metwoodexclusive.com Open in urlscan Pro
89.19.27.90 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directi...
Submission: On December 01 via automatic, source openphish (December 1st 2020, 1:39:01 am UTC)

Summary HTTP 9 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 89.19.27.90, located in Turkey and belongs to CIZGI, TR. The main domain is metwoodexclusive.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 2nd 2020. Valid for: 3 months.

This is the only time metwoodexclusive.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Motusbank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1	89.19.27.90 89.19.27.90	34619 (CIZGI) (CIZGI)
5	206.152.48.45 206.152.48.45	3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS)
3	206.25.72.145 206.25.72.145	3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS)
9	3

1 89.19.27.90 (Turkey)

ASN34619 (CIZGI, TR)
PTR: ns1.kreatifabrika.com

metwoodexclusive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 206.152.48.45 (United States)

ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)

banking.meridiancu.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 206.25.72.145 (Conestoga, United States)

ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)

banking.motusbank.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	meridiancu.ca banking.meridiancu.ca	233 KB
3	motusbank.ca banking.motusbank.ca	628 KB
1	metwoodexclusive.com metwoodexclusive.com	7 KB
9	3

	Domain	Requested by
5	banking.meridiancu.ca	metwoodexclusive.com banking.meridiancu.ca
3	banking.motusbank.ca	metwoodexclusive.com
1	metwoodexclusive.com
9	3

This site contains links to these domains. Also see Links.

Domain
www.meridiancu.ca

Subject Issuer	Validity	Valid
metwoodexclusive.com cPanel, Inc. Certification Authority	`2020-11-02` - `2021-01-31`	3 months	crt.sh
Banking.meridiancu.ca Entrust Certification Authority - L1M	`2020-02-21` - `2022-05-20`	2 years	crt.sh
banking.motusbank.ca Entrust Certification Authority - L1M	`2018-11-19` - `2021-02-18`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
Frame ID: 40BD3FE3E1B8A4F331061E4730694FE6
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

url /\.php(?:$|\?)/i

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

868 kB
Transfer

1300 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.meridiancu.ca/
Title: Motusbank.ca

Search URL Search Domain Scan URL

URL: https://www.meridiancu.ca/privacy
Title: Privacy & Security

Search URL Search Domain Scan URL

URL: https://www.meridiancu.ca/legal
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.meridiancu.ca/accessibility
Title: Accessibility

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request security.php Show response
metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/ 7 KB
7 KB 218ms
72ms Document
text/html 89.19.27.90
CIZGI

General

Check archive.org

Show headers Download Go to

Full URL: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 89.19.27.90 , Turkey, ASN34619 (CIZGI, TR),
Reverse DNS: ns1.kreatifabrika.com
Software: Apache /
Resource Hash: 7cabfef45983200b1a073f99a34108f302a896fdb201c277cd356c49201fa6c0

Request headers

Host: metwoodexclusive.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:43 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK style.css
banking.meridiancu.ca//Content/css/ 498 KB
62 KB 911ms
429ms Stylesheet
text/css 206.152.48.45
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19

Requested by

Host: metwoodexclusive.com
URL: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.152.48.45 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

5cb1b8c8edec70649eac948aa763d06d683acbbc5760c25b41828603fbcbeeda

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:43 GMT
Content-Encoding: gzip
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 13 Nov 2020 18:43:46 GMT
X-FRAME-OPTIONS: DENY
ETag: "0ddfeeaecb9d61:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=259200
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 63140
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK logo.svg
banking.motusbank.ca/Content/Images/ 4 KB
4 KB 759ms
158ms Image
image/svg+xml 206.25.72.145
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.motusbank.ca/Content/Images/logo.svg

Requested by

Host: metwoodexclusive.com
URL: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.25.72.145 Conestoga, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

c2e682236dcf132e4f88e1752aac9bac16f9da6eff147a5fb0254a4ff7202407

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:43 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 29 Oct 2020 21:31:06 GMT
ETag: "091bcf3aaed61:0"
Strict-Transport-Security: max-age=157680000
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Accept-Ranges: none
Content-Length: 4015
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Spiral-1.svg
banking.motusbank.ca//Content/Images/Spirals/ 4 KB
5 KB 765ms
160ms Image
image/svg+xml 206.25.72.145
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.motusbank.ca//Content/Images/Spirals/Spiral-1.svg

Requested by

Host: metwoodexclusive.com
URL: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.25.72.145 Conestoga, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

a6b4862b8195fc1064b18746c9157776efcb4393d4ee85bd46a7387e995c138a

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:43 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 29 Oct 2020 21:31:06 GMT
ETag: "091bcf3aaed61:0"
Strict-Transport-Security: max-age=157680000
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Accept-Ranges: none
Content-Length: 4158
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK Retail_SignInBackground_All.jpg
banking.motusbank.ca/Content/Images/Banners/ 618 KB
619 KB 885ms
163ms Image
image/jpeg 206.25.72.145
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://banking.motusbank.ca/Content/Images/Banners/Retail_SignInBackground_All.jpg

Requested by

Host: metwoodexclusive.com
URL: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.25.72.145 Conestoga, United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

