bankofamericax13.webcindario.com
Open in
urlscan Pro
5.57.226.202
Malicious Activity!
Public Scan
Effective URL: https://bankofamericax13.webcindario.com/5f11e151/signOnV2Screen.php
Submission: On June 18 via automatic, source openphish
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on April 15th 2019. Valid for: 3 months.
This is the only time bankofamericax13.webcindario.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
4 | 5.57.226.202 5.57.226.202 | 29119 (SERVIHOST...) (SERVIHOSTING-AS AireNetworks - StackScale) | |
2 | 2a00:1450:400... 2a00:1450:4001:824::2008 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
3 | 2a00:1450:400... 2a00:1450:4001:81c::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 | 2a00:1450:400... 2a00:1450:4001:808::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2606:4700:20:... 2606:4700:20::6819:ce08 | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
1 | 54.77.148.103 54.77.148.103 | 16509 (AMAZON-02) (AMAZON-02 - Amazon.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:809::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 2a00:1450:400... 2a00:1450:4001:81d::2002 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
23 | 10 |
ASN29119 (SERVIHOSTING-AS AireNetworks - StackScale, ES)
bankofamericax13.webcindario.com |
ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com |
ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com |
ASN15169 (GOOGLE - Google LLC, US)
pagead2.googlesyndication.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
hosting.miarroba.info |
ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-77-148-103.eu-west-1.compute.amazonaws.com
des.smartclip.net |
ASN15169 (GOOGLE - Google LLC, US)
adservice.google.de |
ASN15169 (GOOGLE - Google LLC, US)
adservice.google.com | |
www.googletagservices.com |
ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
googlesyndication.com
pagead2.googlesyndication.com Failed |
190 KB |
4 |
webcindario.com
bankofamericax13.webcindario.com |
849 KB |
3 |
google-analytics.com
www.google-analytics.com |
35 KB |
2 |
doubleclick.net
googleads.g.doubleclick.net |
|
2 |
googletagmanager.com
www.googletagmanager.com |
37 KB |
1 |
googletagservices.com
www.googletagservices.com |
28 KB |
1 |
google.com
adservice.google.com |
481 B |
1 |
google.de
adservice.google.de |
481 B |
1 |
smartclip.net
des.smartclip.net |
503 B |
1 |
miarroba.info
hosting.miarroba.info Failed |
427 B |
23 | 10 |
Domain | Requested by | |
---|---|---|
4 | pagead2.googlesyndication.com |
bankofamericax13.webcindario.com
pagead2.googlesyndication.com |
4 | bankofamericax13.webcindario.com |
bankofamericax13.webcindario.com
|
3 | www.google-analytics.com |
www.googletagmanager.com
bankofamericax13.webcindario.com |
2 | googleads.g.doubleclick.net |
pagead2.googlesyndication.com
|
2 | www.googletagmanager.com |
bankofamericax13.webcindario.com
|
1 | www.googletagservices.com |
pagead2.googlesyndication.com
|
1 | adservice.google.com |
pagead2.googlesyndication.com
|
1 | adservice.google.de |
pagead2.googlesyndication.com
|
1 | des.smartclip.net |
bankofamericax13.webcindario.com
|
1 | hosting.miarroba.info |
bankofamericax13.webcindario.com
|
23 | 10 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
webcindario.com Let's Encrypt Authority X3 |
2019-04-15 - 2019-07-14 |
3 months | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2019-05-21 - 2019-08-13 |
3 months | crt.sh |
*.g.doubleclick.net Google Internet Authority G3 |
2019-05-21 - 2019-08-13 |
3 months | crt.sh |
ssl391079.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-03-13 - 2019-09-19 |
6 months | crt.sh |
*.smartclip.net Amazon |
2019-03-28 - 2020-04-28 |
a year | crt.sh |
*.google.com Google Internet Authority G3 |
2019-05-21 - 2019-08-13 |
3 months | crt.sh |
This page contains 4 frames:
Primary Page:
https://bankofamericax13.webcindario.com/5f11e151/signOnV2Screen.php
Frame ID: 4D39C2F18227466462BC261912730F79
Requests: 20 HTTP requests in this frame
Frame:
https://pagead2.googlesyndication.com/pagead/js/r20190612/r20190131/show_ads_impl.js
Frame ID: B19398DA62080328F74943B207DFABCF
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/html/r20190612/r20190131/zrt_lookup.html
Frame ID: 6CE5F280CD9ABDD0C5E45602AD5ABC11
Requests: 1 HTTP requests in this frame
Frame:
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7294310421616689&output=html&adk=1812271804&adf=3025194257&lmt=1560834240&plat=1%3A32776%2C2%3A32776%2C8%3A32776%2C9%3A32776%2C16%3A8388608%2C30%3A1081344&guci=1.2.0.0.2.2.0.0&format=0x0&url=https%3A%2F%2Fbankofamericax13.webcindario.com%2F5f11e151%2FsignOnV2Screen.php&ea=0&flash=0&pra=5&wgl=1&dt=1560834240159&bpp=29&bdt=44&fdt=74&idt=74&shv=r20190612&cbv=r20190131&saldr=aa&abxe=1&nras=1&correlator=7733967607764&frm=20&pv=2&ga_vid=1871513158.1560834240&ga_sid=1560834240&ga_hid=630042235&ga_fc=0&iag=0&icsg=33440&dssz=11&mdo=0&mso=0&u_tz=0&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=0&ady=0&biw=1585&bih=1200&scr_x=0&scr_y=0&eid=21060853&oid=3&ref=https%3A%2F%2Fbankofamericax13.webcindario.com%2F5f11e151%2F&rx=0&eae=2&fc=1936&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=16&bc=31&osw_key=1215343&ifi=0&uci=0.irrxhugzwx66&fsb=1&dtd=91
Frame ID: 4FE73E5EECC51E342DD43D015D0A714A
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://bankofamericax13.webcindario.com/5f11e151/ Page URL
- https://bankofamericax13.webcindario.com/5f11e151/signOnV2Screen.php Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google AdSense (Advertising Networks) Expand
Detected patterns
