pt.levonatravel.com Open in urlscan Pro
2606:4700:3033::ac43:cf37 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF=
Submission: On November 15 via automatic, source openphish (November 15th 2022, 1:02:14 am UTC) — Scanned from DE

Summary HTTP 16 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2606:4700:3033::ac43:cf37, located in United States and belongs to CLOUDFLARENET, US. The main domain is pt.levonatravel.com.
TLS certificate: Issued by E1 on October 14th 2022. Valid for: 3 months.

This is the only time pt.levonatravel.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
16	2606:4700:303... 2606:4700:3033::ac43:cf37		13335 (CLOUDFLAR...) (CLOUDFLARENET)
16	1

16 2606:4700:3033::ac43:cf37 (United States)

ASN13335 (CLOUDFLARENET, US)

pt.levonatravel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	levonatravel.com pt.levonatravel.com	529 KB
16	1

	Domain	Requested by
16	pt.levonatravel.com	pt.levonatravel.com
16	1

This site contains links to these domains. Also see Links.

Domain
secure.bankofamerica.com
www.bankofamerica.com

Subject Issuer	Validity	Valid
*.levonatravel.com E1	`2022-10-14` - `2023-01-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF=
Frame ID: F5455D579A3C0C5D19F2677C1D4F0F9F
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

529 kB
Transfer

1027 kB
Size

0
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.bankofamerica.com/login/languageToggle.go?request_locale=es_US
Title: En español

Search URL Search Domain Scan URL

URL: https://secure.bankofamerica.com/login/reset/entry/forgotIDPwdScreen.go
Title: Forgot your Password?

Search URL Search Domain Scan URL

URL: https://secure.bankofamerica.com/login/sign-in/%7BstoreLink%7D
Title: {storeLinkText}

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/online-banking/mobile-banking-apps.go
Title: Learn about your Banking by Phone options ��

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/customer-service/contact-us/bank-of-america-login-issues/
Title: Problem logging in?

Search URL Search Domain Scan URL

URL: https://secure.bankofamerica.com/login/enroll/entry/olbEnroll.go?reason=model_enroll
Title: Enroll now for online Banking

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/onlinebanking/learning-center.go
Title: Learn more about Online Banking

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/online-banking/service-agreement.go
Title: Service Agreement

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/privacy-overview/
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/security-center/overview/
Title: Security

Search URL Search Domain Scan URL

URL: https://www.bankofamerica.com/help/equalhousing-popup/
Title: Equal Housing Lender

