urlscan.io logo urlscan.io
SecurityTrails logo

secmail-boa.shared01.workers.dev Open in urlscan Pro
2606:4700:3031::ac43:ade7  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secmail-boa.oauth-us.workers.dev/
Effective URL: https://secmail-boa.shared01.workers.dev/
Submission: On August 08 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3031::ac43:ade7, located in United States and belongs to CLOUDFLARENET, US. The main domain is secmail-boa.shared01.workers.dev.
TLS certificate: Issued by WE1 on June 14th 2024. Valid for: 3 months.
This is the only time secmail-boa.shared01.workers.dev was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 107.23.242.245 14618 (AMAZON-AES)
1 2606:4700:303... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a04:4e42:400... 54113 (FASTLY)
9 148.163.158.107 22843 (PROOFPOIN...)
1 198.54.116.86 22612 (NAMECHEAP...)
16 7
1    2606:4700:3034::ac43:c6da (United States)

ASN13335 (CLOUDFLARENET, US)
secmail-boa.oauth-us.workers.dev
1    107.23.242.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-242-245.compute-1.amazonaws.com
secmail-boa.glitch.me
1    2606:4700:3031::ac43:ade7 (United States)

ASN13335 (CLOUDFLARENET, US)
secmail-boa.shared01.workers.dev
1    2607:f8b0:400d:c0e::5f (Morganton, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2a04:4e42:400::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
9    148.163.158.107 (United States)

ASN22843 (PROOFPOINT-ASN-US-EAST, US)
PTR: mx0b-0000ec08.pphosted.com
secmail.bankofamerica.com
1    198.54.116.86 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server86-4.web-hosting.com
linkgrid.xyz
Apex Domain
Subdomains		 Transfer
9 bankofamerica.com
secmail.bankofamerica.com — Cisco Umbrella Rank: 197810
987 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
108 KB
2 workers.dev
secmail-boa.oauth-us.workers.dev
secmail-boa.shared01.workers.dev
79 KB
1 linkgrid.xyz
linkgrid.xyz
7 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
30 KB
1 glitch.me
secmail-boa.glitch.me
1 KB
16 6
Domain Requested by
9 secmail.bankofamerica.com secmail-boa.glitch.me
secmail-boa.shared01.workers.dev
2 code.jquery.com secmail-boa.glitch.me
1 linkgrid.xyz
1 ajax.googleapis.com secmail-boa.glitch.me
1 secmail-boa.shared01.workers.dev secmail-boa.glitch.me
1 secmail-boa.glitch.me
1 secmail-boa.oauth-us.workers.dev 1 redirects
16 7

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
shared01.workers.dev
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
secmail.bankofamerica.com
Entrust Certification Authority - L1M		 2024-07-09 -
2025-07-16		 a year crt.sh
linkgrid.xyz
Sectigo RSA Domain Validation Secure Server CA		 2024-06-17 -
2025-06-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://secmail-boa.shared01.workers.dev/
Frame ID: 7C06CA9FCE8763D4B7418581BE86E20C
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Encrypted Email Login

Page URL History Show full URLs

  1. https://secmail-boa.oauth-us.workers.dev/ HTTP 302
    https://secmail-boa.glitch.me/ Page URL
  2. https://secmail-boa.shared01.workers.dev/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

57 %
IPv6

6
Domains

7
Subdomains

7
IPs

1
Countries

1211 kB
Transfer

2821 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secmail-boa.oauth-us.workers.dev/ HTTP 302
    https://secmail-boa.glitch.me/ Page URL
  2. https://secmail-boa.shared01.workers.dev/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://secmail-boa.oauth-us.workers.dev/ HTTP 302
  • https://secmail-boa.glitch.me/

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
secmail-boa.glitch.me/
Redirect Chain
  • https://secmail-boa.oauth-us.workers.dev/
  • https://secmail-boa.glitch.me/
743 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secmail-boa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.242.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-242-245.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
743
content-type
text/html; charset=utf-8
date
Thu, 08 Aug 2024 13:10:23 GMT
etag
"5d18c5f3a69a31dcd3d6c377e92a7c29"
last-modified
Thu, 08 Aug 2024 00:43:25 GMT
server
AmazonS3
x-amz-id-2
mo2PtsyNoTA4ycKUXGPHwxAp3t3+92hhNehOjfkAnxn2iQsA7ujgrj7bZYup1OGdoQwIyuU8x4Y=
x-amz-request-id
Z9W98ZEBGC9HK6F8
x-amz-server-side-encryption
AES256
x-amz-version-id
DUw691VAXrX1EyYgQyStQJj.Glw5Oa2o

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-ray
8affbf0b2fb41916-EWR
content-length
0
date
Thu, 08 Aug 2024 13:10:23 GMT
location
https://secmail-boa.glitch.me/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JL7lFdlF77Oh%2F9xmniTM10uK5QH3wof19lndnt5Ji9UEdvwUzTQsiWAL9tCiONckJdVKoxNTRwhTKcvn8D2BW8Ghn6H2xltBHQGljoMjNLJEChVGMFogwQEEmeftDKHCryD4gvGdvJwMsoaOPlui4VW9%2FTUliAJZmrivgWp18A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
Primary Request /
secmail-boa.shared01.workers.dev/ 		1 MB
78 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secmail-boa.shared01.workers.dev/
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3031::ac43:ade7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbae890c4a2890590c812ae714032ea840d232650d374da188c687dbb5b7c51e

