urlscan.io logo urlscan.io
SecurityTrails logo

activision.okta.inversionesdavila.com Open in urlscan Pro
186.64.117.75  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://activision.okta.inversionesdavila.com/home
Effective URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Submission: On October 07 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 10 HTTP transactions. The main IP is 186.64.117.75, located in Chile and belongs to ZAM LTDA., CL. The main domain is activision.okta.inversionesdavila.com.
TLS certificate: Issued by R3 on September 11th 2023. Valid for: 3 months.
This is the only time activision.okta.inversionesdavila.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Activision (Online) Nordstrom (Fashion)

Domain & IP information

IP Address AS Autonomous System
2 11 186.64.117.75 52368 (ZAM LTDA.)
1 143.204.215.20 16509 (AMAZON-02)
10 2
Apex Domain
Subdomains		 Transfer
11 inversionesdavila.com
activision.okta.inversionesdavila.com
103 KB
1 oktacdn.com
ok1static.oktacdn.com — Cisco Umbrella Rank: 21882
8 KB
10 2
Domain Requested by
11 activision.okta.inversionesdavila.com 2 redirects activision.okta.inversionesdavila.com
1 ok1static.oktacdn.com activision.okta.inversionesdavila.com
10 2

This site contains links to these domains. Also see Links.

Domain
www.okta.com
nordstrom.okta.com
Subject Issuer Validity Valid
inversionesdavila.com
R3		 2023-09-11 -
2023-12-10		 3 months crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-03 -
2024-01-02		 a year crt.sh

This page contains 1 frames:

Primary Page: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Frame ID: 297D40C805D36661AA69324B658BFC6C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Activision Blizzard - Sign In

Page URL History Show full URLs

  1. https://activision.okta.inversionesdavila.com/home HTTP 301
    https://activision.okta.inversionesdavila.com/home/ HTTP 302
    https://activision.okta.inversionesdavila.com/home/oauth2/index.html Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

111 kB
Transfer

304 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://activision.okta.inversionesdavila.com/home HTTP 301
    https://activision.okta.inversionesdavila.com/home/ HTTP 302
    https://activision.okta.inversionesdavila.com/home/oauth2/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.html
activision.okta.inversionesdavila.com/home/oauth2/
Redirect Chain
  • https://activision.okta.inversionesdavila.com/home
  • https://activision.okta.inversionesdavila.com/home/
  • https://activision.okta.inversionesdavila.com/home/oauth2/index.html
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
de8900c6296e31075d03e335173ab3798b0a5ff614e925bfdc6d2a07b47a8278
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=604800, must-revalidate
content-encoding
gzip
content-length
2715
content-type
text/html
date
Sat, 07 Oct 2023 18:12:29 GMT
etag
"496106e-2004-6051950babac0-gzip"
expires
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Mon, 11 Sep 2023 18:15:47 GMT
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains;
vary
Accept-Encoding

