firewallfx.cl Open in urlscan Pro
200.2.232.21 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html
Submission: On April 11 via automatic, source openphish (April 11th 2017, 1:05:44 am UTC)

Summary HTTP 8 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 200.2.232.21, located in Santiago, Chile and belongs to MCL Internet, CL. The main domain is firewallfx.cl.

This is the only time firewallfx.cl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Alibaba (Online)

Domain & IP information

	IP Address	AS Autonomous System
2	200.2.232.21 200.2.232.21	10778 (MCL Internet) (MCL Internet)
1	195.138.255.8 195.138.255.8	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
8	3

2 200.2.232.21 (Santiago, Chile)

ASN10778 (MCL Internet, CL)
PTR: ast23221scl-static.adx.cl

firewallfx.cl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.138.255.8 (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

img.alibaba.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	firewallfx.cl firewallfx.cl	23 KB
1	alibaba.com img.alibaba.com	4 KB
0	la-habanera.de Failed la-habanera.de Failed
8	3

	Domain	Requested by
2	firewallfx.cl
1	img.alibaba.com	firewallfx.cl
0	la-habanera.de Failed	firewallfx.cl
8	3

This site contains links to these domains. Also see Links.

Domain
la-habanera.de
www.alibaba.com
resources.alibaba.com
us.my.alibaba.com
us.favorite.alibaba.com
news.alibaba.com
importer.alibaba.com
tradeshow.alibaba.com
china.alibaba.com
www.aliexpress.com
www.alibaba.co.jp
www.taobao.com
www.alipay.com
www.yahoo.com.cn
www.koubei.com
www.alisoft.com

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html
Frame ID: 1804.1
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

27 kB
Transfer

27 kB
Size

0
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: http://la-habanera.de/ALIBABA-ONLINE/B/
Title: Sign Out

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/
Title: Alibaba.com

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/catalogs/0/product.html?cd=buyhome
Title: Buy

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/sell/sell.htm
Title: Sell

Search URL Search Domain Scan URL

URL: http://resources.alibaba.com/
Title: Community

Search URL Search Domain Scan URL

URL: http://us.my.alibaba.com/
Title: My Alibaba

Search URL Search Domain Scan URL

URL: http://us.favorite.alibaba.com/
Title: My Favorites

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/help
Title: Help

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/specials/aboutalibaba/index.html
Title: Company Information

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/sitemap.html
Title: Site Map

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/specials/aboutalibaba/partnership_with_alibaba.html
Title: Partnerships

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/Products
Title: Buy

Search URL Search Domain Scan URL

URL: http://importer.alibaba.com/
Title: Sell

Search URL Search Domain Scan URL

URL: http://tradeshow.alibaba.com/
Title: Trade Shows

Search URL Search Domain Scan URL

URL: http://resources.alibaba.com/trade_safe/home.htm
Title: Safety & Security

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/help/contact-us.html#askquestion
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/aboutalibaba/aligroup/index.html
Title: Alibaba Group

Search URL Search Domain Scan URL

URL: http://china.alibaba.com/
Title: Alibaba China

Search URL Search Domain Scan URL

URL: http://www.aliexpress.com/
Title: AliExpress

Search URL Search Domain Scan URL

URL: http://www.alibaba.co.jp/
Title: Alibaba Japan

Search URL Search Domain Scan URL

URL: http://www.taobao.com/
Title: Taobao

Search URL Search Domain Scan URL

URL: http://www.alipay.com/
Title: Alipay

Search URL Search Domain Scan URL

URL: http://www.yahoo.com.cn/
Title: Yahoo! China

Search URL Search Domain Scan URL

URL: http://www.koubei.com/
Title: Koubei.com

Search URL Search Domain Scan URL

URL: http://www.alisoft.com/
Title: Alisoft

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/article/detail/help/100105711-1-product-listing-policy.html
Title: Product Listing Policy

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/article/detail/help/100104162-1-intellectual-property-protection-policy-infringement.html
Title: Intellectual Property Policy and Infringement Claims

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/article/detail/help/100103729-1-privacy-policy.html
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://news.alibaba.com/article/detail/help/100103727-1-terms-use.html
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/trade/servlet/page/static/copyright_policy
Title: Copyright Notice

Search URL Search Domain Scan URL

URL: http://www.alibaba.com/help/research-panel.html?tracelog=24581_research_panel
Title: Join the Alibaba.com Research Panel

