urlscan.io logo urlscan.io
SecurityTrails logo

interac.refunds.etruvian.com Open in urlscan Pro
94.76.205.58  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Submission: On January 07 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 94.76.205.58, located in United Kingdom and belongs to SIMPLYTRANSIT, GB. The main domain is interac.refunds.etruvian.com.
This is the only time interac.refunds.etruvian.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CIBC (Banking)

Domain & IP information

IP Address AS Autonomous System
1 6 94.76.205.58 29550 (SIMPLYTRA...)
5 1
Apex Domain
Subdomains		 Transfer
6 etruvian.com
interac.refunds.etruvian.com
133 KB
5 1
Domain Requested by
6 interac.refunds.etruvian.com 1 redirects interac.refunds.etruvian.com
5 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Frame ID: 171D90CEFE13ACB21B22A4EF81278283
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://interac.refunds.etruvian.com/Deposit/cibc/bank HTTP 301
    http://interac.refunds.etruvian.com/Deposit/cibc/bank/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

133 kB
Transfer

136 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://interac.refunds.etruvian.com/Deposit/cibc/bank HTTP 301
    http://interac.refunds.etruvian.com/Deposit/cibc/bank/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
interac.refunds.etruvian.com/Deposit/cibc/bank/
Redirect Chain
  • http://interac.refunds.etruvian.com/Deposit/cibc/bank
  • http://interac.refunds.etruvian.com/Deposit/cibc/bank/
1 KB
775 B 		Document
General
Check archive.org
Download Go to
Full URL
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Protocol
HTTP/1.1
Server
94.76.205.58 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
dodge.dnshostcentral.com
Software
LiteSpeed /
Resource Hash
7b332990015e2cb79390e8428dad6237ed53239e15ce309f3fc7dbe0040c1e5b

Request headers

Host
interac.refunds.etruvian.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
text/html; charset=UTF-8
Content-Length
568
Content-Encoding
gzip
Vary
Accept-Encoding
Date
Mon, 07 Jan 2019 01:00:58 GMT
Server
LiteSpeed
Connection
Keep-Alive

Redirect headers

Content-Type
text/html
Content-Length
617
Date
Mon, 07 Jan 2019 01:00:58 GMT
Server
LiteSpeed
Location
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Connection
Keep-Alive
Untitled1.css
interac.refunds.etruvian.com/Deposit/cibc/bank/css/ 		2 KB
656 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://interac.refunds.etruvian.com/Deposit/cibc/bank/css/Untitled1.css
Requested by
Host: interac.refunds.etruvian.com
URL: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Protocol
HTTP/1.1
Server
94.76.205.58 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
dodge.dnshostcentral.com
Software
LiteSpeed /
Resource Hash
4dbf2e4f3fa2fd8ac6e90c25c45cd0140f4909a3949311de51cdbebea4e98ef2

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
interac.refunds.etruvian.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 01:00:58 GMT
Content-Encoding
gzip
Last-Modified
Tue, 12 Sep 2017 06:34:52 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Content-Length
340
Expires
Mon, 14 Jan 2019 01:00:58 GMT
index.css
interac.refunds.etruvian.com/Deposit/cibc/bank/css/ 		2 KB
740 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://interac.refunds.etruvian.com/Deposit/cibc/bank/css/index.css
Requested by
Host: interac.refunds.etruvian.com
URL: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Protocol
HTTP/1.1
Server
94.76.205.58 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
dodge.dnshostcentral.com
Software
LiteSpeed /
Resource Hash
1c7c39129188e50939ba5cc60b1bcf55400deb47252d84193e35557e4161190b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
interac.refunds.etruvian.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 01:00:58 GMT
Content-Encoding
gzip
Last-Modified
Tue, 12 Sep 2017 06:34:52 GMT
Server
LiteSpeed
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Content-Length
424
Expires
Mon, 14 Jan 2019 01:00:58 GMT
2.PNG
interac.refunds.etruvian.com/Deposit/cibc/bank/images/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://interac.refunds.etruvian.com/Deposit/cibc/bank/images/2.PNG
Requested by
Host: interac.refunds.etruvian.com
URL: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Protocol
HTTP/1.1
Server
94.76.205.58 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
dodge.dnshostcentral.com
Software
LiteSpeed /
Resource Hash
c75c19f1ce278aab15b0c4adc772b38a9d007c1faf7284684eac620906bc7e1b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
interac.refunds.etruvian.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Connection
keep-alive
Cache-Control
no-cache
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 01:00:58 GMT
Last-Modified
Tue, 12 Sep 2017 06:34:50 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Content-Length
32220
Expires
Mon, 14 Jan 2019 01:00:58 GMT
0.PNG
interac.refunds.etruvian.com/Deposit/cibc/bank/images/ 		99 KB
99 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://interac.refunds.etruvian.com/Deposit/cibc/bank/images/0.PNG
Requested by
Host: interac.refunds.etruvian.com
URL: http://interac.refunds.etruvian.com/Deposit/cibc/bank/
Protocol
HTTP/1.1
Server
94.76.205.58 , United Kingdom, ASN29550 (SIMPLYTRANSIT, GB),
Reverse DNS
dodge.dnshostcentral.com
Software
LiteSpeed /
Resource Hash
4a20795c74dadd6b2ea919d948cfa7967007728df57562bfa96b8f9ac6589f1b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
interac.refunds.etruvian.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/css/index.css
Connection
keep-alive
Cache-Control
no-cache
Referer
http://interac.refunds.etruvian.com/Deposit/cibc/bank/css/index.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 07 Jan 2019 01:00:59 GMT
Last-Modified
Tue, 12 Sep 2017 06:34:50 GMT
Server
LiteSpeed
Content-Type
image/png
Cache-Control
public, max-age=604800
Connection
Keep-Alive
Content-Length
101346
Expires
Mon, 14 Jan 2019 01:00:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CIBC (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask

0 Cookies