Redirect headers

cache-control
max-age=0, public
content-encoding
gzip
content-type
text/html
date
Sat, 07 Oct 2023 18:12:29 GMT
expires
Sat, 07 Oct 2023 18:12:29 GMT
location
oauth2/index.html
server
Apache
strict-transport-security
max-age=63072000; includeSubdomains;
vary
Accept-Encoding
okta-sign-in.min.css
activision.okta.inversionesdavila.com/home/oauth2/files/ 		215 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
ea8d801deb6776d5aaf273dfbc42d503fdaaa6f51c8934d0961e3f2a1ba13ceb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Thu, 10 Aug 2023 19:43:49 GMT
server
Apache
etag
"49611b6-35dc7-60296d0a3a740-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
30188
expires
Mon, 06 Nov 2023 18:12:29 GMT
loginpage-theme.c1227d73b70be13e51aae80fe238b0ae.css
activision.okta.inversionesdavila.com/home/oauth2/files/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/files/loginpage-theme.c1227d73b70be13e51aae80fe238b0ae.css
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
e1e44d4c36b5065da95f5c9fba78d36deb4a28e09751ae05aa1675121041af51
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Thu, 10 Aug 2023 19:43:50 GMT
server
Apache
etag
"49611ae-c4e-60296d0b2e980-gzip"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=604800, public
accept-ranges
bytes
content-length
1198
expires
Mon, 06 Nov 2023 18:12:29 GMT
style-sheet
activision.okta.inversionesdavila.com/home/oauth2/files/ 		556 B
261 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/files/style-sheet
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
9af30b5e4695010f9be253f861784e638c81274ca0390214629886029ca9b509
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
br
date
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Thu, 10 Aug 2023 19:43:50 GMT
server
Apache
etag
"49611a8-22c-60296d0b2e980-br"
vary
Accept-Encoding
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
182
expires
Mon, 06 Nov 2023 18:12:29 GMT
okta-logo-end-user-dashboard.fc6d8fdbcb8cb4c933d009e71456cec6.svg
activision.okta.inversionesdavila.com/home/oauth2/files/ 		958 B
320 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-logo-end-user-dashboard.fc6d8fdbcb8cb4c933d009e71456cec6.svg
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
3f3891aeaf25fec84fcdd3bb35e1c7900df90bd81262bddfe5b7519accfb3a97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
br
date
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Thu, 10 Aug 2023 19:43:50 GMT
server
Apache
etag
"49611ac-3be-60296d0b2e980-br"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
247
expires
Mon, 06 Nov 2023 18:12:29 GMT
fs01hfbn7u0Cpy23l0h8
ok1static.oktacdn.com/fs/bco/1/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ok1static.oktacdn.com/fs/bco/1/fs01hfbn7u0Cpy23l0h8
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-20.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
efc51ec51e163ee050073c025bb4db4f3778ed27f2cf9a9848486d13fe1fafb4
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Tue, 26 Sep 2023 18:23:53 GMT
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
age
949716
x-cache
Hit from cloudfront
content-length
7133
last-modified
Fri, 26 Jul 2019 15:55:02 GMT
server
nginx
etag
"26fe32ac453f66986a43b354dd8d548b"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
accept-ranges
bytes
x-amz-cf-id
_uMb9G8jytCBgxX_fEcSSucm_hA6K8P8JMslWu8K4ViD0QU7CkDyvw==
expires
Wed, 25 Sep 2024 18:23:53 GMT
fs057b5c9yZyDY3N32p7
activision.okta.inversionesdavila.com/home/oauth2/files/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/files/fs057b5c9yZyDY3N32p7
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
19d20c363953ec52f2a0fa995bf5ae3451cff3f2048931cee8be86dec8d6fed0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://activision.okta.inversionesdavila.com/home/oauth2/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
br
date
Sat, 07 Oct 2023 18:12:29 GMT
last-modified
Thu, 10 Aug 2023 19:43:50 GMT
server
Apache
etag
"49611b4-1575-60296d0b2e980-br"
vary
Accept-Encoding
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
5497
expires
Mon, 06 Nov 2023 18:12:29 GMT
okticon.woff
activision.okta.inversionesdavila.com/home/oauth2/font/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/font/okticon.woff
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Origin
https://activision.okta.inversionesdavila.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Sat, 07 Oct 2023 18:12:30 GMT
last-modified
Thu, 10 Aug 2023 19:48:35 GMT
server
Apache
etag
"49611ba-5078-60296e1afaac0-gzip"
vary
Accept-Encoding
content-type
font/woff
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
20583
expires
Mon, 06 Nov 2023 18:12:30 GMT
montserrat-okta-regular-webfont.woff
activision.okta.inversionesdavila.com/home/oauth2/font/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/font/montserrat-okta-regular-webfont.woff
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
1d5325892ecf2dc3abd0caf2a1ef4eabf2477e2937c9a372760fd2acae8fddf3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Origin
https://activision.okta.inversionesdavila.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Sat, 07 Oct 2023 18:12:30 GMT
last-modified
Thu, 10 Aug 2023 19:48:43 GMT
server
Apache
etag
"49611bc-55dc-60296e229bcc0-gzip"
vary
Accept-Encoding
content-type
font/woff
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
21955
expires
Mon, 06 Nov 2023 18:12:30 GMT
montserrat-okta-light-webfont.woff
activision.okta.inversionesdavila.com/home/oauth2/font/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://activision.okta.inversionesdavila.com/home/oauth2/font/montserrat-okta-light-webfont.woff
Requested by
Host: activision.okta.inversionesdavila.com
URL: https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
186.64.117.75 , Chile, ASN52368 (ZAM LTDA., CL),
Reverse DNS
blue107.dnsmisitio.net
Software
Apache /
Resource Hash
feb177fb563f478cb8ecade71caea5df5ad318ca161c71875114e504ce304ace
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains;

Request headers

Referer
https://activision.okta.inversionesdavila.com/home/oauth2/files/okta-sign-in.min.css
Origin
https://activision.okta.inversionesdavila.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-encoding
gzip
date
Sat, 07 Oct 2023 18:12:30 GMT
last-modified
Thu, 10 Aug 2023 19:48:48 GMT
server
Apache
etag
"49611be-5660-60296e2760800-gzip"
vary
Accept-Encoding
content-type
font/woff
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
22097
expires
Mon, 06 Nov 2023 18:12:30 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Activision (Online) Nordstrom (Fashion)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubdomains;