www.script4all.me
Open in
urlscan Pro
162.0.215.32
Malicious Activity!
Public Scan
Submission: On January 14 via manual from CO — Scanned from DE
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on September 3rd 2022. Valid for: a year.
This is the only time www.script4all.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banco Fallabela (Banking)Domain & IP information
ASN22612 (NAMECHEAP-NET, US)
PTR: premium186-1.web-hosting.com
www.script4all.me | |
script4all.me |
ASN20940 (AKAMAI-ASN1, NL)
www.fedex.com |
ASN32787 (PROLEXIC-TECHNOLOGIES-DDOS-MITIGATION-NETWORK, US)
www.e-bbva.com.co |
ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-83-4-43.deploy.static.akamaitechnologies.com
www.itau.co |
ASN264714 (A TODA HORA S.A, CO)
PTR: www.bancodeoccidente.com.co
www.bancodeoccidente.com.co |
ASN14080 (Telmex Colombia S.A., CO)
PTR: www.avvillas.com.co
www.avvillas.com.co |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-4.fra53.r.cloudfront.net
autenticacion.apps.bancolombia.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
imgur.com
i.imgur.com — Cisco Umbrella Rank: 6006 |
1 MB |
3 |
unpkg.com
2 redirects
unpkg.com — Cisco Umbrella Rank: 767 |
2 KB |
3 |
script4all.me
www.script4all.me script4all.me |
197 KB |
2 |
bancolombia.com
autenticacion.apps.bancolombia.com — Cisco Umbrella Rank: 817886 |
4 KB |
2 |
wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2142 |
15 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
2 KB |
1 |
agilitycms.com
cdn.agilitycms.com — Cisco Umbrella Rank: 164879 |
12 KB |
1 |
bancofinandina.com
pagos.bancofinandina.com |
4 KB |
1 |
avvillas.com.co
www.avvillas.com.co — Cisco Umbrella Rank: 701174 |
5 KB |
1 |
bancofalabella.com.co
www.bancofalabella.com.co — Cisco Umbrella Rank: 675788 |
7 KB |
1 |
bancodeoccidente.com.co
www.bancodeoccidente.com.co — Cisco Umbrella Rank: 598674 |
10 KB |
1 |
itau.co
www.itau.co — Cisco Umbrella Rank: 410455 |
7 KB |
1 |
e-bbva.com.co
www.e-bbva.com.co — Cisco Umbrella Rank: 747881 |
5 KB |
1 |
gstatic.com
fonts.gstatic.com |
17 KB |
1 |
fedex.com
www.fedex.com — Cisco Umbrella Rank: 7684 |
|
0 |
gifer.com
Failed
i.gifer.com Failed |
|
27 | 16 |
Domain | Requested by | |
---|---|---|
7 | i.imgur.com |
www.script4all.me
|
3 | unpkg.com |
2 redirects
www.script4all.me
|
2 | script4all.me |
www.script4all.me
|
2 | autenticacion.apps.bancolombia.com |
www.script4all.me
|
2 | upload.wikimedia.org |
www.script4all.me
|
2 | fonts.googleapis.com |
www.script4all.me
|
1 | cdn.agilitycms.com |
www.script4all.me
|
1 | pagos.bancofinandina.com |
www.script4all.me
|
1 | www.avvillas.com.co |
www.script4all.me
|
1 | www.bancofalabella.com.co |
www.script4all.me
|
1 | www.bancodeoccidente.com.co |
www.script4all.me
|
1 | www.itau.co |
www.script4all.me
|
1 | www.e-bbva.com.co |
www.script4all.me
|
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | www.fedex.com |
www.script4all.me
|
1 | www.script4all.me | |
0 | i.gifer.com Failed |
www.script4all.me
|
27 | 17 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
script4all.me Sectigo RSA Domain Validation Secure Server CA |
2022-09-03 - 2023-09-03 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-12-12 - 2023-03-06 |
3 months | crt.sh |
www.fedex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2022-09-26 - 2023-10-27 |
a year | crt.sh |
*.wikipedia.org DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-10-27 - 2023-11-17 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2022-12-12 - 2023-03-06 |
3 months | crt.sh |
www.e-bbva.com.co DigiCert SHA2 Extended Validation Server CA |
2022-05-16 - 2023-06-16 |
a year | crt.sh |
www.itau.co GlobalSign Extended Validation CA - SHA256 - G3 |
2022-11-17 - 2023-12-19 |
a year | crt.sh |