- script /googlesyndication\.com\//i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://bankofamericax13.webcindario.com/5f11e151/ Page URL
- https://bankofamericax13.webcindario.com/5f11e151/signOnV2Screen.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bankofamericax13.webcindario.com/5f11e151/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
hosting.miarroba.info/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
48 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
signOnV2Screen.php
bankofamericax13.webcindario.com/5f11e151/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
collect
www.google-analytics.com/r/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ |
90 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
m.png
bankofamericax13.webcindario.com/5f11e151/ |
277 KB 278 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.PNG
bankofamericax13.webcindario.com/5f11e151/images/ |
567 KB 568 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
hosting.miarroba.info/ |
0 427 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ |
48 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ads
des.smartclip.net/ |
20 B 503 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
43 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.de/adsid/ |
109 B 481 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
integrator.js
adservice.google.com/adsid/ |
109 B 481 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190612/r20190131/ |
211 KB 78 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
show_ads_impl.js
pagead2.googlesyndication.com/pagead/js/r20190612/r20190131/ Frame B193 |
211 KB 78 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ca-pub-7294310421616689.js
pagead2.googlesyndication.com/pub-config/r20160913/ |
108 B 270 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20190612/r20190131/ Frame 6CE5 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
collect
www.google-analytics.com/ |
35 B 99 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ads
googleads.g.doubleclick.net/pagead/ Frame 4FE7 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
osd.js
www.googletagservices.com/activeview/js/current/ |
75 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- pagead2.googlesyndication.com
- URL
- https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
- Domain
- hosting.miarroba.info
- URL
- https://hosting.miarroba.info/?__muid=001ffa030892481b9414aad91a971f61f70e2112&h=1869871&t=1560834240&k=4e0f3c47c52d7f4a7407a751679f4a7d
- Domain
- www.google-analytics.com
- URL
- https://www.google-analytics.com/r/collect?v=1&_v=j76&a=868324829&t=pageview&_s=1&dl=https%3A%2F%2Fbankofamericax13.webcindario.com%2F5f11e151%2F&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAABC~&jid=60832537&gjid=1416588999&cid=1871513158.1560834240&tid=UA-597118-7&_gid=849192226.1560834240&_r=1>m=2wg651T2VG59&z=1825813284
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| dataLayer object| adsbygoogle object| s string| t object| google_tag_manager string| GoogleAnalyticsObject function| mia_ga object| google_js_reporting_queue object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| googleToken object| googleIMState function| processGoogleToken object| google_reactive_ads_global_state object| google_sa_queue object| google_sl_win function| google_process_slots function| google_spfd object| google_sv_map object| google_t12n_vars object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| google_sa_impl object| google_jobrunner object| google_persistent_state_async object| __google_ad_urls number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages object| google_iframe_oncopy function| Goog_AdSense_getAdAdapterInstance boolean| google_osd_loaded boolean| google_onload_fired function| Goog_Osd_UnloadAdBlock function| Goog_Osd_UpdateElementToMeasure function| google_osd_amcb5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
|
.bankofamericax13.webcindario.com/ | Name: _gat_UA-597118-7 Value: 1 |
|
.bankofamericax13.webcindario.com/ | Name: _gid Value: GA1.3.849192226.1560834240 |
|
.bankofamericax13.webcindario.com/ | Name: _ga Value: GA1.3.1871513158.1560834240 |
|
.webcindario.com/ | Name: __muid Value: 001ffa030892481b9414aad91a971f61f70e2112 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
adservice.google.com
adservice.google.de
bankofamericax13.webcindario.com
des.smartclip.net
googleads.g.doubleclick.net
hosting.miarroba.info
pagead2.googlesyndication.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
hosting.miarroba.info
pagead2.googlesyndication.com
www.google-analytics.com
2606:4700:20::6819:ce08
2a00:1450:4001:808::2002
2a00:1450:4001:809::2002
2a00:1450:4001:81c::200e
2a00:1450:4001:81d::2002
2a00:1450:4001:820::2002
2a00:1450:4001:824::2008
5.57.226.202
54.77.148.103
02b111f86134ca03dd47d0d23ac95abaa0a1ee7447380120d234c55005bc3951
0482a98d09daebc18a0d2e1ed8f748da5b0179e61223ed541101df1f4699f073
2dd8fb1774a42305356216906f8d96a5ffc2309c5e6d0fa9a7d7f30c64bb25f8
617229202229089622770a111fef4f514877475b89056525185a70e0cbc5bc95
7285303c6f1bd19a091fb8046d1c43704c3f846461b957fe4198c3e051fce7eb
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
9e2c3501650bf50a4d7d890902dbcba693e66ae153e6661edefa17ae5ec6207b
ac4a458417bc7bcb30c856c778b0ffa471aa934335c41916f8c0ca607918de0f
ad556892c91cdc3a9309e6efec918f6d02b423554f704546838947e1c39948e0
b6fbc563b614beb07727882bbbd837a37eac55c3eae9622c68294e6158d604c7
ca2e312d4162f4f2429ebe946b3d2253fff2055139dcda3f6f7391fda64e78d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec45364dcda1c5da8dd39c63002dc7b2407a73c1436136a7b2351db7f67eaab6