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request login.php Show response pt.levonatravel.com/wp-admin/maint/BoaT/web/	26 KB 6 KB	120ms 73ms	Document text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2c08ce5b7ce910949b5f333e2950349d2062920a83d91dd65085bc694a346c6f` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 76a40f3e9c4e92c9-FRA content-encoding br content-type text/html; charset=UTF-8 date Tue, 15 Nov 2022 01:02:07 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CjuEc%2ByM4bJ7gGyM5tJ0xaKLyCBNhVLiGk6wW3so9Y00jRkkuEyfcs0ILzq%2Fs40lz8x7akKNL8ApRaNlARXSZPCbRi7WnwEFlMlnBTtm7XLGa7M6CwGTVLCqIIvI%2Br9M%2FP8rIYgwIeYFjWzgUDqVesFC"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	vipaa-v4-jawr.css pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/	541 KB 70 KB	135ms 134ms	Stylesheet text/css	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `f26f8a5893922c691ded7869a70c3adbd5d99edc14beee31a813e1506b7a23ee` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 14 Nov 2022 16:56:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63727324-87215" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A5Elvzz0qLzDz20R7AAwsjamn%2F5w4NMuv9HpjRPPNL3aRbA7n2lgczwYyA4kNSHo3prTpMjUtOAGQ1ykA10OM7SiL8GlZS2yOm1AWZ7ia2HmUcRVy2rE%2B2aZbqLgKYEGhMPfaG7ogcI7wLav%2BjT2Dbe5"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=2592000 cf-ray 76a40f3f0d0792c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	BofA_rgb.png pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/	38 KB 39 KB	94ms 94ms	Image image/png	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/BofA_rgb.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:07 GMT cf-cache-status MISS last-modified Mon, 14 Nov 2022 16:56:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "63727324-99fe" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o9MOO6dawGQwmSGfC%2BYERf%2F8agGOXn0CsjSWNFVngr9LYlsvdPvGjgzXxAUNtdRiInuTjqvg%2BVXAwwwu%2BatHkn%2Fw9eJloQuVx6eH9VR465teqTtIYNNQE%2Fh3Vaz2VAzc6cj8%2FqWI40bjjFGx4Ogr%2FHDu"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 76a40f3f0d0992c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 39422
GET H2	404	locktop.png pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/	49 KB 49 KB	2051ms 2050ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/locktop.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEOo8xwCf73QFS6GAPPhX%2BV9rWOr4c0cftCzIPSTUydVj4HfIj0JE%2FT%2B0oK%2BV%2B4uZieuf8B0j7%2BJw5r%2F4CcLDbKGgW0au4wvo3yOYfC07pDOU%2FMBMvqL%2FZ7lpfsJvajvj2vf4Ax%2F5%2FAWTrSYZo7hoRVW"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f3f2d2f92c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	mobile_llama.png pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/	19 KB 19 KB	84ms 83ms	Image image/png	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/mobile_llama.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:07 GMT cf-cache-status MISS last-modified Mon, 14 Nov 2022 16:56:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "63727324-4adf" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFmUWzGNKaQwOKL8X2UKpjz8C210PTkOQ2hqYfvbD3eEBWMOIUM3ELyGKeved%2BHX2SiplT2C%2Fyq9pzCSHr0V9R1igHa%2FpcRacJG1YPXCJ2k7F9lC4uouTFf3Oi%2FdxNyR0%2BfxuZ08O%2B5cAQTVbtwze2c0"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 76a40f3f2d3192c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 19167
GET H2	200	3.png pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/	612 B 909 B	93ms 93ms	Image image/png	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/3.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4a21555e806c6a7b33c08d737f9f338dada9775decdf436e3ce0e726fc441ba5` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:07 GMT cf-cache-status MISS last-modified Mon, 14 Nov 2022 16:56:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "63727324-264" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KQxc9JlsrWWZngiBHkId2nc2aVK1sVaB8kopgjJ1NjGYghAC2o76JKLeN0pgsB1sIuR6%2Bb9im%2Biq1jKTs3VsrBKJYrUs86uNlFof5YUl20NGQ5fGqd1mIFaW%2Fit0AiqrTNA%2FtzzdvP4R2oj56d1TkE1A"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control public, max-age=2592000 accept-ranges bytes cf-ray 76a40f3f2d3292c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 612
GET H2	404	house.png pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/	49 KB 49 KB	2024ms 2023ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/house.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FXS%2B69tIZso8So8oPlt%2B84OaPBvjJI4q2fg46Cao%2B79o2vXUZRhOi4cRkUqgA%2FvZp6usjSQMMV0pN3DWINy7mLFSOb7DbP0ddZMlGRzB4zXHw2%2BXAiS6n4nvvMBIG8bWkiNRH%2BqfLBhhGrOvOgSypjcK"}],"group":"cf-nel","max_age":604800} content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f3f2d3592c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	vipaa-v4-jawr-print.css pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/	10 KB 1 KB	67ms 66ms	Stylesheet text/css	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr-print.css Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:07 GMT content-encoding br cf-cache-status MISS last-modified Mon, 14 Nov 2022 16:56:04 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"63727324-26e1" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4FN%2BqdZyQC4Q9quPZLe10zHWZ94RtcSGbhnBEDcPHQOQ6aOirHUr%2BMdOVLen%2FQbk3ttCMNXaL8vc6%2BksnvQQNCT%2F1SKR5tf9gjC9FkoHwg%2Bd3reQrkQFxfYoT2ZTR%2F23TXkAjhdKvi22jIpvGLYxuTd"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=2592000 cf-ray 76a40f3f2d3692c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	404	aps-mobile-products-icon-sprite-dev.png pt.levonatravel.com/content/images/ContextualSiteGraphics/Instructional/en_US/	49 KB 49 KB	1951ms 1950ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/content/images/ContextualSiteGraphics/Instructional/en_US/aps-mobile-products-icon-sprite-dev.