landingst.wpengine.com Open in urlscan Pro
35.196.26.136  Malicious Activity! Public Scan

URL: http://landingst.wpengine.com/bofa-test-landing-page/
Submission: On August 22 via automatic, source openphish — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 35.196.26.136, located in North Charleston, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is landingst.wpengine.com.
This is the only time landingst.wpengine.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
1 15 35.196.26.136 396982 (GOOGLE-CL...)
5 2606:4700::68... 13335 (CLOUDFLAR...)
19 2
Apex Domain
Subdomains
Transfer
15 wpengine.com
landingst.wpengine.com
207 KB
5 virginpulse.com
file.virginpulse.com — Cisco Umbrella Rank: 84607
695 KB
19 2
Domain Requested by
15 landingst.wpengine.com 1 redirects landingst.wpengine.com
5 file.virginpulse.com landingst.wpengine.com
19 2

This site contains links to these domains. Also see Links.

Domain
app.member.virginpulse.com
enroll.virginpulse.com
support.mywellnessresources.com
Subject Issuer Validity Valid
member.virginpulse.com
DigiCert SHA2 Secure Server CA
2022-12-05 -
2023-12-04
a year crt.sh

This page contains 1 frames:

Primary Page: http://landingst.wpengine.com/bofa-test-landing-page/
Frame ID: 8501D4709402EA5573AE826BA1E276F3
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

MyWellness - Landing Page Test

Page URL History Show full URLs

  1. http://landingst.wpengine.com/bofa-test-landing-page HTTP 301
    http://landingst.wpengine.com/bofa-test-landing-page/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

26 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

902 kB
Transfer

1212 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://landingst.wpengine.com/bofa-test-landing-page HTTP 301
    http://landingst.wpengine.com/bofa-test-landing-page/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
landingst.wpengine.com/bofa-test-landing-page/
Redirect Chain
  • http://landingst.wpengine.com/bofa-test-landing-page
  • http://landingst.wpengine.com/bofa-test-landing-page/
10 KB
4 KB
Document
General
Full URL
http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
f3e8833b989e30d3b091afec83d2e6b7f72635c63936e17d327435ee7c4e061a
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';script-src-elem 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';style-src-elem 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;img-src * 'self' data: https:;
Strict-Transport-Security includeSubdomains; preload; max-age=63072000;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=600, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self';script-src 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';script-src-elem 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';style-src-elem 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;img-src * 'self' data: https:;
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Aug 2023 08:17:34 GMT
Keep-Alive
timeout=20
Link
<https://landingst.wpengine.com/?p=454>; rel=shortlink
Server
nginx
Strict-Transport-Security
includeSubdomains; preload; max-age=63072000;
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
X-Cache
HIT: 5
X-Cache-Group
normal
X-Cacheable
SHORT
X-WPE-Request-ID
5a2c4c34ccdbe2978dc86383cb22d524
x-powered-by
WP Engine

Redirect headers

Cache-Control
max-age=600, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Tue, 22 Aug 2023 08:17:33 GMT
Keep-Alive
timeout=20
Location
http://landingst.wpengine.com/bofa-test-landing-page/
Server
nginx
Strict-Transport-Security
includeSubdomains; preload; max-age=63072000;
X-Cache
HIT: 7
X-Cache-Group
normal
X-Cacheable
non200
X-Redirect-By
WordPress
X-WPE-Request-ID
d512b9409f3e12e32ee518223f36a6c3
x-powered-by
WP Engine
jquery-1.11.1.min.js
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/
94 KB
33 KB
Script
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/jquery-1.11.1.min.js
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-1762a"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-WPE-Request-ID
89a58f7a1d6d65cc71c77a02702fade0
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
MyWellnessLandingPageTest.js
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/
363 B
665 B
Script
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/MyWellnessLandingPageTest.js
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
29bfb6629dc9eb56bcb6c99c09f9544c95cf98ed0ceacc80d119fad11b8f2199

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 11 Aug 2023 10:07:16 GMT
Server
nginx
ETag
W/"64d60854-16b"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-WPE-Request-ID
a022d9ebf3d0a529f2ffcb0485636af0
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
bootstrap.min.css
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/
138 KB
21 KB
Stylesheet
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/bootstrap.min.css
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
31df1e69ea3aece8a8bae5c08bcb7f5e977cb76f886897b301355359b66a48ec

