bankofamerica.singletact.com Open in urlscan Pro
107.180.41.126 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bankofamerica.singletact.com/
Effective URL:
http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&...
Submission: On March 28 via api (March 28th 2023, 3:13:50 pm UTC) from US — Scanned from US

Summary HTTP 8 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 107.180.41.126, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is bankofamerica.singletact.com.

This is the only time bankofamerica.singletact.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: M&T Bank (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 9	107.180.41.126 107.180.41.126		26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC)
8	1

9 107.180.41.126 (Ashburn, United States) 1 redirects

ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: 126.41.180.107.host.secureserver.net

bankofamerica.singletact.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	singletact.com 1 redirects bankofamerica.singletact.com	171 KB
8	1

	Domain	Requested by
9	bankofamerica.singletact.com	1 redirects bankofamerica.singletact.com
8	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf
Frame ID: FC9089249BB6A304030AB8766BC27AB0
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to Online Banking | M&T Bank

Page URL History Show full URLs

http://bankofamerica.singletact.com/ HTTP 302
http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e3... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

171 kB
Transfer

398 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bankofamerica.singletact.com/ HTTP 302
http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request signin.php Show response bankofamerica.singletact.com/ Redirect Chain http://bankofamerica.singletact.com/ http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6...	9 KB 2 KB	71ms 71ms	Document text/html	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / PHP/7.4.33 Resource Hash `3da3bf82cf85523c61d3fd62f112a1894d5ce3235d080979d1d23804ceb229b2` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 accept-language en-US,en;q=0.9 Response headers Accept-Ranges none Connection Keep-Alive Content-Encoding gzip Content-Length 2088 Content-Type text/html; charset=UTF-8 Date Tue, 28 Mar 2023 15:13:41 GMT Keep-Alive timeout=5 Server Apache Vary Accept-Encoding X-Powered-By PHP/7.4.33 Redirect headers Connection Upgrade, Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Tue, 28 Mar 2023 15:13:41 GMT Keep-Alive timeout=5 Server Apache Upgrade h2,h2c Vary Accept-Encoding X-Powered-By PHP/7.4.33 location signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf
GET H/1.1	200 OK	css.css bankofamerica.singletact.com/xAssets/login_files/	252 KB 30 KB	227ms 226ms	Stylesheet text/css	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://bankofamerica.singletact.com/xAssets/login_files/css.css Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `46ebb1ea208b5cd44e87fa4123218222749013e3787c729b567f40531460bf5e` Request headers accept-language en-US,en;q=0.9 Referer http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Content-Encoding gzip Last-Modified Thu, 14 Apr 2022 20:13:04 GMT Server Apache Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges none Keep-Alive timeout=5 Content-Length 30084
GET H/1.1	200 OK	mtb-logo.svg bankofamerica.singletact.com/xAssets/login_files/	2 KB 2 KB	176ms 124ms	Image image/svg+xml	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://bankofamerica.singletact.com/xAssets/login_files/mtb-logo.svg Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac` Request headers accept-language en-US,en;q=0.9 Referer http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 19:54:40 GMT Server Apache ETag "39e0ead-7f7-5dca2aa170000" Vary Accept-Encoding Upgrade h2,h2c Content-Type image/svg+xml Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 2039
GET H/1.1	200 OK	mtb-equalhousinglender.svg bankofamerica.singletact.com/xAssets/login_files/	230 B 550 B	130ms 77ms	Image image/svg+xml	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://bankofamerica.singletact.com/xAssets/login_files/mtb-equalhousinglender.svg Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad` Request headers accept-language en-US,en;q=0.9 Referer http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 19:54:40 GMT Server Apache ETag "39e0eaa-e6-5dca2aa170000" Vary Accept-Encoding Upgrade h2,h2c Content-Type image/svg+xml Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 230
GET H/1.1	200 OK	mtb-entrust.svg bankofamerica.singletact.com/xAssets/login_files/	1 KB 2 KB	126ms 73ms	Image image/svg+xml	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Show image Full URL http://bankofamerica.singletact.com/xAssets/login_files/mtb-entrust.svg Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5` Request headers accept-language en-US,en;q=0.9 Referer http://bankofamerica.singletact.com/signin.php?cmd=login_submit&id=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf&session=320cd199510e317eee2757ce6f42a4cf320cd199510e317eee2757ce6f42a4cf User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 19:54:40 GMT Server Apache ETag "39e0ea9-545-5dca2aa170000" Vary Accept-Encoding Upgrade h2,h2c Content-Type image/svg+xml Connection Upgrade, Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 1349
GET H/1.1	200 OK	mandtbaltoweb-book.woff bankofamerica.singletact.com/xAssets/login_files/	66 KB 66 KB	144ms 142ms	Font font/woff	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://bankofamerica.singletact.com/xAssets/login_files/mandtbaltoweb-book.woff Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/xAssets/login_files/css.css Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2` Request headers Referer http://bankofamerica.singletact.com/xAssets/login_files/css.css Origin http://bankofamerica.singletact.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 20:09:58 GMT Server Apache ETag "39e0d4d-10857-5dca2e0ce9180" Vary Accept-Encoding Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 67671
GET H/1.1	200 OK	mandtpg-iconfont.woff bankofamerica.singletact.com/xAssets/login_files/	5 KB 5 KB	142ms 140ms	Font font/woff	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://bankofamerica.singletact.com/xAssets/login_files/mandtpg-iconfont.woff Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/xAssets/login_files/css.css Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `13cd97f61b02de2037eda5cdf7a163e560ba5ceb2685569189bf15396398c32a` Request headers Referer http://bankofamerica.singletact.com/xAssets/login_files/css.css Origin http://bankofamerica.singletact.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 20:12:44 GMT Server Apache ETag "39e0ea8-12a8-5dca2eab38700" Vary Accept-Encoding Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 4776
GET H/1.1	200 OK	mandtbaltoweb-medium.woff bankofamerica.singletact.com/xAssets/login_files/	63 KB 63 KB	125ms 124ms	Font font/woff	107.180.41.126 AS-26496-GO-DADDY...
General Check archive.org Show headers Download Go to Full URL http://bankofamerica.singletact.com/xAssets/login_files/mandtbaltoweb-medium.woff Requested by Host: bankofamerica.singletact.com URL: http://bankofamerica.singletact.com/xAssets/login_files/css.css Protocol HTTP/1.1 Server 107.180.41.126 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US), Reverse DNS 126.41.180.107.host.secureserver.net Software Apache / Resource Hash `b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc` Request headers Referer http://bankofamerica.singletact.com/xAssets/login_files/css.css Origin http://bankofamerica.singletact.com accept-language en-US,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.110 Safari/537.36 Response headers Date Tue, 28 Mar 2023 15:13:42 GMT Last-Modified Thu, 14 Apr 2022 20:08:04 GMT Server Apache ETag "39e0d4e-fb3e-5dca2da031100" Vary Accept-Encoding Content-Type font/woff Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 64318

