www.debitactivate-starthelp.com
Open in
urlscan Pro
2606:4700::6810:f34e
Malicious Activity!
Public Scan
Effective URL: https://www.debitactivate-starthelp.com/login
Submission: On September 29 via automatic, source certstream-suspicious — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on September 29th 2022. Valid for: a year.
This is the only time www.debitactivate-starthelp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 16 | 2606:4700::68... 2606:4700::6810:f34e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 171.159.118.200 171.159.118.200 | 10794 (BANKAMERICA) (BANKAMERICA) | |
20 | 2 |
ASN13335 (CLOUDFLARENET, US)
www.debitactivate-starthelp.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
debitactivate-starthelp.com
1 redirects
www.debitactivate-starthelp.com |
292 KB |
5 |
bankofamerica.com
secure.bankofamerica.com — Cisco Umbrella Rank: 11651 |
61 KB |
20 | 2 |
Domain | Requested by | |
---|---|---|
16 | www.debitactivate-starthelp.com |
1 redirects
www.debitactivate-starthelp.com
|
5 | secure.bankofamerica.com |
www.debitactivate-starthelp.com
|
20 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bankofamerica.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.debitactivate-starthelp.com Cloudflare Inc ECC CA-3 |
2022-09-29 - 2023-09-28 |
a year | crt.sh |
secure.bankofamerica.com Entrust Certification Authority - L1M |
2022-06-27 - 2023-06-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.debitactivate-starthelp.com/login
Frame ID: 361FD809F0DA356BD3029C7A9DAC3B66
Requests: 20 HTTP requests in this frame
Screenshot
Page Title
Bank of America | Online Banking | Log In | User IDPage URL History Show full URLs
-
https://www.debitactivate-starthelp.com/
HTTP 307
https://www.debitactivate-starthelp.com/login Page URL
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Learn about your Banking by Phone options ››
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.debitactivate-starthelp.com/
HTTP 307
https://www.debitactivate-starthelp.com/login Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
www.debitactivate-starthelp.com/ Redirect Chain
|
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20285528fc0664fd.css
www.debitactivate-starthelp.com/_next/static/css/ |
465 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack-bb469f829a664d48.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework-9b5d6ec4444c80fa.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
138 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-3123a443c688934f.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
102 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_app-20b73962947f98fc.js
www.debitactivate-starthelp.com/_next/static/chunks/pages/ |
1 KB 697 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
378-7f91520e427c4e29.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
44 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
107-8eb7cb37ed7e8331.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
78 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
443-62dd299028d36af5.js
www.debitactivate-starthelp.com/_next/static/chunks/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-d48fa9eaa343cf33.js
www.debitactivate-starthelp.com/_next/static/chunks/pages/ |
214 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_buildManifest.js
www.debitactivate-starthelp.com/_next/static/rWwCGPFlD-1KboF2AJ5Wg/ |
2 KB 849 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_ssgManifest.js
www.debitactivate-starthelp.com/_next/static/rWwCGPFlD-1KboF2AJ5Wg/ |
76 B 123 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BofA_rgb.png
www.debitactivate-starthelp.com/images/ |
38 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile_llama.png
www.debitactivate-starthelp.com/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aps-mobile-products-icon-sprite-dev.png
www.debitactivate-starthelp.com/content/images/ContextualSiteGraphics/Instructional/en_US/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fsd-secure-esp-sprite.png
secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/ |
473 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help-qm-fsd.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sign-in-sprite.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gfootb-static-sprite.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ |
48 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gfoot-home-icon.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ |
144 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E undefined| __MIDDLEWARE_MANIFEST object| __BUILD_MANIFEST object| __SSG_MANIFEST0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
secure.bankofamerica.com
www.debitactivate-starthelp.com
171.159.118.200
2606:4700::6810:f34e
0c34151d923447a6c89471c6c94f630297651f6971391e2a9e43bb1995904dd5
0eed4542b90a01be928023ec3dc7abed45c63ffc8067a496863ecef579d4af9f
19f368dc92da70f236d853c51baf78ce455f9893248ef03131b795e052ac0574
1aee3a5f0c4b6735edff60d58f20a936ce11e5d4a36a5a76390aeda043ae4048
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
39a8b95e8e1d955b740fe4806c094c4a457b86168b77c072ac25bd4a61e5beed
47706b3d3e8c19fa3ac752ec25a2a2a536d9025922c98cdafa85ec8a213223e6
5dfe185409ff8cc0e73ea870cbefbcdac38297bbfa69c545686e536f7c51fa64
648c8ca970b06c87695f59b11c03246440c3bdd9a12b3e61a356d2057e3180fc
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
8cd5a6fcd15185a45ee4a2d2d7f3c2029c8061d1724649b95f2c368446b3c549
8dc58748968b0e0b67ceb1a3d2844e6c571a2b652fb81ae835d216d0f3fec0bc
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
d9a6eb9d074ca7c9071479a96b646501d4fca854fabf21043e81cbda2cd6f35f
dca7d358b9ba49b60befdb37a28ff4be77c5581efc284ab556a25ca3f7a0dc20
e182e3257a3b5564f7bfb9fb1c6a1e13f8f7c9a3fa0dd6e39ccf473ef8d4f960
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e