www.bancodeoccidente.com.co DigiCert EV RSA CA G2 |
2022-05-24 - 2023-06-24 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-09 - 2023-06-09 |
a year | crt.sh |
www.avvillas.com.co DigiCert EV RSA CA G2 |
2022-11-08 - 2023-12-09 |
a year | crt.sh |
*.bancofinandina.com GlobalSign RSA OV SSL CA 2018 |
2022-03-22 - 2023-04-19 |
a year | crt.sh |
autenticacion.apps.bancolombia.com DigiCert EV RSA CA G2 |
2022-10-04 - 2023-10-24 |
a year | crt.sh |
sni13ecgl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-24 - 2023-04-24 |
a year | crt.sh |
*.imgur.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-03-08 - 2023-03-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.script4all.me/rscfedexh.php
Frame ID: E243256428F433A8F624DF24CBB80575
Requests: 30 HTTP requests in this frame
Screenshot
Page Title
Fedex InternacionalDocumentDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 8- https://unpkg.com/@teleporthq/teleport-custom-scripts HTTP 302
- https://unpkg.com/@teleporthq/teleport-custom-scripts@0.0.17 HTTP 302
- https://unpkg.com/@teleporthq/teleport-custom-scripts@0.0.17/src/index.js
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
rscfedexh.php
www.script4all.me/ |
958 KB 190 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
2 KB 643 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
www.fedex.com/content/dam/fedex-com/logos/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Hamburger_icon.svg
upload.wikimedia.org/wikipedia/commons/b/b2/ |
605 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
UcCO3FwrK3iLTeHuS_fvQtMwCp50KnMw2boKoduKmMEVuLyfAZ9hiA.woff2
fonts.gstatic.com/s/inter/v12/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
27 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
426px-Banco_de_Bogot%C3%A1_logo.svg.png
upload.wikimedia.org/wikipedia/commons/thumb/5/59/Banco_de_Bogot%C3%A1_logo.svg/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
index.js
unpkg.com/@teleporthq/teleport-custom-scripts@0.0.17/src/ Redirect Chain
|
7 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bbva-white.svg
www.e-bbva.com.co/choose/img/ |
4 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo_itau.png
www.itau.co/PSEBancoBCR/bancodecredito/images/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-03-occidente-01-occidente-01-regular.aa547ca6b936469689ea.svg
www.bancodeoccidente.com.co/portaltransaccional/ |
6 KB 10 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.svg
www.bancofalabella.com.co/assets/ |
14 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
avv-logo.svg
www.avvillas.com.co/bancadigital/assets/img/illustrations/external-payments/ |
6 KB 5 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banco-finandina.svg
pagos.bancofinandina.com/assets/images/_logo/ |
11 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
IconBancolombia.42a39b61ba3af28e7ce1dc79953053eb.svg
autenticacion.apps.bancolombia.com/static/media/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trazo.51bfee6e83ae3ece80ddec22c48a6d1b.svg
autenticacion.apps.bancolombia.com/static/media/ |
3 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
scotiabank-colpatria-red.svg
cdn.agilitycms.com/scotiabank-colombia/canvas/svgs/logos/ |
12 KB 12 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logodavi.png
script4all.me/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
ZKZx.gif
i.gifer.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1023 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
O35t61T.png
i.imgur.com/ |
86 KB 86 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lXFkWZM.png
i.imgur.com/ |
172 KB 172 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xTlfQ0w.png
i.imgur.com/ |
164 KB 164 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
