healingbpd.com Open in urlscan Pro
198.1.72.152 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/
Effective URL:
https://healingbpd.com/
Submission: On March 13 via automatic, source certstream-suspicious (March 13th 2020, 5:41:20 am UTC)

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 27 HTTP transactions. The main IP is 198.1.72.152, located in Provo, United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is healingbpd.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on March 13th 2020. Valid for: 3 months.

This is the only time healingbpd.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Interac (Banking) National Bank (Banking) Tangerine Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	64.91.240.134 64.91.240.134	32244 (LIQUIDWEB) (LIQUIDWEB)
26	198.1.72.152 198.1.72.152	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
27	2

1 64.91.240.134 (Lansing, United States)

ASN32244 (LIQUIDWEB, US)
PTR: toc04.fed3media.com

www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 198.1.72.152 (Provo, United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: starlight-baby.com

healingbpd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	healingbpd.com healingbpd.com	434 KB
1	citywideindy.com www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com	565 B
27	2

	Domain	Requested by
26	healingbpd.com	healingbpd.com
1	www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com
27	2

This site contains no links.

Subject Issuer	Validity	Valid
revenuquebec.enligne.client620193.qc.ca.citywideindy.com Let's Encrypt Authority X3	`2020-03-12` - `2020-06-10`	3 months	crt.sh
healingbpd.com Let's Encrypt Authority X3	`2020-03-13` - `2020-06-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://healingbpd.com/
Frame ID: 96D6285C1A56789D780041E22ABEC427
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/ Page URL
https://healingbpd.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
script /(?:\/([\d.]+))?(?:\/js)?\/bootstrap(?:\.min)?\.js/i

OpenSSL (Web Server Extensions) Expand

Overall confidence: 100%
Detected patterns

headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i

Pure CSS (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<div[^>]+class="[^"]*pure-u-(?:sm-|md-|lg-|xl-)?\d-\d/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

