bcschartered.com Open in urlscan Pro
198.251.88.162 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://connecticutrealestateclasses.com/N62/J27/fmhf7eco1egOENSLEB1WOU/%7B%7Bemailb64%7D%7D
Effective URL:
https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}}
Submission: On January 02 via manual (January 2nd 2024, 2:59:33 pm UTC) from IN — Scanned from DE

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 198.251.88.162, located in Luxembourg, Luxembourg and belongs to PONYNET, US. The main domain is bcschartered.com.
TLS certificate: Issued by R3 on December 30th 2023. Valid for: 3 months.

This is the only time bcschartered.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BCE-BellAliant (Telecommunication)

Domain & IP information

	IP Address	AS Autonomous System
1 1	192.185.13.172 192.185.13.172	19871 (NETWORK-S...) (NETWORK-SOLUTIONS-HOSTING)
8	198.251.88.162 198.251.88.162	53667 (PONYNET) (PONYNET)
8	1

1 192.185.13.172 (United States) 1 redirects

ASN19871 (NETWORK-SOLUTIONS-HOSTING, US)
PTR: 192-185-13-172.unifiedlayer.com

connecticutrealestateclasses.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 198.251.88.162 (Luxembourg, Luxembourg)

ASN53667 (PONYNET, US)
PTR: c1.my-control-panel.com

bcschartered.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	bcschartered.com bcschartered.com	82 KB
1	connecticutrealestateclasses.com 1 redirects connecticutrealestateclasses.com	270 B
8	2

	Domain	Requested by
8	bcschartered.com	bcschartered.com
1	connecticutrealestateclasses.com	1 redirects
8	2

This site contains no links.

Subject Issuer	Validity	Valid
*.bcschartered.com R3	`2023-12-30` - `2024-03-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}}
Frame ID: 6F407FBDD7FFF0FEB2E79477870A120B
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bells Email

Page URL History Show full URLs

https://connecticutrealestateclasses.com/N62/J27/fmhf7eco1egOENSLEB1WOU/%7B%7Bemailb64%7D%7D HTTP 302
https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qr... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

