12fitness.ca Open in urlscan Pro
23.21.252.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraX...
Effective URL:
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/
Submission: On April 30 via manual (April 30th 2018, 1:31:51 pm UTC) from CA

Summary HTTP 16 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 23.21.252.138, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is 12fitness.ca.

This is the only time 12fitness.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Banque Postale (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.24.154.40 52.24.154.40	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	109.196.48.204 109.196.48.204	50231 (SYRION-AS) (SYRION-AS)
2 17	23.21.252.138 23.21.252.138	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
16	2

1 52.24.154.40 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-24-154-40.us-west-2.compute.amazonaws.com

go.sparkpostmail1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 109.196.48.204 (Czerwionka, Poland)

ASN50231 (SYRION-AS, PL)
PTR: ip-109196048204.syrion.pl

4quality.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 23.21.252.138 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-23-21-252-138.compute-1.amazonaws.com

12fitness.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	12fitness.ca 2 redirects 12fitness.ca	157 KB
1	4quality.pl 4quality.pl	542 B
1	sparkpostmail1.com 1 redirects go.sparkpostmail1.com	219 B
16	3

	Domain	Requested by
17	12fitness.ca	2 redirects 12fitness.ca
1	4quality.pl
1	go.sparkpostmail1.com	1 redirects
16	3

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/
Frame ID: A7E904865C65F40C457F08A9140F8EE2
Requests: 7 HTTP requests in this frame

Frame: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php
Frame ID: FEF83C329AC3E1542FD47830E6DE968B
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy... HTTP 302
http://4quality.pl//scripts/htalkitlitbrini.html Page URL
http://12fitness.ca//hhdkfks/labanquepostale/ HTTP 302
http://12fitness.ca//hhdkfks/labanquepostale/a5c2c HTTP 301
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Page URL

Detected technologies

Debian (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /Debian/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

16
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

157 kB
Transfer

235 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraXRsaXRicmluaS5odG1sVwNzcGNYBAAAAABCCgADp8PjWiyGQCpSGmNoYW50YWwuZ2Fnbm9uQHRyYW5zYXQuY29t HTTP 302
http://4quality.pl//scripts/htalkitlitbrini.html Page URL
http://12fitness.ca//hhdkfks/labanquepostale/ HTTP 302
http://12fitness.ca//hhdkfks/labanquepostale/a5c2c HTTP 301
http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraXRsaXRicmluaS5odG1sVwNzcGNYBAAAAABCCgADp8PjWiyGQCpSGmNoYW50YWwuZ2Fnbm9uQHRyYW5zYXQuY29t HTTP 302
http://4quality.pl//scripts/htalkitlitbrini.html

