tourdescanadiens.cn - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 6 HTTP transactions. The main IP is 198.71.233.3, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is tourdescanadiens.cn.

This is the only time tourdescanadiens.cn was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Scotiabank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
6	198.71.233.3 198.71.233.3		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
6	1

6 198.71.233.3 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-198-71-233-3.ip.secureserver.net

tourdescanadiens.cn	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	tourdescanadiens.cn tourdescanadiens.cn	23 KB
6	1

	Domain	Requested by
6	tourdescanadiens.cn	tourdescanadiens.cn
6	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
Frame ID: DEB9C54234C49013F6FB5DBF00D625F7
Requests: 6 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Page Statistics

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

23 kB
Transfer

26 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request step2.php Show response
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/ 7 KB
2 KB 278ms
253ms Document
text/html 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

7e989541470a605a7394f21ac30eaed54b09167f4e47cd1eec8e1d65746eb8c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: tourdescanadiens.cn
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Encoding: gzip
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=UTF-8
X-Cacheable: YES:Forced
Content-Length: 1475
Accept-Ranges: bytes
Date: Fri, 15 Jan 2021 13:44:33 GMT
Age: 15571
Vary: Accept-Encoding, User-Agent
X-Cache: cached
X-Cache-Hit: HIT
X-Backend: all_requests

GET
H/1.1 200
OK st6.png
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/ 2 KB
3 KB 139ms
138ms Image
image/png 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/st6.png

Requested by

Host: tourdescanadiens.cn
URL: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

7eb0d4815063a5d9287ccedeafcd55ae7f56e3a9f30534edb4ad5783efb82139

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 13:44:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Feb 2017 04:54:32 GMT
X-Backend: all_requests
Age: 15706
ETag: "8ce-5493f86823200"
X-Cacheable: YES
X-Cache: cached
Content-Type: image/png
X-Cache-Hit: HIT
Accept-Ranges: bytes
Content-Length: 2254
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK st11.png
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/ 6 KB
7 KB 439ms
414ms Image
image/png 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/st11.png

Requested by

Host: tourdescanadiens.cn
URL: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

274faeb99b118b7f97e5447969b87c3b9e8e4ccb78f52494f6eebe294305ddc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 13:44:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2017 11:54:38 GMT
X-Backend: all_requests
Age: 15706
ETag: "18f5-559390eb05b80"
X-Cacheable: YES
X-Cache: cached
Content-Type: image/png
X-Cache-Hit: HIT
Accept-Ranges: bytes
Content-Length: 6389
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK st10.png
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/ 10 KB
10 KB 263ms
237ms Image
image/png 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/st10.png

Requested by

Host: tourdescanadiens.cn
URL: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

85f5ab0bbd462f57ad0271ab04eaf7ebde07955496b53a9420640f3bc833e052

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 13:44:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Feb 2017 06:45:40 GMT
X-Backend: all_requests
Age: 15705
ETag: "268d-5494113f3cd00"
X-Cacheable: YES
X-Cache: cached
Content-Type: image/png
X-Cache-Hit: HIT
Accept-Ranges: bytes
Content-Length: 9869
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK shape242706140.gif
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/ 99 B
450 B 271ms
245ms Image
image/gif 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/shape242706140.gif

Requested by

Host: tourdescanadiens.cn
URL: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

2e026e2d19ebd589fced04a08b708ab9d28d7c327e8620d1ed2b867dad7d3522

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 13:44:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sun, 03 Sep 2017 12:20:44 GMT
X-Backend: all_requests
Age: 15705
ETag: "63-5584805ef1f00"
X-Cacheable: YES
X-Cache: cached
Content-Type: image/gif
X-Cache-Hit: HIT
Accept-Ranges: bytes
Content-Length: 99
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK continue.png
tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/ 1 KB
2 KB 267ms
241ms Image
image/png 198.71.233.3
AS-26496-GO-DADDY...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/images/continue.png

Requested by

Host: tourdescanadiens.cn
URL: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=

Protocol

HTTP/1.1

Server

198.71.233.3 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),

Reverse DNS

ip-198-71-233-3.ip.secureserver.net

Software

/

Resource Hash

bc0a088acd19e1ee4c3dc1a546f61f0b08f6aae5e0b1e99a0053f33f47f9f627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://tourdescanadiens.cn/wp-content/plugins/contact-widgets/111/mod_banners/sco/step2.php?cmd=login_submit&id=&session=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 15 Jan 2021 13:44:33 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 24 Feb 2017 04:51:14 GMT
X-Backend: all_requests
Age: 15705
ETag: "4f9-5493f7ab4f480"
X-Cacheable: YES
X-Cache: cached
Content-Type: image/png
X-Cache-Hit: HIT
Accept-Ranges: bytes
Content-Length: 1273
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Scotiabank (Banking)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

tourdescanadiens.cn
198.71.233.3
274faeb99b118b7f97e5447969b87c3b9e8e4ccb78f52494f6eebe294305ddc2
2e026e2d19ebd589fced04a08b708ab9d28d7c327e8620d1ed2b867dad7d3522
7e989541470a605a7394f21ac30eaed54b09167f4e47cd1eec8e1d65746eb8c2
7eb0d4815063a5d9287ccedeafcd55ae7f56e3a9f30534edb4ad5783efb82139
85f5ab0bbd462f57ad0271ab04eaf7ebde07955496b53a9420640f3bc833e052
bc0a088acd19e1ee4c3dc1a546f61f0b08f6aae5e0b1e99a0053f33f47f9f627

tourdescanadiens.cn Open in urlscan Pro 198.71.233.3 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

6 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

23 kBTransfer

26 kBSize

0 Cookies

0 Outgoing links

Redirected requests

6 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

5 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

tourdescanadiens.cn Open in urlscan Pro
198.71.233.3 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

6
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

23 kB
Transfer

26 kB
Size

0
Cookies

6 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!