interacetransfer.glassola.ca Open in urlscan Pro
67.212.93.18 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://interacetransfer.glassola.ca/Interac/interac/refund/deposit/bnc/app.bnc.ca/index.html?ip=ip
Submission: On January 09 via automatic, source openphish (January 9th 2019, 4:51:21 am UTC)

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 4 countries across 5 domains to perform 21 HTTP transactions. The main IP is 67.212.93.18, located in Montréal, Canada and belongs to . The main domain is interacetransfer.glassola.ca.

This is the only time interacetransfer.glassola.ca was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: National Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
13	67.212.93.18 67.212.93.18	() ()
3	52.31.211.225 52.31.211.225	() ()
1	104.111.219.22 104.111.219.22	() ()
1	172.82.228.17 172.82.228.17	() ()
1	52.49.41.66 52.49.41.66	() ()
2	23.211.0.20 23.211.0.20	() ()
21	7

13 67.212.93.18 (Montréal, Canada)

ASN- ()
PTR: newqueen.sibername.com

interacetransfer.glassola.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.31.211.225 (Dublin, Ireland)

ASN- ()
PTR: ec2-52-31-211-225.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.219.22 (Amsterdam, Netherlands)

ASN- ()
PTR: a104-111-219-22.deploy.static.akamaitechnologies.com

www.bnc.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.82.228.17 (Lehi, United States)

ASN- ()
PTR: *.d2.sc.omtrdc.net

nationalbankofcanada.d2.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.41.66 (Dublin, Ireland)

ASN- ()
PTR: ec2-52-49-41-66.eu-west-1.compute.amazonaws.com

nationalbankofcanada.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.211.0.20 (Cambridge, United States)

ASN- ()
PTR: a23-211-0-20.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	glassola.ca interacetransfer.glassola.ca	367 KB
4	demdex.net dpm.demdex.net nationalbankofcanada.demdex.net	1 KB
2	adobedtm.com assets.adobedtm.com	53 KB
1	omtrdc.net nationalbankofcanada.d2.sc.omtrdc.net	527 B
1	bnc.ca www.bnc.ca
21	5

	Domain	Requested by
13	interacetransfer.glassola.ca	interacetransfer.glassola.ca
3	dpm.demdex.net	interacetransfer.glassola.ca
2	assets.adobedtm.com	interacetransfer.glassola.ca
1	nationalbankofcanada.demdex.net	interacetransfer.glassola.ca
1	nationalbankofcanada.d2.sc.omtrdc.net	interacetransfer.glassola.ca
1	www.bnc.ca	interacetransfer.glassola.ca
21	6

This site contains no links.

Subject Issuer	Validity	Valid
bnc.ca Entrust Certification Authority - L1M	`2018-10-25` - `2020-10-25`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh

This page contains 2 frames:

Primary Page: http://interacetransfer.glassola.ca/Interac/interac/refund/deposit/bnc/app.bnc.ca/index.html?ip=ip
Frame ID: 8B718EFFA43A8563982D70083EC0AE9C
Requests: 22 HTTP requests in this frame

Frame: https://nationalbankofcanada.demdex.net/dest5.html?d_nsid=0
Frame ID: 1008F64B74D65E670B68E6F09D100FF7
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i
env /^s_(?:account|objectID|code|INST)$/i

Page Statistics

21
Requests

10 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

423 kB
Transfer

650 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index.html Show response
interacetransfer.glassola.ca/Interac/interac/refund/deposit/bnc/app.bnc.ca/ 14 KB
14 KB 125ms
124ms Document
text/html 67.212.93.18

General

			Domain/Path	Expires	Name / Value
			.glassola.ca/	1970-01-19 15:16:07	Name: AMCV_1E24776A524450D90A490D44%40AdobeOrg Value: -330454231%7CMCIDTS%7C17906%7CMCMID%7C76817716594227867180904025795051329500%7CMCAID%7CNONE%7CMCOPTOUT-1547016665s%7CNONE%7CvVersion%7C3.1.2
			.glassola.ca/	1969-12-31 23:59:59	Name: AMCVS_1E24776A524450D90A490D44%40AdobeOrg Value: 1

interacetransfer.glassola.ca Open in urlscan Pro 67.212.93.18 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

21 Requests

10 %HTTPS

0 %IPv6

5 Domains

6 Subdomains

7 IPs

4 Countries

423 kBTransfer

650 kBSize

2 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

17 JavaScript Global Variables

2 Cookies

Indicators

interacetransfer.glassola.ca Open in urlscan Pro
67.212.93.18 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

10 %
HTTPS

0 %
IPv6

5
Domains

6
Subdomains

7
IPs

4
Countries

423 kB
Transfer

650 kB
Size

2
Cookies

21 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!