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	htalkitlitbrini.html Show response 4quality.pl//scripts/ Redirect Chain http://go.sparkpostmail1.com/f/a/XrMAORzfx_QpZ54gqpSm3w~~/AANPNQA~/RgRcxkhDP0QwaHR0cDovLzRxdWFsaXR5LnBsLy9zY3JpcHRzL2h0YWxraXRsaXRicmluaS5odG1sVwNzcGNYBAAAAABCCgADp8PjWiyGQCpSGmNoYW50YWwuZ2Fnbm9uQH... http://4quality.pl//scripts/htalkitlitbrini.html	297 B 542 B	139ms 34ms	Document text/html	109.196.48.204 SYRION-AS
General Check archive.org Show headers Download Go to Full URL http://4quality.pl//scripts/htalkitlitbrini.html Protocol HTTP/1.1 Server 109.196.48.204 Czerwionka, Poland, ASN50231 (SYRION-AS, PL), Reverse DNS ip-109196048204.syrion.pl Software Apache/2.4.10 (Debian) / Resource Hash `5a2e2ed1be88012ab4dbd3c4b37ce02e4d223982c63e6ae14c55a9f80f7c0b9d` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 4quality.pl Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Cache-Control no-cache Connection keep-alive User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:41 GMT Content-Encoding gzip Last-Modified Sat, 28 Apr 2018 00:31:19 GMT Server Apache/2.4.10 (Debian) ETag "129-56addbd40a3c0-gzip" Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 205 Redirect headers Location http://4quality.pl//scripts/htalkitlitbrini.html Date Mon, 30 Apr 2018 13:31:41 GMT Server msys-http Connection keep-alive Content-Length 0 Content-Type text/plain
GET H/1.1	200 OK	Primary Request / Show response 12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Redirect Chain http://12fitness.ca//hhdkfks/labanquepostale/ http://12fitness.ca//hhdkfks/labanquepostale/a5c2c http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/	1 KB 782 B	111ms 110ms	Document text/html	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.22 Resource Hash `46ff2be4b8263e5493aba57d07584b033e2cdc72cc395afde19fab5dc86629bb` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://4quality.pl//scripts/htalkitlitbrini.html Connection keep-alive Cache-Control no-cache Referer http://4quality.pl//scripts/htalkitlitbrini.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:47 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.22 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 510 Redirect headers Location http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Date Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 335 Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	index_01.gif 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/	7 KB 7 KB	108ms 108ms	Image image/gif	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/index_01.gif Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:47 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"1a60-56b10e022cfa2" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 6752
GET H/1.1	200 OK	index_02.gif 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/	4 KB 4 KB	201ms 98ms	Image image/gif	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/index_02.gif Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"10d8-56b10e02271e2" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 4312
GET H/1.1	200 OK	index_04.gif 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/	16 KB 16 KB	203ms 99ms	Image image/gif	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/index_04.gif Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"3f17-56b10e022cfa2" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 16151
GET H/1.1	200 OK	index_05.gif 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/	62 KB 62 KB	208ms 102ms	Image image/gif	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/index_05.gif Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"f76e-56b10e02271e2" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 63342
GET H/1.1	200 OK	bg.jpg 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/	14 KB 14 KB	211ms 104ms	Image image/jpeg	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/bg.jpg Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"364e-56b10e02271e2" Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 13902
GET H/1.1	200 OK	login.php Show response 12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Frame FEF8	5 KB 2 KB	202ms 101ms	Document text/html	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.22 Resource Hash `58f7b7e041929ecb690aa5f3b756fa6d5991261b4ce913affbc0429b1ea93592` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ Connection keep-alive Cache-Control no-cache Upgrade-Insecure-Requests 1 Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Server Apache/2.4.7 (Ubuntu) X-Powered-By PHP/5.5.9-1ubuntu4.22 Vary Accept-Encoding Content-Type text/html Connection Keep-Alive Keep-Alive timeout=5, max=100 Content-Length 1488
GET H/1.1	200 OK	transparent.gif 12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/ Frame FEF8	42 B 325 B	120ms 120ms	Image image/gif	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/images/transparent.gif Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"2a-56b10e02271e2" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 42
GET H/1.1	200 OK	jquery-1.7.2.min.js Show response 12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8	93 KB 33 KB	177ms 177ms	Script application/javascript	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/jquery-1.7.2.min.js Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `1fbd2c8347ea21c3aec216324f187409683dde29021154cb7ae0ed0f115a7089` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"1727b-56b10e022cfa2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 33632
GET H/1.1	200 OK	val_keypad_cvvs-commun-unifie.js Show response 12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8	12 KB 4 KB	117ms 116ms	Script application/javascript	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/val_keypad_cvvs-commun-unifie.js Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `26ac457637b6e883ca410bef71797ad78df8ab692fd4a42eebc2cf35326d4de5` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"2fd8-56b10e022cfa2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 3525
GET H/1.1	200 OK	val_keypad_cvvs-unifie.js Show response 12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/ Frame FEF8	7 KB 3 KB	107ms 107ms	Script application/javascript	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/js/val_keypad_cvvs-unifie.js Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `8646606c95edd17842c81e1740c5d5b82ce0db9d85cee289e7f9f8b4f949ba34` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept / Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"1c31-56b10e022cfa2-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 2339
GET H/1.1	200 OK	cvs_all.css 12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/ Frame FEF8	6 KB 2 KB	115ms 108ms	Stylesheet text/css	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/cvs_all.css Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `ac4b179388e43f276ab7562431986e8acb819e986ca88a3b5bf70d645337a8f3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"1701-56b10e02271e2-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 1494
GET H/1.1	200 OK	cvs_portable.css 12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/ Frame FEF8	1001 B 704 B	197ms 101ms	Stylesheet text/css	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/css/cvs_portable.css Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `9aaac9ad9b461893e7a54809e3a819de0af5d6b227fb24efe1c577f62645bc32` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept text/css,/;q=0.1 Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Content-Encoding gzip Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"3e9-56b10e02271e2-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 368
GET H/1.1	500 Service unavailable (with message)	bad.png 12fitness.ca/hhdkfks/labanquepostale/a5c2c/img/ Frame FEF8	4 KB 4 KB	500ms 499ms	Image text/html	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/img/bad.png Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / PHP/5.5.9-1ubuntu4.22 Resource Hash `b7a3002faaa8afb2091117c1323030ac79df2e41c0bdf84015032bb428721093` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers X-Generator Drupal 7 (http://drupal.org) Date Mon, 30 Apr 2018 13:31:48 GMT Server Apache/2.4.7 (Ubuntu) Connection close X-Powered-By PHP/5.5.9-1ubuntu4.22 Content-Length 3684 Content-Type text/html
GET H/1.1	200 OK	login.png 12fitness.ca/hhdkfks/labanquepostale/a5c2c/data_img/ Frame FEF8	5 KB 5 KB	102ms 101ms	Image image/png	23.21.252.138 Amazon.com
General Check archive.org Show headers Download Go to Show image Full URL http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/data_img/login.png Requested by Host: 12fitness.ca URL: http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Protocol HTTP/1.1 Server 23.21.252.138 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US), Reverse DNS ec2-23-21-252-138.compute-1.amazonaws.com Software Apache/2.4.7 (Ubuntu) / Resource Hash `fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host 12fitness.ca User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php Connection keep-alive Cache-Control no-cache Referer http://12fitness.ca/hhdkfks/labanquepostale/a5c2c/login.php User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36 Response headers Date Mon, 30 Apr 2018 13:31:48 GMT Last-Modified Mon, 30 Apr 2018 13:31:47 GMT Server Apache/2.4.7 (Ubuntu) ETag W/"121b-56b10e022cfa2" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4635

