/ico/ Frame 3D83 |
6 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
favicon.ico
www.amr.net/ Frame 3D83 Redirect Chain
|
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
default.png
izazov.cl/OF/ico/ Frame 3D83 |
161 KB 161 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amr.net
izazov.cl
u4811780.ct.sendgrid.net
www.amr.net
167.89.115.54
190.107.177.249
65.215.162.240
1bcbd711541fce74fc4c58fce450956c507db9e1e9d83af8f13ed448e114f9a0
6042219576f290d653a3942f0cbdae7708e2910f5bbd24c0a2e0d828e51a4df3
6a1a3af3f1dff275fe0a450f420318e18d040c6a771b106c5c14aab56c86b2d0
a6baa596c961ffab09d260ba7d7c743114ff7016e13e853b9b0f25bceac17255
b98b9213856bfc27f7645066507cc17adcbb7cfc3401692f7b5461a3e22a0ce3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855