thecampbell.ca
Open in
urlscan Pro
52.188.127.53
Malicious Activity!
Public Scan
Submission: On November 08 via manual from NZ
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on November 6th 2020. Valid for: 3 months.
This is the only time thecampbell.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Westpac (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
34 | 52.188.127.53 52.188.127.53 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
34 | 1 |
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
thecampbell.ca |
Apex Domain Subdomains |
Transfer | |
---|---|---|
34 |
thecampbell.ca
thecampbell.ca |
2 MB |
34 | 1 |
Domain | Requested by | |
---|---|---|
34 | thecampbell.ca |
thecampbell.ca
|
34 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.westpac.co.nz |
www.entrust.net |
Subject Issuer | Validity | Valid | |
---|---|---|---|
thecampbell.ca cPanel, Inc. Certification Authority |
2020-11-06 - 2021-02-04 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://thecampbell.ca/W/wstpc/login.php
Frame ID: 51890D4022F1D37906EA17B948246498
Requests: 33 HTTP requests in this frame
Frame:
https://thecampbell.ca/W/wstpc/login_files/dest5.html
Frame ID: 918BABB589494064C2670FA28803A782
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Dynatrace (Analytics) Expand
Detected patterns
- script /dtagent.*\.js/i
SiteCatalyst (Analytics) Expand
Detected patterns
- script /\/s[_-]code.*\.js/i
Page Statistics
3 Outgoing links
These are links going to different origins than the main page.
Title: Westpac online guardian
Search URL Search Domain Scan URL
Title: Westpac online guarantee
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
thecampbell.ca/W/wstpc/ |
13 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s36129399378666
thecampbell.ca/W/wstpc/login_files/ |
365 B 581 B |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dtagent_ICA_7000000081014.js
thecampbell.ca/W/wstpc/login_files/ |
50 KB 50 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-ui-1.10.3.custom.css
thecampbell.ca/W/wstpc/login_files/ |
66 KB 66 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.css
thecampbell.ca/W/wstpc/login_files/ |
0 239 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
thecampbell.ca/W/wstpc/login_files/ |
159 KB 159 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entrance.css
thecampbell.ca/W/wstpc/login_files/ |
319 KB 319 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
thecampbell.ca/W/wstpc/login_files/ |
641 KB 642 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sjcl.js
thecampbell.ca/W/wstpc/login_files/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sha.js
thecampbell.ca/W/wstpc/login_files/ |
17 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
satellite-5c0d71ac64746d19e600f896.js
thecampbell.ca/W/wstpc/login_files/ |
259 B 513 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s-code-contents-addd2f3ce0de416269fe730535978be0672e0d06.js
thecampbell.ca/W/wstpc/login_files/ |
76 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-westpac-w.svg
thecampbell.ca/W/wstpc/login_files/ |
842 B 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-westpac-one-white.svg
thecampbell.ca/W/wstpc/login_files/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone-rotate.gif
thecampbell.ca/W/wstpc/login_files/ |
18 KB 18 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
phone-rotate@2.gif
thecampbell.ca/W/wstpc/login_files/ |
40 KB 40 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ibmmfpf.js
thecampbell.ca/W/wstpc/login_files/ |
305 KB 305 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.css
thecampbell.ca/W/wstpc/login_files/ |
9 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
background-westpac-one.png
thecampbell.ca/W/wstpc/images/ |
26 KB 26 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
user.svg
thecampbell.ca/W/wstpc/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
password.svg
thecampbell.ca/W/wstpc/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
online-guardian-6.9.png