82 kB
Transfer

83 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://connecticutrealestateclasses.com/N62/J27/fmhf7eco1egOENSLEB1WOU/%7B%7Bemailb64%7D%7D HTTP 302
https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request bellzAll.php Show response bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/ Redirect Chain https://connecticutrealestateclasses.com/N62/J27/fmhf7eco1egOENSLEB1WOU/%7B%7Bemailb64%7D%7D https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}}	2 KB 1 KB	230ms 56ms	Document text/html	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / PHP/7.4.33 Resource Hash `b82a33331912bfb5c4a65a9984a63dbd27904dec0f089ff4daaa415e076ebf48` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46" cache-control no-store, no-cache, must-revalidate content-encoding br content-length 733 content-type text/html; charset=UTF-8 date Tue, 02 Jan 2024 14:59:28 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server LiteSpeed vary Accept-Encoding x-powered-by PHP/7.4.33 Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Tue, 02 Jan 2024 14:59:27 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} pragma no-cache server Apache
GET H2	200	headerlogo.jpg bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	5 KB 5 KB	58ms 57ms	Image image/jpeg	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/headerlogo.jpg Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `12278e8c8ce810a412a655f72007eb9bdf2285065526f682ca5044b159bb8788` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 4972 expires Tue, 09 Jan 2024 14:59:28 GMT
GET H2	200	textmsg.png bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	3 KB 3 KB	58ms 58ms	Image image/png	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/textmsg.png Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `18334a650cdddc593f2a0cfb3a07de8aeb445fb876c59c023057bfad61c2865b` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 3243 expires Tue, 09 Jan 2024 14:59:28 GMT
GET H2	200	submit.jpg bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	2 KB 2 KB	58ms 58ms	Image image/jpeg	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/submit.jpg Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `4a7d804ead7811b801d515158899b408016b83e3938ff7f05ac8e9c61bc5a207` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 1762 expires Tue, 09 Jan 2024 14:59:28 GMT
GET H2	404	msgboard.jpg bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	33 KB 33 KB	427ms 427ms	Image text/html	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/msgboard.jpg Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / PHP/7.4.33 Resource Hash `e62d3e47cd06933c74e5dc80191b951ae5fe36e10f0c12efd196c3d3a26d38e5` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:29 GMT content-encoding br server LiteSpeed x-powered-by PHP/7.4.33 x-litespeed-cache miss vary Accept-Encoding content-type text/html; charset=UTF-8 x-litespeed-cache-control public,max-age=3600 cache-control no-cache, must-revalidate, max-age=0 x-litespeed-tag 42e_HTTP.404,42e_404,42e_URL.181d46b43add58f0ee7031722c7ba42c,42e_ link <https://bcschartered.com/wp-json/>; rel="https://api.w.org/" expires Wed, 11 Jan 1984 05:00:00 GMT
GET H2	200	copyright.png bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	2 KB 2 KB	58ms 58ms	Image image/png	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/copyright.png Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `5518571d276e064f6b8a40c1703b4520ab52c622b1a89dad3ed8437c5c158253` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/png cache-control public, max-age=604800 accept-ranges bytes content-length 2047 expires Tue, 09 Jan 2024 14:59:28 GMT
GET H2	200	headerbg.jpg bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	381 B 412 B	176ms 176ms	Image image/jpeg	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/headerbg.jpg Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `430e012f0e54db7c7c5e8cc95dbee0d47d3c972b3ddd07852f2c8ef7b6f18cc6` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 381 expires Tue, 09 Jan 2024 14:59:28 GMT
GET H2	200	menuBg.jpg bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/	36 KB 36 KB	113ms 113ms	Image image/jpeg	198.251.88.162 PONYNET
General Check archive.org Show headers Download Go to Show image Full URL https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/menuBg.jpg Requested by Host: bcschartered.com URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} Protocol H2 Security TLS 1.3, , AES_128_GCM Server 198.251.88.162 Luxembourg, Luxembourg, ASN53667 (PONYNET, US), Reverse DNS c1.my-control-panel.com Software LiteSpeed / Resource Hash `47ad59f6d006cdb7355fbb52b0692dfecf144c1e489750e45a57c4a29e51798d` Request headers accept-language de-DE,de;q=0.9 Referer https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/bellzAll.php?email=?hevj&qrc={{emailb64}} User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36 Response headers date Tue, 02 Jan 2024 14:59:28 GMT last-modified Tue, 02 Jan 2024 13:08:17 GMT server LiteSpeed content-type image/jpeg cache-control public, max-age=604800 accept-ranges bytes content-length 36615 expires Tue, 09 Jan 2024 14:59:28 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BCE-BellAliant (Telecommunication)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			connecticutrealestateclasses.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 3939390356844bef5c88b8116c20f84c
			bcschartered.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 37bd0703d1d3ad409d6b1247c22036f2

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://bcschartered.com/bellnet.ca/index-ru/NewbellAliant/wLlyVNC9S6FJbQ/images/msgboard.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bcschartered.com
connecticutrealestateclasses.com
192.185.13.172
198.251.88.162
12278e8c8ce810a412a655f72007eb9bdf2285065526f682ca5044b159bb8788
18334a650cdddc593f2a0cfb3a07de8aeb445fb876c59c023057bfad61c2865b
430e012f0e54db7c7c5e8cc95dbee0d47d3c972b3ddd07852f2c8ef7b6f18cc6
47ad59f6d006cdb7355fbb52b0692dfecf144c1e489750e45a57c4a29e51798d
4a7d804ead7811b801d515158899b408016b83e3938ff7f05ac8e9c61bc5a207
5518571d276e064f6b8a40c1703b4520ab52c622b1a89dad3ed8437c5c158253
b82a33331912bfb5c4a65a9984a63dbd27904dec0f089ff4daaa415e076ebf48
e62d3e47cd06933c74e5dc80191b951ae5fe36e10f0c12efd196c3d3a26d38e5

bcschartered.com Open in urlscan Pro 198.251.88.162 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

1 IPs

2 Countries

82 kBTransfer

83 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

2 Cookies

1 Console Messages

Indicators

bcschartered.com Open in urlscan Pro
198.251.88.162 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

2
Countries

82 kB
Transfer

83 kB
Size

2
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!