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: M&T Bank (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			bankofamerica.singletact.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 523e5d4e2de8b68e12f0f550f9efe4df

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bankofamerica.singletact.com
107.180.41.126
13cd97f61b02de2037eda5cdf7a163e560ba5ceb2685569189bf15396398c32a
3da3bf82cf85523c61d3fd62f112a1894d5ce3235d080979d1d23804ceb229b2
4029a5a081992259f4e529190b49dbba893931da4e843dd203449f1b9a4509d2
46ebb1ea208b5cd44e87fa4123218222749013e3787c729b567f40531460bf5e
5f5b0d9f678fe446631a33a4cbbe891a01b0ed972143702e67ae6617367096ac
b2ef3bd17aa6bc2daa7b1209f7848b30c64f3068e43162b09a216639ab430ce5
b391b55f950528937beee7687717a4aef81196817834f1c93b099713ff738fbc
d58eb2802f72d0c6b1d944a1335e8fb914af44b51fe16097aad994c15b8cfbad

bankofamerica.singletact.com Open in urlscan Pro 107.180.41.126 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

8 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

171 kBTransfer

398 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

8 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Indicators

bankofamerica.singletact.com Open in urlscan Pro
107.180.41.126 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

171 kB
Transfer

398 kB
Size

1
Cookies

8 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!