allmar.cl
Open in
urlscan Pro
190.13.188.110
Malicious Activity!
Public Scan
URL:
https://allmar.cl/nordcaterbetalning/m/smbettal.php
Submission: On December 19 via manual from DE — Scanned from SE
Submission: On December 19 via manual from DE — Scanned from SE
Summary
This website contacted 1 IPs
in 1 countries
across 1 domains to perform 5 HTTP transactions.
The main IP is 190.13.188.110, located in
Curacautin, Chile and
belongs to Telefonica del Sur S.A., CL.
The main domain is allmar.cl.
TLS certificate: Issued by R3 on October 31st 2023. Valid for: 3 months.
This is the only time allmar.cl was scanned on urlscan.io!
TLS certificate: Issued by R3 on October 31st 2023. Valid for: 3 months.
This is the only time allmar.cl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Nordea (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 5 | 190.13.188.110 190.13.188.110 | 14117 (Telefonic...) (Telefonica del Sur S.A.) | |
| 5 | 1 |
5
190.13.188.110
(Curacautin, Chile)
ASN14117 (Telefonica del Sur S.A., CL)
PTR: vps.escalon.cl
ASN14117 (Telefonica del Sur S.A., CL)
PTR: vps.escalon.cl
| allmar.cl |
| Domain | Requested by | |
|---|---|---|
| 5 | allmar.cl |
allmar.cl
|
| 5 | 1 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| allmar.cl R3 |
2023-10-31 - 2024-01-29 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://allmar.cl/nordcaterbetalning/m/smbettal.php
Frame ID: F6D83E6909A32A9D2C90BA885173A3AF
Requests: 5 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
5 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
smbettal.php
allmar.cl/nordcaterbetalning/m/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
styles-f9ceedcf3769d27d2d0374b3893269c1.css
allmar.cl/nordcaterbetalning/m/css/ |
35 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
564d0ff0f3578b7128a4-b7a1feddcbbebce5f93166d4e2765fff.jpg
allmar.cl/nordcaterbetalning/m/assets/ |
67 KB 67 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
aa1ee103968475b48934-3a4d9a8b6adf39716f28af71fc9b030a.woff
allmar.cl/nordcaterbetalning/m/assets/ |
30 KB 30 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
b90f1e1b93f3b23dd79e-11eca7aa5a85ec0c6cc3deba794b264e.woff
allmar.cl/nordcaterbetalning/m/assets/ |
31 KB 31 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Nordea (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
allmar.cl
190.13.188.110
21a2a17b532837aeafeb95de9f252bfec714028517f79fb4143845ca4d23353c
8050a49bf6e8f0d5a2e79b040497af98741bd13ce680710c5070f8666d6f26e7
836393ac52708bd75b2e1c88defb51faa58f0fdfa374d57d2529e0a6554882ff
a04b7a6910f6ea85bde20dc980857aee038937d6dec5590c5631b172bf333e20
ff28a732b1fc6a547797b7a9a7c29025ae41b74cc5e208232418d9c41fb43c44