karnatakaaromas.com Open in urlscan Pro
162.215.248.70 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://swisscom.karnatakaaromas.com/
Effective URL:
https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83X...
Submission: On February 08 via api (February 8th 2024, 12:55:01 pm UTC) from PL — Scanned from CH

Summary HTTP 3 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 162.215.248.70, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is karnatakaaromas.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 14th 2023. Valid for: a year.

This is the only time karnatakaaromas.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Swisscom (Telecommunication)

Domain & IP information

	IP Address		AS Autonomous System
3 6	162.215.248.70 162.215.248.70		46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
3	2

6 162.215.248.70 (United States) 3 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 162-215-248-70.unifiedlayer.com

swisscom.karnatakaaromas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
karnatakaaromas.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	karnatakaaromas.com 3 redirects swisscom.karnatakaaromas.com karnatakaaromas.com	574 KB
3	1

	Domain	Requested by
5	karnatakaaromas.com	2 redirects karnatakaaromas.com
1	swisscom.karnatakaaromas.com	1 redirects
3	2

This site contains no links.

Subject Issuer	Validity	Valid
karnatakaaromas.com Go Daddy Secure Certificate Authority - G2	`2023-10-14` - `2024-11-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU=
Frame ID: 04AF30620E37D9A266B33D3E8F124BB5
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Swisscom Login

Page URL History Show full URLs

http://swisscom.karnatakaaromas.com/ HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome/ Page URL
https://karnatakaaromas.com/wp-cotent/welcome/home/ HTTP 302
https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVI... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

706 kB
Transfer

1237 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://swisscom.karnatakaaromas.com/ HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome/ Page URL
https://karnatakaaromas.com/wp-cotent/welcome/home/ HTTP 302
https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://swisscom.karnatakaaromas.com/ HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome HTTP 301
https://karnatakaaromas.com/wp-cotent/welcome/

3 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ karnatakaaromas.com/wp-cotent/welcome/ Redirect Chain http://swisscom.karnatakaaromas.com/ https://karnatakaaromas.com/wp-cotent/welcome https://karnatakaaromas.com/wp-cotent/welcome/	104 B 172 B	545ms 544ms	Document text/html	162.215.248.70 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://karnatakaaromas.com/wp-cotent/welcome/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.215.248.70 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-248-70.unifiedlayer.com Software Apache / Resource Hash Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language de-CH,de;q=0.9 Response headers content-encoding gzip content-length 108 content-type text/html; charset=UTF-8 date Thu, 08 Feb 2024 12:54:56 GMT server Apache vary Accept-Encoding Redirect headers content-length 254 content-type text/html; charset=iso-8859-1 date Thu, 08 Feb 2024 12:54:56 GMT location https://karnatakaaromas.com/wp-cotent/welcome/ server Apache
GET H2	200	Primary Request Swiss-log.php Show response karnatakaaromas.com/wp-cotent/welcome/home/ Redirect Chain https://karnatakaaromas.com/wp-cotent/welcome/home/ https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2...	974 KB 535 KB	537ms 536ms	Document text/html	162.215.248.70 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.215.248.70 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-248-70.unifiedlayer.com Software Apache / Resource Hash `185f0f870854d9f21e227c85bb912b78fe53b106d5d31e1bcde2e50c246679a5` Request headers Referer https://karnatakaaromas.com/wp-cotent/welcome/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 accept-language de-CH,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-type text/html; charset=UTF-8 date Thu, 08 Feb 2024 12:54:58 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache vary Accept-Encoding Redirect headers content-encoding gzip content-length 24 content-type text/html; charset=UTF-8 date Thu, 08 Feb 2024 12:54:57 GMT location Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU= server Apache vary Accept-Encoding
GET DATA	200 OK	truncated /	93 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b1f586a03b7b8f4b401a81a386f0392f72e95c9cb494f1fbb08138822212173e` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/svg+xml
GET H2	200	jquery.min.js Show response karnatakaaromas.com/wp-cotent/welcome/home/Swiss_files/	86 KB 38 KB	182ms 182ms	Script application/javascript	162.215.248.70 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss_files/jquery.min.js Requested by Host: karnatakaaromas.com URL: https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU= Protocol H2 Security TLS 1.3, , AES_256_GCM Server 162.215.248.70 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 162-215-248-70.unifiedlayer.com Software Apache / Resource Hash `2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a` Request headers accept-language de-CH,de;q=0.9 Referer https://karnatakaaromas.com/wp-cotent/welcome/home/Swiss-log.php?token=TW96aWxsYS81LjAgKGlQaG9uZTsgQ1BVIGlQaG9uZSBPUyAxNF83XzEgbGlrZSBNYWMgT1MgWCkgQXBwbGVXZWJLaXQvNjA1LjEuMTUgKEtIVE1MLCBsaWtlIEdlY2tvKSBWZXJzaW9uLzE0LjEuMiBNb2JpbGUvMTVFMTQ4IFNhZmFyaS82MDQuMTE3Ni4xMC4xMDYuMjAyMDI0OkZlYjpUaHU= User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers date Thu, 08 Feb 2024 12:55:00 GMT content-encoding gzip last-modified Wed, 07 Feb 2024 04:28:26 GMT server Apache accept-ranges bytes vary Accept-Encoding content-type application/javascript
GET DATA	200 OK	truncated /	7 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `dc58ded68592d0376a68cb174f5509208c22edc10b0003aaac51e35484447364` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	38 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e` Request headers accept-language de-CH,de;q=0.9 Referer User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	50 KB 50 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f0cc4ee9dc83925f474ab0b5ed3a5395038c979e157d4bae8e67225f1b0922d8` Request headers Referer Origin https://karnatakaaromas.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	29 KB 29 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a8ff2577aaef54f873ee27c6bf4592be5970d95dddb0c2885bcfd2e87969de43` Request headers Referer Origin https://karnatakaaromas.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff2
GET DATA	200 OK	truncated /	55 KB 55 KB		Font application/font-woff2
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a6bab48f290efd74478d95eab8bc0610cc32ffa78dc5adbb8fbc34f30ce8d930` Request headers Referer Origin https://karnatakaaromas.com accept-language de-CH,de;q=0.9 User-Agent Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1 Response headers Content-Type application/font-woff2

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Swisscom (Telecommunication)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| checkusr function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			karnatakaaromas.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b73361611178547f5e58c5e31a077cd5

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

karnatakaaromas.com
swisscom.karnatakaaromas.com
162.215.248.70
185f0f870854d9f21e227c85bb912b78fe53b106d5d31e1bcde2e50c246679a5
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
a6bab48f290efd74478d95eab8bc0610cc32ffa78dc5adbb8fbc34f30ce8d930
a8ff2577aaef54f873ee27c6bf4592be5970d95dddb0c2885bcfd2e87969de43
b1f586a03b7b8f4b401a81a386f0392f72e95c9cb494f1fbb08138822212173e
dc58ded68592d0376a68cb174f5509208c22edc10b0003aaac51e35484447364
f0cc4ee9dc83925f474ab0b5ed3a5395038c979e157d4bae8e67225f1b0922d8
f9adb57dca9cbd2514ed249714b613d65e78a81cadda2882679a9672c812d25e

karnatakaaromas.com Open in urlscan Pro 162.215.248.70 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

3 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

1 Countries

706 kBTransfer

1237 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

3 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

Indicators

karnatakaaromas.com Open in urlscan Pro
162.215.248.70 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

3
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

706 kB
Transfer

1237 kB
Size

1
Cookies

3 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!