ba-6r5aq.ondigitalocean.app
Open in
urlscan Pro
2606:4700::6810:f44e
Malicious Activity!
Public Scan
Submission: On September 29 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 7th 2022. Valid for: a year.
This is the only time ba-6r5aq.ondigitalocean.app was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
15 | 2606:4700::68... 2606:4700::6810:f44e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
5 | 171.161.102.200 171.161.102.200 | 10794 (BANKAMERICA) (BANKAMERICA) | |
20 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
ondigitalocean.app
ba-6r5aq.ondigitalocean.app |
292 KB |
5 |
bankofamerica.com
secure.bankofamerica.com — Cisco Umbrella Rank: 11651 |
61 KB |
20 | 2 |
Domain | Requested by | |
---|---|---|
15 | ba-6r5aq.ondigitalocean.app |
ba-6r5aq.ondigitalocean.app
|
5 | secure.bankofamerica.com |
ba-6r5aq.ondigitalocean.app
|
20 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.bankofamerica.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-04-07 - 2023-04-07 |
a year | crt.sh |
secure.bankofamerica.com Entrust Certification Authority - L1M |
2022-06-27 - 2023-06-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ba-6r5aq.ondigitalocean.app/login
Frame ID: 7E76360E7CC16E6BE602E06697980030
Requests: 20 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Title: Learn about your Banking by Phone options ››
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login
ba-6r5aq.ondigitalocean.app/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
20285528fc0664fd.css
ba-6r5aq.ondigitalocean.app/_next/static/css/ |
465 KB 64 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
webpack-bb469f829a664d48.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
framework-9b5d6ec4444c80fa.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
138 KB 45 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main-3123a443c688934f.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
102 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_app-20b73962947f98fc.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/pages/ |
1 KB 697 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
378-7f91520e427c4e29.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
44 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
107-8eb7cb37ed7e8331.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
78 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
443-62dd299028d36af5.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
login-c798220c09769b78.js
ba-6r5aq.ondigitalocean.app/_next/static/chunks/pages/ |
214 KB 36 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_buildManifest.js
ba-6r5aq.ondigitalocean.app/_next/static/hjfUMZcZ6o7ijh8eO9w3M/ |
2 KB 853 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_ssgManifest.js
ba-6r5aq.ondigitalocean.app/_next/static/hjfUMZcZ6o7ijh8eO9w3M/ |
76 B 123 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BofA_rgb.png
ba-6r5aq.ondigitalocean.app/images/ |
38 KB 39 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mobile_llama.png
ba-6r5aq.ondigitalocean.app/images/ |
19 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aps-mobile-products-icon-sprite-dev.png
ba-6r5aq.ondigitalocean.app/content/images/ContextualSiteGraphics/Instructional/en_US/ |
2 KB 2 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fsd-secure-esp-sprite.png
secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/ |
473 B 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
help-qm-fsd.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sign-in-sprite.png
secure.bankofamerica.com/pa/global-assets/1.0/graphic/ |
3 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gfootb-static-sprite.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ |
48 KB 49 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
gfoot-home-icon.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ |
144 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)20 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| webpackChunk_N_E object| regeneratorRuntime function| __next_require__ object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E undefined| __MIDDLEWARE_MANIFEST object| __BUILD_MANIFEST object| __SSG_MANIFEST0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ba-6r5aq.ondigitalocean.app
secure.bankofamerica.com
171.161.102.200
2606:4700::6810:f44e
0c34151d923447a6c89471c6c94f630297651f6971391e2a9e43bb1995904dd5
0eed4542b90a01be928023ec3dc7abed45c63ffc8067a496863ecef579d4af9f
19f368dc92da70f236d853c51baf78ce455f9893248ef03131b795e052ac0574
1aee3a5f0c4b6735edff60d58f20a936ce11e5d4a36a5a76390aeda043ae4048
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
47706b3d3e8c19fa3ac752ec25a2a2a536d9025922c98cdafa85ec8a213223e6
593f7cf113cbaf9d601a6a7447a44674b584ec01b32e4d822f98a744fa9886d9
5dfe185409ff8cc0e73ea870cbefbcdac38297bbfa69c545686e536f7c51fa64
648c8ca970b06c87695f59b11c03246440c3bdd9a12b3e61a356d2057e3180fc
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
7bf9d2c4cbd723f9f37d6e4f2305da85f0afe7927e52f8ba6a17d506829f7884
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
b2d2a55f3eb6c4b424702cdd740c82baf1105bfe96add0a6725730a4318dd86c
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
cebbb1861367b5216aa6dd9468a629d3d107403d79834fa43b6ae3c391064089
dca7d358b9ba49b60befdb37a28ff4be77c5581efc284ab556a25ca3f7a0dc20
e182e3257a3b5564f7bfb9fb1c6a1e13f8f7c9a3fa0dd6e39ccf473ef8d4f960
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e