spspsp.svg
script4all.me/ |
5 KB 757 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Cd5GcqE.png
i.imgur.com/ |
414 KB 414 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vCkfZ6q.png
i.imgur.com/ |
173 KB 174 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
phgJKoW.png
i.imgur.com/ |
31 KB 31 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GmZjIm1.png
i.imgur.com/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- i.gifer.com
- URL
- https://i.gifer.com/ZKZx.gif
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banco Fallabela (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontentvisibilityautostatechange3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.bancofalabella.com.co/ | Name: __cf_bm Value: eqdFabqk.FFrqsr6aYwv7oTc3L.Y8khipOyeV_aKxQ8-1673671831-0-AR2akkdLP4WbceTCk39cl6PdqmchDbKHAIz11vrCjO+YdRWyoAcekPRUeuaqK3AsVUQknyn+0lzRkuanLqnhOA8MX70kO1xRE1+SPWMnFI3v |
|
.bancofinandina.com/ | Name: visid_incap_2851724 Value: y51dIsF3Qz6ESPcyRVMGjZY0wmMAAAAAQUIPAAAAAABlq1bMrupJ1bKazYRmvEct |
|
.bancofinandina.com/ | Name: incap_ses_245_2851724 Value: Nl+2WDhjORekJ8FU9WpmA5c0wmMAAAAADWG+xCelBiEnRKbZroI/NA== |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
autenticacion.apps.bancolombia.com
cdn.agilitycms.com
fonts.googleapis.com
fonts.gstatic.com
i.gifer.com
i.imgur.com
pagos.bancofinandina.com
script4all.me
unpkg.com
upload.wikimedia.org
www.avvillas.com.co
www.bancodeoccidente.com.co
www.bancofalabella.com.co
www.e-bbva.com.co
www.fedex.com
www.itau.co
www.script4all.me
i.gifer.com
104.83.4.43
143.204.215.4
162.0.215.32
190.145.228.62
199.232.16.193
200.14.232.17
200.14.232.19
2606:2800:233:1cb7:261b:1f9c:2074:3c
2606:4700::6810:7aaf
2606:4700::6813:db0e
2620:0:862:ed1a::2:b
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2003
2a02:26f0:3500:18::1724:a29b
45.60.78.75
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac
0c49151b0e5d3fb89d90730436f76f18976b998c4bc5aa525f9915c7df75c3f8
1dc7581ea169ae267667ea4d04eb821bbcf2597eb642b5e69b64319fedcf7143
25b7fd391292148a096b71cf0a20d5f34cae972fcce960dad2c5cea704b926e4
26634fffdefd60839fe134ce93a654b711b23965e615e517d9a6b8d139817e6f
2933c5c27784b1869ba9534af1f8ebd72d151dd5a7e581b588d5a36406c8956e
359c1fa59eb4037b7286a1d627ff2cf2f150478c94db49a53bf3abcfdac68986
4401aeae8ced32f3503b820eda4fb6bec9cc703ef9a1a42a817fae255f34e716
50b9f2bb0a410488a580c58cd092a12e2a70d4e162419713343fdea734139c32
543d630e88cdc27014e99d9922ea477f06f65e2b301c21be7fde9ab0deacae09
54e768bafc876842d9f266103e2faa36390624260f11e7b631621cd2193e5159
5c428f1301a090337dc8bf2938e643b29284d1caa75eb88ac1039a278effdc0e
5e4236eb3e6379cd929ab798b86d2d2d4f00c6b0bdb6dc00c901e97bc54d8d4c
6cca07157d02880253a1f36d52173b081f158a9f778338e410a7b7e3aab7bc07
7375b063af8b93fc5603e020a69e0b34a3e16c6e9934b1970ffd20c13da35bbf
7c2c5b086408c8f9b8c2f308bf8665fcd8e27e26509fb8f58b6819dd25289da2
88bb7a7abd185919d939278dbb24952d17dd5ab63b803c119644ebf9be1d274f
8d683e97a1f23650a3e38cf3621b924ccf692f2a4204d193335ceddeb9b65353
9717a4e8c74027b8f907460c3d8b621cc428bdd765a2ae2c989fadaad734be72
a295a39f1b3fcc073f7f5577b6388fcd8deed9e3e8d5bfb12b7dbb1e5587d8eb
b2cced88bc9787166542b1f3fa93988479b90467694947d9d7864154ee68e16d
ba4735ee07762b69eb55134aac0516a7be5afb96dbb598bb2677519a4cfb9ffc
bee14293c7a0f877ff5af09ecea0427da2105f20d87c6443518a5616bdbcc377
cea99892eb1ba6e16d5aec42dc9493345d7bc9d72c8fab06085adb965ca745c1
d6e474f99f171f367379f5e9e528c7f6a1c52bd2b034ac04990f640c996b64b3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e84fedcfda8babee464b7360c988006fc22518067ec7204cd8af8f461bee10be
eb2359f988b0a1e31679361d3384d836382e1faf228145612f4dbee1b67d13c3
f6c793fe76d2d7ac19a2bfc748b8d4f2f536bfef2114fcd295e0446716ba63c6