27
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

435 kB
Transfer

428 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/ Page URL
https://healingbpd.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/	242 B 565 B	651ms 126ms	Document text/html	64.91.240.134 LIQUIDWEB
General Check archive.org Show headers Download Go to Full URL https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 64.91.240.134 Lansing, United States, ASN32244 (LIQUIDWEB, US), Reverse DNS toc04.fed3media.com Software Apache/2.4.41 (cPanel) OpenSSL/1.1.1d mod_bwlimited/1.4 / Resource Hash Request headers Host www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Response headers Date Fri, 13 Mar 2020 05:41:04 GMT Server Apache/2.4.41 (cPanel) OpenSSL/1.1.1d mod_bwlimited/1.4 Last-Modified Fri, 13 Mar 2020 05:16:03 GMT ETag "2d3dd-f2-5a0b590dd3c40" Accept-Ranges bytes Content-Length 242 Keep-Alive timeout=2, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	Primary Request Cookie set / Show response healingbpd.com/	9 KB 9 KB	1235ms 285ms	Document text/html	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `a599c410a297dd396ee2b808759b307a109136a8fe0ab0f1d52508e606f7301b` Request headers Host healingbpd.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Referer https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest document Referer https://www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com/ Response headers Date Fri, 13 Mar 2020 05:41:05 GMT Server Apache Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate Pragma no-cache Set-Cookie PHPSESSID=545bb223ca282d2f9bf65b7f4ed14237; path=/ Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	bootstrap.min.css healingbpd.com/assets/css/	138 KB 138 KB	297ms 207ms	Stylesheet text/css	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://healingbpd.com/assets/css/bootstrap.min.css Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Fri, 13 Mar 2020 05:41:06 GMT Last-Modified Thu, 16 Aug 2018 16:21:30 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 140936
GET H/1.1	200 OK	bootstrap.min.js Show response healingbpd.com/assets/js/	50 KB 50 KB	860ms 189ms	Script application/javascript	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://healingbpd.com/assets/js/bootstrap.min.js Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest script Response headers Date Fri, 13 Mar 2020 05:41:06 GMT Last-Modified Thu, 16 Aug 2018 16:21:32 GMT Server Apache Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 51039
GET H/1.1	200 OK	custom.css healingbpd.com/assets/	3 KB 3 KB	671ms 189ms	Stylesheet text/css	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://healingbpd.com/assets/custom.css Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `8bcaa60df86619a3c244505f42d97cfc579437df4ab100c8ada2c562a3a8438a` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest style Response headers Date Fri, 13 Mar 2020 05:41:06 GMT Last-Modified Fri, 17 Aug 2018 10:55:48 GMT Server Apache Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 2589
GET H/1.1	200 OK	nav-logo.svg healingbpd.com/	7 KB 8 KB	1164ms 186ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/nav-logo.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `aecf03897aa76697c48460efd228a17fc6e2b27b27d52a1289f86caefdd615c2` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 16:49:56 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 7495
GET H/1.1	200 OK	imgd.png healingbpd.com/assets/img/	16 KB 16 KB	1350ms 186ms	Image image/png	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/imgd.png Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `9dbc63233f6f4ac0f3ac925029626fe7f7f4217b920524013e754a0ee9df0f00` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Fri, 17 Aug 2018 10:25:08 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 16170
GET H/1.1	200 OK	retrieveLogo_003.svg healingbpd.com/assets/img/	5 KB 5 KB	235ms 189ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_003.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `db09fc1f3c7b0968d63c6a084b54917225fc17f172eee60a3086ce9ea51fa9b7` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 17:54:38 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 5178
GET H/1.1	200 OK	retrieveLogo_006.svg healingbpd.com/assets/img/	6 KB 6 KB	890ms 186ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_006.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `6b7dae29116a35dd6eb4041f84d0d8acf634c6ad8e1e4ab8724f0ca678c8816e` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 17:54:40 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 5712
GET H/1.1	200 OK	q2vTo5B.png healingbpd.com/assets/img/	5 KB 5 KB	938ms 194ms	Image image/png	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/q2vTo5B.png Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `8dcbfc1090f56c735b5db53dde9b9adae62de666d0fe33ef2198ae0346e1509f` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 17:55:04 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 4916
GET H/1.1	200 OK	retrieveLogo_007.svg healingbpd.com/assets/img/	4 KB 4 KB	953ms 200ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_007.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `7ed4383e1732ec505b094b3856dc7375fef1bf351eea96775758ffc5461f1074` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 17:55:08 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 3875
GET H/1.1	200 OK	retrieveLogo_010.svg healingbpd.com/assets/img/	5 KB 5 KB	1036ms 183ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_010.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `9e787eb9727523cc7aa0efa3c0c3debdd36ed2e59503b9b59881d7e5e0b8fc7d` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 17:55:26 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 5370
GET H/1.1	200 OK	236_logo.svg healingbpd.com/assets/img/	3 KB 4 KB	732ms 196ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/236_logo.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `b774e03347f7fd3d1a0f12aa894ef9a2ad55326cac5739c7cf85e424edd5fe1c` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 17:55:40 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3410
GET H/1.1	200 OK	retrieveLogo_012.svg healingbpd.com/assets/img/	7 KB 7 KB	551ms 188ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_012.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `da103dbb9c83919e677d0c4de46025b4c4153daadb6e27942a65d5723f3a338f` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 19:18:20 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 7148
GET H/1.1	200 OK	retrieveLogo_011.svg healingbpd.com/assets/img/	964 B 1 KB	658ms 181ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_011.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `2d70de35d8125369775a01fb1f1e58ab5f937843dc024eaeb5c2ff42dd5b9ac3` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 19:18:36 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 964
GET H/1.1	200 OK	retrieveLogo_005.svg healingbpd.com/assets/img/	4 KB 4 KB	691ms 185ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_005.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `8b8274fc17587fdf0bcd987f90058e19ad3904c397121683a509056b16ca856f` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 19:19:56 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=94 Content-Length 3630
GET H/1.1	200 OK	retrieveLogo_013.svg healingbpd.com/assets/img/	5 KB 5 KB	740ms 189ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo_013.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `0299918272e06ca437732616075e2db772d6708ae45c714fe7d2294ed3a7cf59` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Thu, 16 Aug 2018 19:20:00 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 4650
GET H/1.1	200 OK	bk_6.png healingbpd.com/assets/img/	34 KB 34 KB	497ms 185ms	Image image/png	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/bk_6.png Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `aa17f3fe727a016f5a57f2e9e1ba19a31c7f5fb04c4693b410c0d16b249ff50c` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Fri, 17 Aug 2018 17:00:36 GMT Server Apache Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 34535
GET H/1.1	200 OK	retrieveLogo.svg healingbpd.com/assets/img/	3 KB 3 KB	361ms 188ms	Image image/svg+xml	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/retrieveLogo.svg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `f20957245ccf4ae9c38287fad8f482c27a44d0ea75033d9527c759956d3c824f` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Thu, 16 Aug 2018 19:23:14 GMT Server Apache Content-Type image/svg+xml Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 3289
GET H/1.1	200 OK	Screenshot_3.jpg healingbpd.com/assets/img/	26 KB 26 KB	308ms 184ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_3.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `3b1d4824ccb8bd022be80c27643e7a0f0a304ee28e1cf7eca85fa6278a4071ac` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Fri, 17 Aug 2018 10:57:56 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 26800
GET H/1.1	200 OK	Screenshot_3_mobile.jpg healingbpd.com/assets/img/	20 KB 21 KB	326ms 185ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_3_mobile.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `d7a5028fa39285ad27b3e24f7dc03d0490744f77b2828ad015fd7459cf1d4363` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Fri, 17 Aug 2018 10:57:56 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=92 Content-Length 20908
GET H/1.1	200 OK	imgdbo.jpg healingbpd.com/assets/img/	23 KB 23 KB	310ms 178ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/imgdbo.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `8b8417c979cf544d1c72b35311029ab46c27982762c1fdd969ca5a866075c12a` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Fri, 17 Aug 2018 10:33:52 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 23775
GET H/1.1	200 OK	Screenshot_1.jpg healingbpd.com/assets/img/	14 KB 15 KB	282ms 194ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_1.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `0a3ee15de931115c01af3cb3d869b15228a524b5b80a47de6e03a8cac3904c92` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Fri, 17 Aug 2018 10:40:00 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 14804
GET H/1.1	200 OK	Screenshot_2.jpg healingbpd.com/assets/img/	6 KB 7 KB	840ms 179ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_2.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `9e2626dae9053f564641760ce676c643767f7f984702ed2054bbca28f78cb46c` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Fri, 17 Aug 2018 10:43:06 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 6485
GET H/1.1	200 OK	Screenshot_2_mobile.jpg healingbpd.com/assets/img/	7 KB 7 KB	249ms 188ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_2_mobile.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `a677f5ae561829f9b3734b98dcb0c46511f5625c17c1fed88696bcdee0017c14` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Fri, 17 Aug 2018 10:43:04 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=93 Content-Length 6668
GET H/1.1	200 OK	Screenshot_4.jpg healingbpd.com/assets/img/	14 KB 14 KB	354ms 193ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_4.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `49c961d2558ce91965a0a35df761402dabd49ec5d1a6774b648f601cc8ca6d98` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:07 GMT Last-Modified Fri, 17 Aug 2018 11:02:06 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 14382
GET H/1.1	200 OK	Screenshot_4_mobile.jpg healingbpd.com/assets/img/	14 KB 14 KB	299ms 180ms	Image image/jpeg	198.1.72.152 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://healingbpd.com/assets/img/Screenshot_4_mobile.jpg Requested by Host: healingbpd.com URL: https://healingbpd.com/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.1.72.152 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS starlight-baby.com Software Apache / Resource Hash `373a10ae7e9eec45f348e47327b9269f246d5649ef1fa6b471fd4d5d0ffd6099` Request headers Referer https://healingbpd.com/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 Sec-Fetch-Dest image Response headers Date Fri, 13 Mar 2020 05:41:08 GMT Last-Modified Fri, 17 Aug 2018 11:02:06 GMT Server Apache Content-Type image/jpeg Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 14529