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-22682"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
text/css
X-WPE-Request-ID
f5f0a2cc5f684c09154972e4f755b684
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
font_awesome.css
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/
46 KB
10 KB
Stylesheet
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/font_awesome.css
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
8891a160f8a2afb81de5259f9f68e5af3782348ea2927ad9e969bc88c7d39984

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-b752"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
text/css
X-WPE-Request-ID
2b9bb5205801b293b7e554e6d90d029f
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
MyWellnessLandingPageTest.css
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/
47 KB
6 KB
Stylesheet
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
a80fb032e98ea1dc965aef77ae04d37d5119fbbcc2c2b676af36736c1d8defc2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-bc87"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
text/css
X-WPE-Request-ID
f7153a536d659fc3a0e5b18806b5c282
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
MyWellnessLandingPageTestMain.css
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/
8 KB
2 KB
Stylesheet
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTestMain.css
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
89bd383b8a393e6bf45d5e65d1db9b956a96af1c81a6d47de78c636fc4b93195

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-2060"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
text/css
X-WPE-Request-ID
4d02f4d45fb2655b9c1803f7df9774f1
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
8T4onPXoTRSdutypCXbM
file.virginpulse.com/api/file/
38 KB
39 KB
Image
General
Full URL
https://file.virginpulse.com/api/file/8T4onPXoTRSdutypCXbM
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:d615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Tue, 22 Aug 2023 08:17:34 GMT
via
1.1 varnish, 1.1 varnish, 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
340854
x-cache
Hit from cloudfront
content-disposition
inline; filename="bofaLogoMobile_v2.png"
content-length
39422
x-served-by
cache-iad-kjyo7100069-IAD, cache-fra-etou8220066-FRA
last-modified
Fri, 18 Aug 2023 09:36:40 GMT
server
cloudflare
x-timer
S1692352839.592985,VS0,VE89
etag
"49bc9262c4a31f1ee2ca2dd5e1dc8588"
x-file-name
bofaLogoMobile_v2.png
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1692351400-scROPRpPQj
accept-ranges
bytes
cf-ray
7fa9ae20a9053679-FRA
access-control-allow-headers
Content-Type, X-No-Stream
x-amz-cf-id
6sKg_-0TEbe2WXj6fJTIK0bM5sUhA9b4lRiq_4X5l5_2vQGeUYROvA==
x-cache-hits
1, 0
vplogo.svg
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/images/
6 KB
3 KB
Image
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/images/vplogo.svg
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
c79bca43366afd3cd4a2d29b9c60f24296b21dd03a3e60ec82510a31376ae4ca

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-192b"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
image/svg+xml
X-WPE-Request-ID
3f061f650ab330220c1eba326a3c72ba
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
UDGg9V3FQbSortmkuCi5
file.virginpulse.com/api/file/
2 KB
3 KB
Image
General
Full URL
https://file.virginpulse.com/api/file/UDGg9V3FQbSortmkuCi5
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:d615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
01af9483640011690a6765137ab76b11e13f10fb09c397decb3f5fc566598cd4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Tue, 22 Aug 2023 08:17:34 GMT
via
1.1 varnish, 1.1 varnish, 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
1550337
x-cache
Hit from cloudfront
content-disposition
inline; filename="faq_icon.png"
content-length
2017
x-served-by
cache-iad-kjyo7100133-IAD, cache-fra-etou8220059-FRA
last-modified
Fri, 04 Aug 2023 09:38:36 GMT
server
cloudflare
x-timer
S1691142975.006626,VS0,VE87
etag
"03dca9508cdfa2a37b898cb5d242eace"
x-file-name
faq_icon.png
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1691141916-mz9gQgXT26
accept-ranges
bytes
cf-ray
7fa9ae20a9073679-FRA
access-control-allow-headers
Content-Type, X-No-Stream
x-amz-cf-id
HMuph1IXSmD3s8q4guM_EztT-u_Jqec5oM3GasRG5yWjzIEReAuDDw==
x-cache-hits
1, 0
popper.min.js
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/
20 KB
8 KB
Script
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/popper.min.js
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
f7cbc01a310318defd4e31e4616543e2cf3baef5a47562c73ece4c0b716f157e