43ee9b8d98e94f8b8dd581bd25e5e9f4002395fcbb852caeaac945d4ae4454b4

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://metwoodexclusive.com/urt-gouv/ctr-20-tax-refund-285125927038d231783/content/files_6dSZSK9BG8EkFYa527/en/banks/directing/motusbank/security.php
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:43 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 19 Nov 2020 08:43:42 GMT
ETag: "38d6d81550bed61:0"
Strict-Transport-Security: max-age=157680000
Content-Type: image/jpeg
X-Xss-Protection: 1; mode=block
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Accept-Ranges: none
Content-Length: 632880
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK SofiaPro.Medium.woff
banking.meridiancu.ca//Content/fonts/ 42 KB
43 KB 463ms
114ms Font
application/font-woff 206.152.48.45
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.meridiancu.ca//Content/fonts/SofiaPro.Medium.woff

Requested by

Host: banking.meridiancu.ca
URL: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.152.48.45 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

d2d6bb0fc593844762026d60bd356c231f34c16bed083347bf08091e571e09f5

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://metwoodexclusive.com
Referer: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:44 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 13 Nov 2020 18:40:22 GMT
ETag: "0ef6671ecb9d61:0"
X-FRAME-OPTIONS: DENY
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Cache-Control: max-age=259200
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 43148
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK SofiaPro.Regular.woff
banking.meridiancu.ca//Content/fonts/ 41 KB
42 KB 460ms
115ms Font
application/font-woff 206.152.48.45
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.meridiancu.ca//Content/fonts/SofiaPro.Regular.woff

Requested by

Host: banking.meridiancu.ca
URL: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.152.48.45 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

37cf5ce716b88455488cb3b003cffe5a49461a994910102aed065c3a4610d0b0

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://metwoodexclusive.com
Referer: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:44 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 13 Nov 2020 18:40:22 GMT
ETag: "0ef6671ecb9d61:0"
X-FRAME-OPTIONS: DENY
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Cache-Control: max-age=259200
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 42324
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK SofiaPro.Black.woff
banking.meridiancu.ca//Content/fonts/ 43 KB
43 KB 467ms
115ms Font
application/font-woff 206.152.48.45
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.meridiancu.ca//Content/fonts/SofiaPro.Black.woff

Requested by

Host: banking.meridiancu.ca
URL: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.152.48.45 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

eb79ceac870a8776ab6999c31c2a83f388cadf7c40a60948ddbd6d035e81c56c

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://metwoodexclusive.com
Referer: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:44 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 13 Nov 2020 18:40:22 GMT
ETag: "0ef6671ecb9d61:0"
X-FRAME-OPTIONS: DENY
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Cache-Control: max-age=259200
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 43668
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK SofiaPro.Semibold.woff
banking.meridiancu.ca//Content/fonts/ 42 KB
43 KB 475ms
118ms Font
application/font-woff 206.152.48.45
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://banking.meridiancu.ca//Content/fonts/SofiaPro.Semibold.woff

Requested by

Host: banking.meridiancu.ca
URL: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

206.152.48.45 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

356982e0709597aee77120511cdac3e7e4ffb223744a4910768d2765b38f3026

Security Headers

Name	Value
Content-Security-Policy	default-src data: ; script-src data: 'unsafe-inline' 'unsafe-eval' ; style-src data: 'unsafe-inline' *
Strict-Transport-Security	max-age=157680000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Origin: https://metwoodexclusive.com
Referer: https://banking.meridiancu.ca//Content/css/style.css?v=OB.Retail.Release.6.7.1.19
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 01 Dec 2020 01:38:44 GMT
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 13 Nov 2020 18:40:22 GMT
ETag: "0ef6671ecb9d61:0"
X-FRAME-OPTIONS: DENY
Content-Type: application/font-woff
Access-Control-Allow-Origin: *
X-Xss-Protection: 1; mode=block
Cache-Control: max-age=259200
Content-Security-Policy: default-src data: *; script-src data: 'unsafe-inline' 'unsafe-eval' *; style-src data: 'unsafe-inline' *
Strict-Transport-Security: max-age=157680000
Accept-Ranges: bytes
Content-Length: 43332
X-Content-Type-Options: nosniff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Motusbank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

banking.meridiancu.ca
banking.motusbank.ca
metwoodexclusive.com
206.152.48.45
206.25.72.145
89.19.27.90
356982e0709597aee77120511cdac3e7e4ffb223744a4910768d2765b38f3026
37cf5ce716b88455488cb3b003cffe5a49461a994910102aed065c3a4610d0b0
43ee9b8d98e94f8b8dd581bd25e5e9f4002395fcbb852caeaac945d4ae4454b4
5cb1b8c8edec70649eac948aa763d06d683acbbc5760c25b41828603fbcbeeda
7cabfef45983200b1a073f99a34108f302a896fdb201c277cd356c49201fa6c0
a6b4862b8195fc1064b18746c9157776efcb4393d4ee85bd46a7387e995c138a
c2e682236dcf132e4f88e1752aac9bac16f9da6eff147a5fb0254a4ff7202407
d2d6bb0fc593844762026d60bd356c231f34c16bed083347bf08091e571e09f5
eb79ceac870a8776ab6999c31c2a83f388cadf7c40a60948ddbd6d035e81c56c

metwoodexclusive.com Open in urlscan Pro 89.19.27.90 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

868 kBTransfer

1300 kBSize

0 Cookies

4 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

metwoodexclusive.com Open in urlscan Pro
89.19.27.90 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

868 kB
Transfer

1300 kB
Size

0
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!