application-demande.ceba-cuec.ca
Open in
urlscan Pro
192.124.249.11
Malicious Activity!
Public Scan
Submission: On March 08 via manual from CA — Scanned from CA
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on November 12th 2021. Valid for: a year.
This is the only time application-demande.ceba-cuec.ca was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canadian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 192.124.249.11 192.124.249.11 | 30148 (SUCURI-SEC) (SUCURI-SEC) | |
1 | 2606:4700::68... 2606:4700::6812:bcf | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 2607:f8b0:400... 2607:f8b0:4006:820::200e | 15169 (GOOGLE) (GOOGLE) | |
2 | 2600:1400:d:5... 2600:1400:d:596::fe9 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2607:f8b0:402... 2607:f8b0:4023:1407::9b | 15169 (GOOGLE) (GOOGLE) | |
15 | 5 |
ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10011.sucuri.net
application-demande.ceba-cuec.ca |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ceba-cuec.ca
application-demande.ceba-cuec.ca |
2 MB |
3 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31 |
20 KB |
2 |
canada.ca
www.canada.ca — Cisco Umbrella Rank: 32628 |
5 KB |
1 |
doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 68 |
450 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 620 |
25 KB |
15 | 5 |
Domain | Requested by | |
---|---|---|
8 | application-demande.ceba-cuec.ca |
application-demande.ceba-cuec.ca
|
3 | www.google-analytics.com |
application-demande.ceba-cuec.ca
|
2 | www.canada.ca |
application-demande.ceba-cuec.ca
|
1 | stats.g.doubleclick.net |
application-demande.ceba-cuec.ca
|
1 | maxcdn.bootstrapcdn.com |
application-demande.ceba-cuec.ca
|
15 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.canada.ca |
ceba-cuec.ca |
Subject Issuer | Validity | Valid | |
---|---|---|---|
application-demande.ceba-cuec.ca Sectigo RSA Domain Validation Secure Server CA |
2021-11-12 - 2022-11-12 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-01-29 - 2023-01-29 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
*.canada.ca GeoTrust RSA CA 2018 |
2021-04-22 - 2022-04-27 |
a year | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://application-demande.ceba-cuec.ca/
Frame ID: 8027933B7DADDD5796F95027424E6D8C
Requests: 15 HTTP requests in this frame
Screenshot
Page Title
CEBA Document Upload WebsiteDetected technologies
Adobe Experience Manager (CMS) ExpandDetected patterns
- /etc/designs/
Bootstrap (Web Frameworks) Expand
Detected patterns
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Government of Canada / Gouvernement du Canada
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: CEBA Website
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
application-demande.ceba-cuec.ca/ |
3 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.5.0/css/ |
157 KB 25 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.4261ba9a.chunk.css
application-demande.ceba-cuec.ca/static/css/ |
21 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.17effb1d.chunk.css
application-demande.ceba-cuec.ca/static/css/ |
215 KB 215 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
5.60c53a63.chunk.js
application-demande.ceba-cuec.ca/static/js/ |
1 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.d42a238b.chunk.js
application-demande.ceba-cuec.ca/static/js/ |
196 KB 197 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0.aeb004ca.chunk.js
application-demande.ceba-cuec.ca/static/js/ |
413 KB 414 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ucare-widget-chunk.8547c6cf.chunk.js
application-demande.ceba-cuec.ca/static/js/ |
3 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sig-blk-en.svg
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32c/assets/ |
10 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
denied.svg
application-demande.ceba-cuec.ca/images/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wmms-blk.svg
www.canada.ca/etc/designs/canada/cdts/gcweb/v4_0_32c/assets/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
www.google-analytics.com/j/ |
4 B 158 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 194 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
stats.g.doubleclick.net/j/ |
1 B 450 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canadian Government (Government)17 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored object| webpackJsonpceba-form object| regeneratorRuntime object| __SENTRY__ string| GoogleAnalyticsObject function| ga string| UPLOADCARE_INTEGRATION boolean| UPLOADCARE_LIVE boolean| UPLOADCARE_MANUAL_START object| google_tag_data object| gaplugins object| gaGlobal object| gaData string| UPLOADCARE_LOCALE object| UPLOADCARE_LOCALE_TRANSLATIONS5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
application-demande.ceba-cuec.ca/ | Name: _csrf Value: thXXlkNSInotZBBpAMA-3XBd |
|
application-demande.ceba-cuec.ca/ | Name: XSRF-TOKEN Value: BxbQ1ark-EqSXRgyo4O33fNi42KJygwtUPao |
|
.ceba-cuec.ca/ | Name: _ga Value: GA1.2.347877793.1646756474 |
|
.ceba-cuec.ca/ | Name: _gid Value: GA1.2.1603568341.1646756474 |
|
.ceba-cuec.ca/ | Name: _gat Value: 1 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff nosniff |
X-Frame-Options | SAMEORIGIN DENY |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
application-demande.ceba-cuec.ca
maxcdn.bootstrapcdn.com
stats.g.doubleclick.net
www.canada.ca
www.google-analytics.com
192.124.249.11
2600:1400:d:596::fe9
2606:4700::6812:bcf
2607:f8b0:4006:820::200e
2607:f8b0:4023:1407::9b
10403d91be22d902a3fb8d66a463870f4c4e9b1bfd6e4c0a1e3c708643cad76d
46aecbfa7558964e764e64a3b0765f03aa45e9e1feeb97bdb80526eba3e47e22
4acae27048df47ba68328eccdcc074b9be1b820ce818ee18c104e75538362166
4f736aad88d1d1df8a7dfe9445bcce9b6e80d9414148b6eacdf0ee19d84d256b
680af6669abc319f9803f0fa26d443df1b6bc29133d88a8e4bea560ffed7288c
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d2596c3614aa94cc57b66e213c56cf7f5cdd1bef3ff1f552f263f0b06204658
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a80c90917f685a6c1b2e658a8e9379ace1b52fa90910558c7632d48c291c0eac
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b2e36d892559ddef5691afa5bfba0996945fade837eb649bf6761f583ed95007
c3befc78b8abbb995641a828400926db890875b4a96fe96ce80c519d515cefc9
dc827f391db1b0a6917a1773e98731ab7901dd9897f0ad46c0f797f27f279487
f2c0ed8ab23dc322ccc22dc7152ae9dc87791d62357fc6d01eb1e7e960465519