newstimeafrica.com Open in urlscan Pro
92.205.2.58 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://newstimeafrica.com/Bofa.verify/loading.html
Submission: On May 05 via automatic, source openphish (May 5th 2023, 3:37:24 am UTC) — Scanned from FR

Summary HTTP 11 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 11 HTTP transactions. The main IP is 92.205.2.58, located in Strasbourg, France and belongs to GODADDY-SXB, DE. The main domain is newstimeafrica.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on April 28th 2023. Valid for: 3 months.

This is the only time newstimeafrica.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 3	92.205.2.58 92.205.2.58	21499 (GODADDY-SXB) (GODADDY-SXB)
7	171.161.116.200 171.161.116.200	10794 (BANKAMERICA) (BANKAMERICA)
2	2606:4700::68... 2606:4700::6813:bb61	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	3

3 92.205.2.58 (Strasbourg, France) 1 redirects

ASN21499 (GODADDY-SXB, DE)
PTR: 58.2.205.92.host.secureserver.net

newstimeafrica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.newstimeafrica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 171.161.116.200 (United States)

ASN10794 (BANKAMERICA, US)

secure.bankofamerica.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:bb61 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	bankofamerica.com secure.bankofamerica.com — Cisco Umbrella Rank: 13301	165 KB
3	newstimeafrica.com 1 redirects newstimeafrica.com www.newstimeafrica.com	20 KB
2	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 361	72 KB
11	3

	Domain	Requested by
7	secure.bankofamerica.com	newstimeafrica.com secure.bankofamerica.com
2	cdn.cookielaw.org	newstimeafrica.com
2	newstimeafrica.com	1 redirects
1	www.newstimeafrica.com	newstimeafrica.com
11	4

This site contains links to these domains. Also see Links.

Domain
www.bankofamerica.com
www.onetrust.com

Subject Issuer	Validity	Valid
newstimeafrica.com cPanel, Inc. Certification Authority	`2023-04-28` - `2023-07-27`	3 months	crt.sh
secure.bankofamerica.com Entrust Certification Authority - L1M	`2022-10-03` - `2023-10-03`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://newstimeafrica.com/Bofa.verify/loading.html
Frame ID: E541DEE90C207762622ACFD6BAD39BA6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America | Online Banking | Log In | User IDBack ButtonSearch IconFilter Icon

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org

Page Statistics

11
Requests

91 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

256 kB
Transfer

748 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bankofamerica.com/online-banking/mobile-banking-apps.go
Title: Learn about your Banking by Phone options ››

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/customer-service/contact-us/bank-of-america-login-issues/
Title: Problem logging in?

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/onlinebanking/learning-center.go
Title: Learn more about Online Banking

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/online-banking/service-agreement.go
Title: Service Agreement

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/privacy-overview/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/overview/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/help/equalhousing-popup/
Title: Equal Housing Lender

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/ccpa-disclosure
Title: CCPA Notice

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js HTTP 301
https://www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request loading.html Show response
newstimeafrica.com/Bofa.verify/ 114 KB
19 KB 121ms
63ms Document
text/html 92.205.2.58
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://newstimeafrica.com/Bofa.verify/loading.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 92.205.2.58 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 58.2.205.92.host.secureserver.net
Software: Apache /
Resource Hash: 7e46d0ceb02281a0f56f96ef63f7af0e23673372a1ee963739ae073260b2a6d9

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36
accept-language: fr-FR,fr;q=0.9

Response headers

accept-ranges: bytes
content-encoding: br
content-length: 19795
content-type: text/html
date: Fri, 05 May 2023 03:37:18 GMT
etag: "36206fb-1c846-5fa96610f8a00-br"
last-modified: Sun, 30 Apr 2023 23:51:04 GMT
server: Apache
vary: Accept-Encoding

GET
H/1.1 200
OK vipaa-v4-jawr.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/ 447 KB
66 KB 619ms
130ms Stylesheet
text/css 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