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Banque Postale (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12fitness.ca
4quality.pl
go.sparkpostmail1.com
109.196.48.204
23.21.252.138
52.24.154.40
04fd3a5bb751974a97e3025f80bb60966d6746f14ac75ddba4de8a1a9bec4def
1fbd2c8347ea21c3aec216324f187409683dde29021154cb7ae0ed0f115a7089
26ac457637b6e883ca410bef71797ad78df8ab692fd4a42eebc2cf35326d4de5
46ff2be4b8263e5493aba57d07584b033e2cdc72cc395afde19fab5dc86629bb
50f08e3f8e9097920c6d34dc772b9cf34310e754b8455e0926c8dfcb3dfccc35
58f7b7e041929ecb690aa5f3b756fa6d5991261b4ce913affbc0429b1ea93592
5a2e2ed1be88012ab4dbd3c4b37ce02e4d223982c63e6ae14c55a9f80f7c0b9d
68374609fd96961cd1590f53a2b061527ae5ba00bc5a505b7c5758aea3b93b7e
8646606c95edd17842c81e1740c5d5b82ce0db9d85cee289e7f9f8b4f949ba34
9aaac9ad9b461893e7a54809e3a819de0af5d6b227fb24efe1c577f62645bc32
9c3c51c993e93289ee20b82b30e73ddab4ea26312b9aab6f0b16e0e289ab5be9
ac4b179388e43f276ab7562431986e8acb819e986ca88a3b5bf70d645337a8f3
b7a3002faaa8afb2091117c1323030ac79df2e41c0bdf84015032bb428721093
c2ad8f0fc38f50b12290b2d62bb678bee2fc6c927df5c16ff615708e4c283296
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fb04604a9152cc57920f51513c860c699b2c71551334e5986b12ecc560b4ed2e

12fitness.ca Open in urlscan Pro 23.21.252.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

0 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

157 kBTransfer

235 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

12fitness.ca Open in urlscan Pro
23.21.252.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

0 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

157 kB
Transfer

235 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!