thecampbell.ca/W/wstpc/images/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
banking-guarantee-6.9.png
thecampbell.ca/W/wstpc/images/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
entrust.png
thecampbell.ca/W/wstpc/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Bold.woff
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Regular.woff
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Semibold.woff
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sjcl.js
thecampbell.ca/W/wstpc/login_files/login_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sha.js
thecampbell.ca/W/wstpc/login_files/login_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dest5.html
thecampbell.ca/W/wstpc/login_files/ Frame 918B |
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Bold.ttf
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Regular.ttf
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
MyriadPro-Semibold.ttf
thecampbell.ca/W/wstpc/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
dynaTraceMonitor
thecampbell.ca/W/wstpc/ |
315 B 515 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Westpac (Banking)60 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| a object| dT_ object| dynaTrace function| q object| s boolean| u object| sjcl function| w function| x function| C function| E function| A function| B function| D undefined| F undefined| G object| H boolean| I undefined| J undefined| K function| jsSHA function| s_doPlugins function| AppMeasurement_Module_AudienceManagement function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in function| DIL number| s_objectID number| s_giq object| logger object| ibmmfpfanalytics function| Deferred function| WLJQ object| WLJSX function| __WLConfig function| __WLLocalStorageDB function| __WLClient function| __WLBrowserManager function| __WLApp function| __WLDeviceAuth function| __WLLocalStorage function| __WLDevice boolean| isCryptoShim function| __WLCrypto function| __WLIndexDB function| __WLDAO function| __WLAsyncDAO function| __WLSyncDAOWrapper function| __WLVarStorageDB function| WLResourceRequest object| WLAuthorizationManager object| WL4 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
thecampbell.ca/ | Name: dtPC Value: 472650429_335h2 |
|
thecampbell.ca/ | Name: dtLatC Value: 110 |
|
thecampbell.ca/ | Name: dtSa Value: - |
|
thecampbell.ca/ | Name: dtCookie Value: 5NUAID4JMFLNGORI9S81LJAIOAPLBC7R |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
thecampbell.ca
52.188.127.53
05d808701b9126207f5675b186b4d43bf5ee97c4e529f0c0c9a7d2cc864a0de8
068c4f76428b99e77b9267710e97e1433e404c1a651a2c164ae6e84631c32f4b
1a710e0436da3045a84a0339a4cc68607c671edd4e095a227a98ca463801061b
23e22334f525b2759e87148b6f29191ac1ebb8d411456a70496e6734f5a5c7dc
252d6031409638366a6b9b2974224fe13c1c75c027330030581913511dd9441e
3d653cbd8561f683dba6e8cc809359354208bd67a88abaa32b76fc9ed4e669f8
440ce5d34159080809d260e9631ccadd36214597cec0dfddf23ba35b7055ce24
55de14b6e7a209964e275b08da5fcc131b058fb04bb781bcaf3386b0e81811ce
5e488f170b828966f0522de04aded0627dadd03efa8f7de63c355bebbfdec926
70848a647d6d22de147a828b5db04c2f60f5fd9bae9b5897d1edc62003a4603d
7d57035f2f546e019581e9022898f64baaecf68941325cbb6d31b6644647258f
863e69af875a8080cabbe30e51e6e3f08c78e4eb71ebc9aee0231567ad64ae97
94590969b4a01e2ce7813a6d8de0175a66218c836f2bf5fbe7691a3056ade21d
a14200871ebe84b70c90160456bae81eb2a5dcbb4fc74a77d46370e0ccb4bb11
c03072b0a2d5c1c0d60120b13eb3470e95d055b82a89b57ca41bdfd76b572282
c4e3f8537ec1bdde74efcf55a65e5f08216f552a34e3d6668936d910158f265c
cd2b2caf88f91cde74e2d96cb52f8259232b53b0d0986a2cda7b44c268a34179
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d5cc95ffbc5998fd8e83313269dd5dfda8bc4c7f06cd737c3179dbe599ba6d87
d5e412541ca37133224786f7bb5f03a7658fa3d79fd11b0967e6cfdb9dbab75e
dabba46db5b26137e324f057fcdacca92fac84025f2243445a4488e6d6ead15a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ed1e8f674a5630102ec1cfafc438f3f88675ac57f576dd0cd26595f5fc07d01f
fb3a6e43bc13dd8ba3d4cb557202ace068d523d832d6a0312efa3282ede43df8