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-4f71"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-WPE-Request-ID
85eb71aeef7e1120ffb7cf1234630263
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
bootstrap.min.js
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/
50 KB
14 KB
Script
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/js/bootstrap.min.js
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/bofa-test-landing-page/
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
c5a17d46976d471cf060c5a0e25749a323d6ab20cf0910f40afed81047ba21ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/bofa-test-landing-page/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
W/"64ccca93-c62b"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
application/javascript
X-WPE-Request-ID
00a7c4823d850a823c418377b3d2ea76
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
sFWQiaS5R2OBw4GPp0FF
file.virginpulse.com/api/file/
637 KB
638 KB
Image
General
Full URL
https://file.virginpulse.com/api/file/sFWQiaS5R2OBw4GPp0FF
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:d615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9515879203b02be14bfe0489659aa94689be2d1afe845edd72e478fcfd02e4d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Tue, 22 Aug 2023 08:17:34 GMT
via
1.1 varnish, 1.1 varnish, 1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
1553272
x-cache
Hit from cloudfront
content-disposition
inline; filename="bofaNewBackground.jpeg"
content-length
652134
x-served-by
cache-iad-kiad7000176-IAD, cache-fra-etou8220107-FRA
last-modified
Fri, 04 Aug 2023 08:49:41 GMT
server
cloudflare
x-timer
S1691142975.990101,VS0,VE206
etag
"ad547e7ed5f2b4340c4601afc36c62dc"
x-file-name
bofaNewBackground.jpeg
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1691138982-pcPeS38fRK
accept-ranges
bytes
cf-ray
7fa9ae20a90b3679-FRA
access-control-allow-headers
Content-Type, X-No-Stream
x-amz-cf-id
0tUpcEEh3t9hQyQSZPUrFB6K7oYGJeISY9roolAX9A2OjNXAVQsDIQ==
x-cache-hits
1, 0
sY192fTCScqvumVcgCU9
file.virginpulse.com/api/file/
6 KB
7 KB
Image
General
Full URL
https://file.virginpulse.com/api/file/sY192fTCScqvumVcgCU9
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:d615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fbd21036cac49160f608b63831bb0e1cec9b75dfaab1243daab5b7894543421

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Tue, 22 Aug 2023 08:17:34 GMT
via
1.1 varnish, 1.1 varnish, 1.1 86b463b2b2449ea5ba66d271a3c29922.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
1550734
x-cache
Hit from cloudfront
content-disposition
inline; filename="employee.png"
content-length
6298
x-served-by
cache-iad-kiad7000048-IAD, cache-fra-eddf8230132-FRA
last-modified
Fri, 04 Aug 2023 09:31:59 GMT
server
cloudflare
x-timer
S1691142975.972471,VS0,VE91
etag
"da6d669d0747659a1719a0a5f5de62ea"
x-file-name
employee.png
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1691141519-dkMGobYoRR
accept-ranges
bytes
cf-ray
7fa9ae20a90a3679-FRA
access-control-allow-headers
Content-Type, X-No-Stream
x-amz-cf-id
YOrtX51QsHGD70ec0XY6_rbhPr95uEBIqE8-_txnGmUboXfL20sSGg==
x-cache-hits
1, 0
ZfSQZJK9RTKcbcbJWQrh
file.virginpulse.com/api/file/
7 KB
8 KB
Image
General
Full URL
https://file.virginpulse.com/api/file/ZfSQZJK9RTKcbcbJWQrh
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:d615 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5eef61b3175527429f2421b3e782f3794507ffa5c54ad2ee0cce3054b3cec2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://landingst.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

date
Tue, 22 Aug 2023 08:17:34 GMT
via
1.1 varnish, 1.1 varnish, 1.1 099a327961f82798658bf21aa210d4a0.cloudfront.net (CloudFront)
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P7
age
1550558
x-cache
Hit from cloudfront
content-disposition
inline; filename="spouse.png"
content-length
7651
x-served-by
cache-iad-kcgs7200023-IAD, cache-fra-etou8220043-FRA
last-modified
Fri, 04 Aug 2023 09:34:55 GMT
server
cloudflare
x-timer
S1691142975.989306,VS0,VE88
etag
"dfa109aa0ba06b87134246f396812eb8"
x-file-name
spouse.png
access-control-max-age
21600
access-control-allow-methods
DELETE, GET, HEAD, POST, PUT
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
X-File-Name
cache-control
public, max-age=2678400
filestack-trace-id
1691141696-41y8ncMR6C
accept-ranges
bytes
cf-ray
7fa9ae20a90d3679-FRA
access-control-allow-headers
Content-Type, X-No-Stream
x-amz-cf-id
K-BKR9h0xcOaxy98kWOTrT3Q6-vJaXuH0nwFA9KlCoVk1YAwsIO20A==
x-cache-hits
1, 0
mem8YaGs126MiZpBA-UFVZ0b.woff2
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/
14 KB
14 KB
Font
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/mem8YaGs126MiZpBA-UFVZ0b.woff2
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
3b98b0dc3bed9d40f43e64adba5de47c76895338a96f0a5a314676cd6287eca9