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t6FC0nEUhiXoT%2FGPf7VnI4dCHBkPG%2BQ%2FbH9GevrXQ%2FNb574CdOrvsd6HXESL1JRmP1MJtPDEdmlBIeh2%2FnK3b0qKhs4LpSfXJxLQAzJPqMO5GlimyGy1KNyUJnbSQb%2BebGi4gkbqwc%2F3hxgVrOOla%2Bpf"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f3f4d5192c9-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	fsd-secure-esp-sprite.png pt.levonatravel.com/pa/components/modules/header-module/2.8/graphic/	49 KB 49 KB	2267ms 2267ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nhwe5g5JNTieCyR6AY13alJ6tOv3veUHAqG3KU5UA9cuCOqlXSFzOQT78LNphiPSWK51lEkrZgA%2F%2FqNE9ilxuneCAkZI8kRaR2Rc%2FW%2BMOLudGzsiN5%2BHX5ZBtIVRDEz5leiY81nvkzEhmZuwOi9EgIzh"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400b9f996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	cnx-regular.woff pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/	0 0	2171ms 2170ms	Font text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Origin https://pt.levonatravel.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yIjIQXjQscjXmFKPAY9iuHf2SqJbSGGKcR4zGA0q8HMJmnr76Ac%2BubiPQcUMtiHkdyR9NcbLBT37dEeNNlOPOICrvrCDwFH9KXwUTzIUOEaZdAFTL40TI3W3FvPKpR9pEjME8b8G74GYDMcfNR2jzbwn"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400ba1996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	help-qm-fsd.png pt.levonatravel.com/pa/global-assets/1.0/graphic/	49 KB 49 KB	2146ms 2146ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/pa/global-assets/1.0/graphic/help-qm-fsd.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dQhV2n%2B5xzKNQupPivyu3pJLswNWo9U1zH8OSGY2jqT8c1GsPUQ9VA0a%2BL9ChfjcndDxb1Hvl7ZIq%2BiC18FhUtbH2ENfJQu54zunJrlgsTutsGW2wlqlvpyEe1ESuC85G6c8%2Bmd9x6vlfjRHFEsf%2FfOn"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400ba2996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	sign-in-sprite.png pt.levonatravel.com/pa/global-assets/1.0/graphic/	49 KB 49 KB	2035ms 2035ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/pa/global-assets/1.0/graphic/sign-in-sprite.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oScbg8rV57d4ehbI9VjRvTwpaHGh0WNL68H9MVU9bEcbI57GXBnZhX4klQT2tQ%2FaWnU4LHdGsUAXCvdzI%2BCV1%2Fz8y7PY64ux2xNpjvb%2FrC8XpkTpVeRZzWW6RoNstX5A%2BZM5%2FQn%2BvMteLEoFPgFAMmKw"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400ba4996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	gfootb-static-sprite.png pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/	49 KB 49 KB	2094ms 2093ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kN427I%2Fy4xjH3Ym9WPxv8me0qGK1bVyS3pRgAAanO70Dy5URJI373bpS4AEAmh4NNEFt2QX6kk4tVXxIjvPbas0U4rEqW8B0dmcLepqp%2BlCNTDh6nACJ0VwFIGITtMQNcW05O0yoyRJ84BBwejehOFah"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400ba5996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	gfoot-home-icon.png pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/	49 KB 49 KB	2238ms 2238ms	Image text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0` Request headers accept-language de-DE,de;q=0.9 Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/css/vipaa-v4-jawr.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:09 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PeElCYgghDVrhHNnMj%2B3gBUGid%2B8fPP2KpbEjWhSzpkiiVCXdTuDKzFmiGVRR0l%2Fqa5VjKJlTcq6m2DW%2FwQe0GrWg9P49ra1sUbYi1XheE8liE0j33dNHYtYtBRiA0rLiF08uQibZTnSLua%2BGgqXbhcH"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f400ba8996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	cnx-regular.ttf pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/	0 0	925ms 925ms	Font text/html	2606:4700:3033::ac43:cf37 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf Requested by Host: pt.levonatravel.com URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3033::ac43:cf37 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://pt.levonatravel.com/wp-admin/maint/BoaT/web/login.php?web/auth/LogIn?/BoaF= Origin https://pt.levonatravel.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36 Response headers date Tue, 15 Nov 2022 01:02:10 GMT content-encoding br cf-cache-status EXPIRED nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fTi7HNUDtSFkxQbpqukLT95DrB4PLUg6arRSjPoZi54D%2Bv4x8768LW8DwyxqwMUVB6Do2YWB2yoBnWI1bWzBX4STrq%2BCvTKM4c4Lc9xb7Xp3PjyPp8zP8XxsmKEaYeEKFveviT22%2BIDoAMhf4EsmIx1q"}],"group":"cf-nel","max_age":604800} x-cache MISS content-type text/html;charset=utf-8 cache-control max-age=14400 cf-ray 76a40f4d9993996c-FRA alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pt.levonatravel.com/content/images/ContextualSiteGraphics/Instructional/en_US/aps-mobile-products-icon-sprite-dev.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/house.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/wp-admin/maint/BoaT/web/assets/img/locktop.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/global-assets/1.0/graphic/sign-in-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/gfootb-static-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/global-assets/1.0/graphic/help-qm-fsd.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/components/modules/global-footer-module/2.5/graphic/gfoot-home-icon.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/components/modules/header-module/2.8/graphic/fsd-secure-esp-sprite.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://pt.levonatravel.com/pa/global-assets/1.0/font/cnx-regular/cnx-regular.ttf Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

pt.levonatravel.com
2606:4700:3033::ac43:cf37
2c08ce5b7ce910949b5f333e2950349d2062920a83d91dd65085bc694a346c6f
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
4a21555e806c6a7b33c08d737f9f338dada9775decdf436e3ce0e726fc441ba5
5c1906e72cc8e2e712fa4a3f3d3408a52685dfd0679a5bb97681ca97ea601fc0
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
f26f8a5893922c691ded7869a70c3adbd5d99edc14beee31a813e1506b7a23ee

pt.levonatravel.com Open in urlscan Pro 2606:4700:3033::ac43:cf37 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

529 kBTransfer

1027 kBSize

0 Cookies

11 Outgoing links

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

10 Console Messages

Indicators

pt.levonatravel.com Open in urlscan Pro
2606:4700:3033::ac43:cf37 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

529 kB
Transfer

1027 kB
Size

0
Cookies

16 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!