3e83083bfbd6c5b1c882ed14adcf21e9d89eb8530a3d09e9c598232e2f333d89

Security Headers

Name

Value

Content-Security-Policy

script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Age: 778
X-BOA-RequestID: ZCtz9xWLcQuUcEVa-st0jgAAAMk
X-Serviced-By: n4ygah54q1Lfu4jnrePpNA==--NhDlj0KVUSleaoKe2JesUg==
Connection: Keep-Alive
Content-Length: 65647
Last-Modified: Fri, 10 Feb 2023 22:55:28 GMT
ETag: "1006f-5f46064ca497f"
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=318
Expires: Sat, 04 May 2024 03:24:22 GMT

GET
H/1.1 200
OK BofA_rgb.png
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/ 38 KB
24 KB 618ms
129ms Image
image/png 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Last-Modified: Tue, 05 Feb 2019 20:28:24 GMT
Date: Fri, 05 May 2023 03:37:19 GMT
Age: 45
ETag: "99fe-5812b73724a00"
X-BOA-RequestID: ZClnF94Ob_7vDTndcvQiUwAAAhs
Vary: Accept-Encoding
X-Serviced-By: sHjD/p+DIGYmQBd5YX5VEQ==--dwSpWFXF+tS7RTnbYGsLOQ==
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=440
Content-Length: 23389

GET
H/1.1 200
OK mobile_llama.png
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/ 19 KB
20 KB 613ms
128ms Image
image/png 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Last-Modified: Tue, 16 Aug 2022 08:36:34 GMT
Age: 683
ETag: "4adf-5e657a56463dd"
X-BOA-RequestID: ZE0R4BPDK0ytEg6aXsQWQQAAAIQ
X-Serviced-By: fs56UlvaSRWUcRZ/EMlZxQ==--NUGyAwwR3lko2ifqu4SUXw==
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=376
Content-Length: 19167

GET
H/1.1 200
OK vipaa-v4-jawr-print.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/ 10 KB
3 KB 634ms
133ms Stylesheet
text/css 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr-print.css

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Age: 804
X-BOA-RequestID: ZDfE9mtPhXkvM_hNJN9T1QAAAQ4
X-Serviced-By: HZQL6AC4PPknPUXVQRDO2g==--a9Id3AUjdxCjYoozVumTMQ==
Connection: Keep-Alive
Content-Length: 1186
Last-Modified: Fri, 10 Feb 2023 22:55:28 GMT
ETag: "4a2-5f46064ca497f"
Content-Type: text/css
Cache-Control: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=498
Expires: Sat, 04 May 2024 03:23:56 GMT

GET
H2

404

cm-jawr.js
www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/
Redirect Chain

https://newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js
https://www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js

0
0

277ms
276ms

Script
text/html

92.205.2.58
GODADDY-SXB

General

Check archive.org

Show headers Download Go to

Full URL: https://www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js
Requested by: Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html
Protocol: H2
Server: 92.205.2.58 Strasbourg, France, ASN21499 (GODADDY-SXB, DE),
Reverse DNS: 58.2.205.92.host.secureserver.net
Software: /
Resource Hash

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Redirect headers

date: Fri, 05 May 2023 03:37:19 GMT
content-encoding: br
server: Apache
x-powered-by: PHP/7.3.33
x-redirect-by: WordPress
vary: Accept-Encoding
content-type: text/html; charset=UTF-8
location: https://www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js
cache-control: no-cache, must-revalidate, max-age=0
content-length: 1
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 BOA.PNG
cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/ 70 KB
70 KB 74ms
29ms Image
image/png 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/9b1b72d0-06ef-4e7c-9b2a-e8bc09f34daf/5a21514a-3b71-4677-b52d-207b6f11ff68/fceb4368-db91-43cf-af24-36ac5b5badc2/BOA.PNG