Request headers

Referer
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Origin
http://landingst.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
"64ccca93-36e0"
Vary
Accept-Encoding
Content-Type
font/woff2
X-WPE-Request-ID
3eab012be16421f2e9a8daa5c720c593
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
14048
fa-solid-900.woff2
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/webfonts/
61 KB
61 KB
Font
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/webfonts/fa-solid-900.woff2
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/font_awesome.css
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
5c7df99df232586111917083a85aa31b82ee29e48ca2990e13fae0c0663a923f

Request headers

Referer
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/font_awesome.css
Origin
http://landingst.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Last-Modified
Fri, 04 Aug 2023 09:53:24 GMT
Server
nginx
ETag
"64ccca94-f408"
Vary
Accept-Encoding
Content-Type
font/woff2
X-WPE-Request-ID
7fea2b8b17d6ba4584cb3290775a50ac
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
62472
mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/
14 KB
15 KB
Font
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
482994b911cc3e869aa8ace6d9932d67b68de83ea2885207ce165ff04c38d7bc

Request headers

Referer
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Origin
http://landingst.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
"64ccca93-3980"
Vary
Accept-Encoding
Content-Type
font/woff2
X-WPE-Request-ID
bd1f869cada07dc492761d04a59993ee
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
14720
mem5YaGs126MiZpBA-UNirkOUuhp.woff2
landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/
14 KB
15 KB
Font
General
Full URL
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/fonts/mem5YaGs126MiZpBA-UNirkOUuhp.woff2
Requested by
Host: landingst.wpengine.com
URL: http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Protocol
HTTP/1.1
Server
35.196.26.136 North Charleston, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
136.26.196.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
d61b45b8b3cded238a65ee0aac4043b989f11cee56acfe5c889777f961f241a2

Request headers

Referer
http://landingst.wpengine.com/wp-content/themes/landing/MyWellnessLandingPageTest/css/MyWellnessLandingPageTest.css
Origin
http://landingst.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.96 Safari/537.36

Response headers

Date
Tue, 22 Aug 2023 08:17:34 GMT
Last-Modified
Fri, 04 Aug 2023 09:53:23 GMT
Server
nginx
ETag
"64ccca93-38d0"
Vary
Accept-Encoding
Content-Type
font/woff2
X-WPE-Request-ID
c3f041f41a4233c7924faa63f4a610e5
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Accept-Ranges
bytes
Keep-Alive
timeout=20
Content-Length
14544

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| openEmployeeLink function| openSpouseLink function| openSupportLink function| Popper object| bootstrap object| jQuery111109859306366763039

1 Cookies

Domain/Path Name / Value
.virginpulse.com/ Name: __cf_bm
Value: f1aHtXy0_mlyioLs3d8yqPXoctrcz9fKoiL1c5P.y.M-1692692254-0-AegqCpsMnJI+z5MbnXvUoNviEzW/pNNoBQw1W6iNQT5PmN27/XXEE/CYeN3Ou+dFxYPc2yHy+BrbYMqGt07ad/fyGdHZcyJCgRSTkpKSXOTB

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';script-src-elem 'self' https://js-agent.newrelic.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://stackpath.bootstrapcdn.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://www.googletagmanager.com/ 'unsafe-inline';style-src 'self' https://fonts.googleapis.com/ https://maxcdn.bootstrapcdn.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';style-src-elem 'self' https://maxcdn.bootstrapcdn.com/ https://fonts.googleapis.com/ https://landing.virginpulse.com/ https://stackpath.bootstrapcdn.com/ 'unsafe-inline';font-src 'self' https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ data:;img-src * 'self' data: https:;
Strict-Transport-Security includeSubdomains; preload; max-age=63072000;