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Alibaba-Secure-Data.html Show response firewallfx.cl/fxincendio/libraries/PG/	22 KB 22 KB	450ms 225ms	Document text/html	200.2.232.21 MCL Internet
General Check archive.org Show headers Download Go to Full URL http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html Protocol HTTP/1.1 Server 200.2.232.21 Santiago, Chile, ASN10778 (MCL Internet, CL), Reverse DNS ast23221scl-static.adx.cl Software / Resource Hash `69c9b09424b64ccdd478ffaf76e73e6b113d9f8b785f9ec2b09183caafd1eddd` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host firewallfx.cl Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Tue, 11 Apr 2017 01:05:16 GMT Last-Modified Tue, 01 Dec 2015 19:59:43 GMT Age 13 X-Cache HIT Content-Type text/html X-Varnish 20056336 21728001 Connection keep-alive Accept-Ranges bytes Content-Length 22934 X-Cache-Hits 1
GET		headCap.gif la-habanera.de/images/eng/style/css_images/navigation/	0 0

GET		btm_searchbar.gif la-habanera.de/images/eng/style/css_images/	0 0

GET		sprites_title.gif la-habanera.de/images/eng/style/css_images/sprites/	0 0

GET		main_navig_sprites.gif la-habanera.de/images/eng/style/css_images/sprites/	0 0

GET H/1.1	200 OK	logo_alibaba_sprite.gif img.alibaba.com/images/eng/style/logo/	4 KB 4 KB	264ms 260ms	Image image/gif	195.138.255.8 NETZBETRIEB-GMBH
General Check archive.org Show headers Download Go to Show image Full URL http://img.alibaba.com/images/eng/style/logo/logo_alibaba_sprite.gif Requested by Host: firewallfx.cl URL: http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html Protocol HTTP/1.1 Server 195.138.255.8 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE), Reverse DNS Software Tengine / Resource Hash `2bd29eb9f85f17a49d2a22e8d16629399a8d3456a45d46acb873be417d1a9633` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host img.alibaba.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html Connection keep-alive Cache-Control no-cache Referer http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Tue, 11 Apr 2017 01:05:34 GMT Last-Modified Tue, 17 Aug 2010 07:16:57 GMT Server Tengine FW_IP 195.138.255.8 Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers FW_IP Cache-Control max-age=172800 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 3885 Expires Tue, 11 Apr 2017 07:12:47 GMT
GET		buttonSkinBL.gif la-habanera.de/images/eng/style/css_images/	0 0

GET H/1.1	404 Not Found	favicon.ico firewallfx.cl/	328 B 328 B	356ms 356ms	Other text/html	200.2.232.21 MCL Internet
General Check archive.org Show headers Download Go to Full URL http://firewallfx.cl/favicon.ico Protocol HTTP/1.1 Server 200.2.232.21 Santiago, Chile, ASN10778 (MCL Internet, CL), Reverse DNS ast23221scl-static.adx.cl Software / Resource Hash `6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host firewallfx.cl Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html Connection keep-alive Cache-Control no-cache Referer http://firewallfx.cl/fxincendio/libraries/PG/Alibaba-Secure-Data.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 Response headers Date Tue, 11 Apr 2017 01:05:30 GMT X-Varnish 20056337 Connection keep-alive Age 0 Content-Length 328 X-Cache MISS Content-Type text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: la-habanera.de
URL: http://la-habanera.de/images/eng/style/css_images/navigation/headCap.gif

Domain: la-habanera.de
URL: http://la-habanera.de/images/eng/style/css_images/btm_searchbar.gif

Domain: la-habanera.de
URL: http://la-habanera.de/images/eng/style/css_images/sprites/sprites_title.gif

Domain: la-habanera.de
URL: http://la-habanera.de/images/eng/style/css_images/sprites/main_navig_sprites.gif

Domain: la-habanera.de
URL: http://la-habanera.de/images/eng/style/css_images/buttonSkinBL.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alibaba (Online)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

firewallfx.cl
img.alibaba.com
la-habanera.de
la-habanera.de
195.138.255.8
200.2.232.21
2bd29eb9f85f17a49d2a22e8d16629399a8d3456a45d46acb873be417d1a9633
69c9b09424b64ccdd478ffaf76e73e6b113d9f8b785f9ec2b09183caafd1eddd
6b62a3658ad247e8f30d3e9f35da5e00ffac1ea09785bd1f0a9830f659cf01da

firewallfx.cl Open in urlscan Pro 200.2.232.21 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

27 kBTransfer

27 kBSize

0 Cookies

31 Outgoing links

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

firewallfx.cl Open in urlscan Pro
200.2.232.21 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

27 kB
Transfer

27 kB
Size

0
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!