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69d3432300ba1610b3b7b677b5e821630636aae7f61c01e1058158e69701b2d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 May 2023 03:37:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: jvB7VcShVhyScfVwMaUaWQ==
age: 76652
content-length: 71361
x-ms-lease-status: unlocked
last-modified: Thu, 13 Oct 2022 13:50:15 GMT
server: cloudflare
etag: 0x8DAAD21DBA3A72F
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 090d06df-501e-0163-3be1-5ad896000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 7c25f1b658d93c74-CDG

GET
H2 200 poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/ 3 KB
2 KB 71ms
27ms Image
image/svg+xml 2606:4700::6813:bb61
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg

Requested by

Host: newstimeafrica.com
URL: https://newstimeafrica.com/Bofa.verify/loading.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:bb61 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://newstimeafrica.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 05 May 2023 03:37:19 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: LpuayL42jB78xRllx0vkOw==
age: 33646
x-ms-lease-status: unlocked
last-modified: Thu, 04 May 2023 03:33:04 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 1e49e0b3-901e-0175-54b2-7e1908000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 7c25f1b658da3c74-CDG

GET
H/1.1 200
OK fsd-secure-esp-sprite.png
secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/ 473 B
2 KB 128ms
128ms Image
image/png 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Last-Modified: Tue, 16 Aug 2022 08:48:42 GMT
Age: 539
ETag: "1d9-5e657d0c8c396"
X-BOA-RequestID: ZDDbbQupbVW6yvRY97HUVgAAAWo
X-Serviced-By: sHjD/p+DIGYmQBd5YX5VEQ==--6Xupa1qjGByQKFbP1ZzNPw==
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=486
Content-Length: 473

GET
H/1.1 200
OK gfootb-static-sprite.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 48 KB
49 KB 128ms
128ms Image
image/png 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Last-Modified: Tue, 16 Aug 2022 08:47:38 GMT
Age: 732
ETag: "be1b-5e657ccf790c0"
X-BOA-RequestID: ZE6kOX68dh11rqigoCTlVQAAAX0
X-Serviced-By: sHjD/p+DIGYmQBd5YX5VEQ==--NUGyAwwR3lko2ifqu4SUXw==
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=194
Content-Length: 48667

GET
H/1.1 200
OK gfoot-home-icon.png
secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/ 144 B
2 KB 127ms
127ms Image
image/png 171.161.116.200
BANKAMERICA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.bankofamerica.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png

Requested by

Host: secure.bankofamerica.com
URL: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

171.161.116.200 , United States, ASN10794 (BANKAMERICA, US),

Reverse DNS

Software

Resource Hash

a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452

Security Headers

Name

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

accept-language: fr-FR,fr;q=0.9
Referer: https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/9.5/style/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.63 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Date: Fri, 05 May 2023 03:37:19 GMT
Last-Modified: Tue, 16 Aug 2022 08:47:37 GMT
Age: 883
ETag: "90-5e657cce98aed"
X-BOA-RequestID: ZC4gkxKZCZCfZGKHdJHHRwAAANE
X-Serviced-By: HZQL6AC4PPknPUXVQRDO2g==--dpRtaY7fpVyntLTJo7Oulg==
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=40, max=496
Content-Length: 144

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.newstimeafrica.com/pa/components/bundles/text-decompressed/xengine/VIPAA/9.5/script/cm-jawr.js Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
newstimeafrica.com
secure.bankofamerica.com
www.newstimeafrica.com
171.161.116.200
2606:4700::6813:bb61
92.205.2.58
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
3e83083bfbd6c5b1c882ed14adcf21e9d89eb8530a3d09e9c598232e2f333d89
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
69d3432300ba1610b3b7b677b5e821630636aae7f61c01e1058158e69701b2d5
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
7e46d0ceb02281a0f56f96ef63f7af0e23673372a1ee963739ae073260b2a6d9
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

newstimeafrica.com Open in urlscan Pro 92.205.2.58 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

91 %HTTPS

33 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

256 kBTransfer

748 kBSize

0 Cookies

9 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

1 Console Messages

Indicators

newstimeafrica.com Open in urlscan Pro
92.205.2.58 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

256 kB
Transfer

748 kB
Size

0
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!