cponline-ssx-prod1b.eglobal2.bac.com

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 23.208.160.13, located in New York, United States and belongs to AKAMAI-ASN1, NL. The main domain is cponline-ssx-prod1b.eglobal2.bac.com. The Cisco Umbrella rank of the primary domain is 999376.
TLS certificate: Issued by Entrust Certification Authority - L1M on August 11th 2023. Valid for: a year.

This is the only time cponline-ssx-prod1b.eglobal2.bac.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	23.208.160.13 23.208.160.13		20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	1

5 23.208.160.13 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-208-160-13.deploy.static.akamaitechnologies.com

cponline-ssx-prod1b.eglobal2.bac.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	bac.com cponline-ssx-prod1b.eglobal2.bac.com — Cisco Umbrella Rank: 999376	60 KB
5	1

	Domain	Requested by
5	cponline-ssx-prod1b.eglobal2.bac.com	cponline-ssx-prod1b.eglobal2.bac.com
5	1

This site contains no links.

Subject Issuer	Validity	Valid
online.cashpro.bankofamerica.com Entrust Certification Authority - L1M	`2023-08-11` - `2024-08-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/
Frame ID: 4B0F596D5C4D20D51979E9F67D72834E
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America | Simplified Sign-On | Unauthorized

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

60 kB
Transfer

57 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request / Show response
cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/ 1 KB
2 KB 873ms
124ms Document
text/html 23.208.160.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.208.160.13 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-208-160-13.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

ebda3f577d96da0afd33c53ce2cc941b4daae645b56e448f0375112758615417

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Connection: Keep-Alive
Date: Fri, 15 Dec 2023 15:22:50 GMT
Keep-Alive: timeout=5, max=447
X-Frame-Options: DENY
cache-control: no-cache,no-store,max-age=0
content-length: 1251
content-type: text/html; charset=UTF-8
expires: 0
pragma: no-cache

GET
H/1.1 200
OK common.js Show response
cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/ 319 B
971 B 82ms
81ms Script
application/x-javascript 23.208.160.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/common.js

Requested by

Host: cponline-ssx-prod1b.eglobal2.bac.com
URL: https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.208.160.13 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-208-160-13.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

e3f882db2ef93035a6b9cb36615614f3ed0b261fd5a4c2b73949cb76156650c8

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 15:22:50 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=470
content-length: 319
X-Frame-Options: DENY
content-type: application/x-javascript

GET
H/1.1 200
OK styles.css
cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/ 7 KB
7 KB 87ms
86ms Stylesheet
text/css 23.208.160.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/styles.css

Requested by

Host: cponline-ssx-prod1b.eglobal2.bac.com
URL: https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/common.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.208.160.13 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-208-160-13.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

c3b5b815c46a872a15e3a4ed97155ba31c9cbb967e1cfe7ee2c13b3dfb9f1728

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 15:22:50 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=503
content-length: 6839
X-Frame-Options: DENY
content-type: text/css

GET
H/1.1 200
OK ssoBackgroundTall.jpg
cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/images/ 44 KB
44 KB 156ms
152ms Image
image/jpeg 23.208.160.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/images/ssoBackgroundTall.jpg

Requested by

Host: cponline-ssx-prod1b.eglobal2.bac.com
URL: https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.208.160.13 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-208-160-13.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

efb581113a223be8e863e55bb71326d4a03f9127f0625afd1e36ece3a4bc38a1

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 15:22:50 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=511
content-length: 44675
X-Frame-Options: DENY
content-type: image/jpeg

GET
H/1.1 200
OK ssoTitleSSO.gif
cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/images/ 5 KB
6 KB 240ms
82ms Image
image/gif 23.208.160.13
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/images/ssoTitleSSO.gif

Requested by

Host: cponline-ssx-prod1b.eglobal2.bac.com
URL: https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/styles.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

23.208.160.13 New York, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-208-160-13.deploy.static.akamaitechnologies.com

Software

/

Resource Hash

6165df0a84d64f75902c52e1f73da04208705f935f572a95dd818c83b7d46254

Security Headers

Name	Value
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://cponline-ssx-prod1b.eglobal2.bac.com/pa/assets/boa/css/styles.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Fri, 15 Dec 2023 15:22:50 GMT
Connection: Keep-Alive
Keep-Alive: timeout=5, max=474
content-length: 5448
X-Frame-Options: DENY

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| includeCSSfile object| ismobile

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cponline-ssx-prod1b.eglobal2.bac.com/	1969-12-31 23:59:59	Name: TS01a392a3 Value: 0194d49675a2d90ebbdcb6f7045328f937ec26a062e4f0a89c8f16acc79d2429b111d02961e552d11dab604b7bd25faf03b0a2e0d4

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cponline-ssx-prod1b.eglobal2.bac.com/cpoauthweb/cpo/ Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cponline-ssx-prod1b.eglobal2.bac.com
23.208.160.13
6165df0a84d64f75902c52e1f73da04208705f935f572a95dd818c83b7d46254
c3b5b815c46a872a15e3a4ed97155ba31c9cbb967e1cfe7ee2c13b3dfb9f1728
e3f882db2ef93035a6b9cb36615614f3ed0b261fd5a4c2b73949cb76156650c8
ebda3f577d96da0afd33c53ce2cc941b4daae645b56e448f0375112758615417
efb581113a223be8e863e55bb71326d4a03f9127f0625afd1e36ece3a4bc38a1

cponline-ssx-prod1b.eglobal2.bac.com Open in urlscan Pro 23.208.160.13 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

60 kBTransfer

57 kBSize

1 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Security Headers

Indicators

cponline-ssx-prod1b.eglobal2.bac.com Open in urlscan Pro
23.208.160.13 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

60 kB
Transfer

57 kB
Size

1
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!