Request headers

Referer
https://secmail-boa.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cf-ray
8affbf0edecc6a58-EWR
content-encoding
br
content-type
text/html;charset=UTF-8
date
Thu, 08 Aug 2024 13:10:23 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xJefbf5waNRYSPSrWAUISG7XeV9fmLdhsglgd872LkWUuvuk1MdvxWl%2BapbyDfFNswQI9IPzSq70DCFyACR0GYNbPdZCm6Ku%2FrDFtAV66oZlaGIsTXVwUYxPgdgLRzZGSSkrQwmqYiqIyyuEeSFFyZVc%2FIKM%2BruBiWuMX8vhwA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:400d:c0e::5f Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 08 Aug 2024 01:56:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
40451
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 08 Aug 2025 01:56:13 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 08 Aug 2024 13:10:24 GMT
content-encoding
gzip
via
1.1 varnish
age
1912760
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
30070
x-served-by
cache-lga21949-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1723122624.148845,VS0,VE0
etag
W/"28feccc0-152b5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
16271
jquery-3.3.1.js
code.jquery.com/ 		265 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.js
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
Origin
https://secmail-boa.shared01.workers.dev
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Thu, 08 Aug 2024 13:10:24 GMT
content-encoding
gzip
via
1.1 varnish
age
1393553
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
80268
x-served-by
cache-lga21977-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1723122624.148542,VS0,VE0
etag
W/"28feccc0-42587"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
7111
theme.css.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		25 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
4e4a1edd64e32c55bb71e49fddaf41ee58aad04bdc1570a93a89645cb3c09895
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"24683-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
components.css.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		92 KB
92 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
19846dea837aa2a28869f608db27827473e96713c9de87ed94906af0a928ddc2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"93422-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
jquery.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"89493-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
jquery-plugins.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/ 		261 KB
262 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
52d03b5ea1d204f7e6917075ecbb1c562f2fbe9029fe95c4bd25a70eddde2728
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"267239-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=99
Expires
Sat, 07 Sep 2024 13:10:24 GMT
core.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		37 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
60a0e7bcf2f261816807201bb2a09522f62c399293cdf4b0b6443a42f6228c8b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"37785-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=99
Expires
Sat, 07 Sep 2024 13:10:24 GMT
components.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		420 KB
421 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
a73d718ded1e36a2b0330ee5c0b5806ae9da6306c406149ef0d4d7d0db1670ba
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"430302-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
hotkey.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617df
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Connection
Keep-Alive
Content-Length
2266
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"2266-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
Image
secmail.bankofamerica.com/securereader/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secmail.bankofamerica.com/securereader/Image?i=6
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
23c899294ee7f44d81bcd666bf1032719f3b0071ceca7a084f9bbe6e2427ca72
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-UA-Compatible
IE=edge
Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Server
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
10879
X-XSS-Protection
1; mode=block
Expires
Thu, 08 Aug 2024 13:10:24 GMT
jsf.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		46 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces
Requested by
Host: secmail-boa.glitch.me
URL: https://secmail-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
a1d563139c7afa362c35519099d7018c09a72c05952cae3ca5ed3c277c5554f2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Thu, 08 Aug 2024 13:10:24 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:14 GMT
Server
ETag
W/"47334-1707839114000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Sat, 07 Sep 2024 13:10:24 GMT
sourcesanspro-regular.ttf.woff
secmail.bankofamerica.com/securereader/fonts/ 		0
0
pp.png
linkgrid.xyz/bab/img/ 		7 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://linkgrid.xyz/bab/img/pp.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.116.86 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server86-4.web-hosting.com
Software
LiteSpeed /
Resource Hash
6f5d99beeedafef5cc7157a5e3d01794dd08cec30ff356d63fe189e922b6119c

Request headers

Referer
https://secmail-boa.shared01.workers.dev/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Thu, 08 Aug 2024 13:10:26 GMT
last-modified
Fri, 02 Aug 2024 20:45:55 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
7011
expires
Thu, 15 Aug 2024 13:10:26 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secmail.bankofamerica.com
URL
https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| autosize function| PF object| PrimeFaces function| Class object| pfptTimeout function| setTimeoutTimer function| timeoutCallback function| dialogTimeoutCallback function| setTimeoutMessageInterval function| updateTimeoutMessageTime function| showTimeoutModal function| endSession function| redirectToTimeoutPage function| continueSession function| closeTimeoutModal function| clearTimeoutTimers function| resetTimeoutTimer function| keepFocusInModal function| setLinkDisable function| setLinkEnable function| throttleResend function| delayedRestore function| enableLink object| jsf object| mojarra function| _0x122ea3 function| _0x37d7f7 function| _0x54e900 function| _0x6b7a7a function| _0x4efa89 function| _0x40d3 function| _0x579776 function| _0x2b0c

0 Cookies

12 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://secmail-boa.shared01.workers.dev/#undefined
Message:
Access to font at 'https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff' from origin 'https://secmail-boa.shared01.workers.dev' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff
Message:
Failed to load resource: net::ERR_FAILED