12fitness.ca
Open in
urlscan Pro
23.21.252.138
Malicious Activity!
Public Scan
Effective URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/
Submission: On April 30 via manual from CA
Summary
This is the only time 12fitness.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Banque Postale (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 52.24.154.40 52.24.154.40 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 109.196.48.204 109.196.48.204 | 50231 (SYRION-AS) (SYRION-AS) | |
2 17 | 23.21.252.138 23.21.252.138 | 14618 (AMAZON-AES) (AMAZON-AES - Amazon.com) | |
16 | 2 |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-154-40.us-west-2.compute.amazonaws.com
go.sparkpostmail1.com |
ASN50231 (SYRION-AS, PL)
PTR: ip-109196048204.syrion.pl
4quality.pl |
ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-23-21-252-138.compute-1.amazonaws.com
12fitness.ca |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
12fitness.ca
2 redirects
12fitness.ca |
157 KB |
1 |
4quality.pl
4quality.pl |
542 B |
1 |
sparkpostmail1.com
1 redirects
go.sparkpostmail1.com |
219 B |
16 | 3 |
Domain | Requested by | |
---|---|---|
17 | 12fitness.ca |
2 redirects
12fitness.ca
|
1 | 4quality.pl | |
1 | go.sparkpostmail1.com | 1 redirects |
16 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 2 frames:
Primary Page:
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/
Frame ID: A7E904865C65F40C457F08A9140F8EE2
Requests: 7 HTTP requests in this frame
Frame:
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php
Frame ID: FEF83C329AC3E1542FD47830E6DE968B
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy...
HTTP 302
http://4quality.pl//scripts/htalkitlitbrini.html Page URL
-
http://12fitness.ca//hhdkfks/labanquepostale/
HTTP 302
http://12fitness.ca//hhdkfks/labanquepostale/a5c2c HTTP 301
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Page URL
Detected technologies
Debian (Operating Systems) ExpandDetected patterns
- headers server /Debian/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraXRsaXRicmluaS5odG1sVwNzcGNYBAAAAABCCgADp8PjWiyGQCpSGmNoYW50YWwuZ2Fnbm9uQHRyYW5zYXQuY29t
HTTP 302
http://4quality.pl//scripts/htalkitlitbrini.html Page URL
-
http://12fitness.ca//hhdkfks/labanquepostale/
HTTP 302
http://12fitness.ca//hhdkfks/labanquepostale/a5c2c HTTP 301
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraXRsaXRicmluaS5odG1sVwNzcGNYBAAAAABCCgADp8PjWiyGQCpSGmNoYW50YWwuZ2Fnbm9uQHRyYW5zYXQuY29t HTTP 302
- http://4quality.pl//scripts/htalkitlitbrini.html
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
htalkitlitbrini.html
4quality.pl//scripts/ Redirect Chain
|
297 B 542 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Redirect Chain
|
1 KB 782 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_01.gif
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ |
7 KB 7 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_02.gif
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_04.gif
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ |
16 KB 16 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index_05.gif
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ |
62 KB 62 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.jpg
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ |
14 KB 14 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.php
12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Frame FEF8 |
5 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
transparent.gif
12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ Frame FEF8 |
42 B 325 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.7.2.min.js
12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8 |
93 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
val_keypad_cvvs-commun-unifie.js
12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8 |
12 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
val_keypad_cvvs-unifie.js
12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8 |
7 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvs_all.css
12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/ Frame FEF8 |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
cvs_portable.css
12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/ Frame FEF8 |
1001 B 704 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bad.png
12fitness.ca/hhdkfks/labanquepostale/a5c2c/img/ Frame FEF8 |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.png
12fitness.ca/hhdkfks/labanquepostale/a5c2c/data_img/ Frame FEF8 |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Banque Postale (Banking)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
12fitness.ca
4quality.pl
go.sparkpostmail1.com
109.196.48.204
23.21.252.138
52.24.154.40
04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def
1fbd2c8347ea21c3aec216324f187409683dde29021154cb7ae0ed0f115a7089
26ac457637b6e883ca410bef71797ad78df8ab692fd4a42eebc2cf35326d4de5
46ff2be4b8263e5493aba57d07584b033e2cdc72cc395afde19fab5dc86629bb
50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35
58f7b7e041929ecb690aa5f3b756fa6d5991261b4ce913affbc0429b1ea93592
5a2e2ed1be88012ab4dbd3c4b37ce02e4d223982c63e6ae14c55a9f80f7c0b9d
68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e
8646606c95edd17842c81e1740c5d5b82ce0db9d85cee289e7f9f8b4f949ba34
9aaac9ad9b461893e7a54809e3a819de0af5d6b227fb24efe1c577f62645bc32
9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9
ac4b179388e43f276ab7562431986e8acb819e986ca88a3b5bf70d645337a8f3
b7a3002faaa8afb2091117c1323030ac79df2e41c0bdf84015032bb428721093
c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e