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Interac (Banking) National Bank (Banking) Tangerine Bank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| bootstrap

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

healingbpd.com
www.revenuquebec.enligne.client620193.qc.ca.citywideindy.com
198.1.72.152
64.91.240.134
0299918272e06ca437732616075e2db772d6708ae45c714fe7d2294ed3a7cf59
0a3ee15de931115c01af3cb3d869b15228a524b5b80a47de6e03a8cac3904c92
2d70de35d8125369775a01fb1f1e58ab5f937843dc024eaeb5c2ff42dd5b9ac3
373a10ae7e9eec45f348e47327b9269f246d5649ef1fa6b471fd4d5d0ffd6099
3b1d4824ccb8bd022be80c27643e7a0f0a304ee28e1cf7eca85fa6278a4071ac
49c961d2558ce91965a0a35df761402dabd49ec5d1a6774b648f601cc8ca6d98
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
6b7dae29116a35dd6eb4041f84d0d8acf634c6ad8e1e4ab8724f0ca678c8816e
7928b5ab63c6e89ee0ee26f5ef201a58c72baf91abb688580a1aa26eb57b3c11
7ed4383e1732ec505b094b3856dc7375fef1bf351eea96775758ffc5461f1074
8b8274fc17587fdf0bcd987f90058e19ad3904c397121683a509056b16ca856f
8b8417c979cf544d1c72b35311029ab46c27982762c1fdd969ca5a866075c12a
8bcaa60df86619a3c244505f42d97cfc579437df4ab100c8ada2c562a3a8438a
8dcbfc1090f56c735b5db53dde9b9adae62de666d0fe33ef2198ae0346e1509f
9dbc63233f6f4ac0f3ac925029626fe7f7f4217b920524013e754a0ee9df0f00
9e2626dae9053f564641760ce676c643767f7f984702ed2054bbca28f78cb46c
9e787eb9727523cc7aa0efa3c0c3debdd36ed2e59503b9b59881d7e5e0b8fc7d
a599c410a297dd396ee2b808759b307a109136a8fe0ab0f1d52508e606f7301b
a677f5ae561829f9b3734b98dcb0c46511f5625c17c1fed88696bcdee0017c14
aa17f3fe727a016f5a57f2e9e1ba19a31c7f5fb04c4693b410c0d16b249ff50c
aecf03897aa76697c48460efd228a17fc6e2b27b27d52a1289f86caefdd615c2
b774e03347f7fd3d1a0f12aa894ef9a2ad55326cac5739c7cf85e424edd5fe1c
d7a5028fa39285ad27b3e24f7dc03d0490744f77b2828ad015fd7459cf1d4363
da103dbb9c83919e677d0c4de46025b4c4153daadb6e27942a65d5723f3a338f
db09fc1f3c7b0968d63c6a084b54917225fc17f172eee60a3086ce9ea51fa9b7
f20957245ccf4ae9c38287fad8f482c27a44d0ea75033d9527c759956d3c824f

healingbpd.com Open in urlscan Pro 198.1.72.152 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

435 kBTransfer

428 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

healingbpd.com Open in urlscan Pro
198.1.72.152 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

435 kB
Transfer

428 kB
Size

0
Cookies

27 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!