urlscan.io logo urlscan.io
SecurityTrails logo

cdn.dragon.cere.network Open in urlscan Pro
23.137.104.144  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secmails-boa.oauth-us.workers.dev/
Effective URL: https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i
Submission: On August 13 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 7 domains to perform 16 HTTP transactions. The main IP is 23.137.104.144, located in Miami, United States and belongs to ADVIN-AS, US. The main domain is cdn.dragon.cere.network.
TLS certificate: Issued by Certera DV SSL CA on December 28th 2023. Valid for: a year.
This is the only time cdn.dragon.cere.network was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic Email (Online)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 54.90.44.119 14618 (AMAZON-AES)
1 23.137.104.144 206216 (ADVIN-AS)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a04:4e42:200... 54113 (FASTLY)
9 148.163.158.107 22843 (PROOFPOIN...)
1 198.54.116.86 22612 (NAMECHEAP...)
16 7
1    2606:4700:3031::6815:5cd7 (United States)

ASN13335 (CLOUDFLARENET, US)
secmails-boa.oauth-us.workers.dev
1    54.90.44.119 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-90-44-119.compute-1.amazonaws.com
secmails-boa.glitch.me
1    23.137.104.144 (Miami, United States)

ASN206216 (ADVIN-AS, US)
cdn.dragon.cere.network
1    2607:f8b0:4004:c17::5f (Washington, United States)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
2    2a04:4e42:200::649 (United States)

ASN54113 (FASTLY, US)
code.jquery.com
9    148.163.158.107 (United States)

ASN22843 (PROOFPOINT-ASN-US-EAST, US)
PTR: mx0b-0000ec08.pphosted.com
secmail.bankofamerica.com
1    198.54.116.86 (United States)

ASN22612 (NAMECHEAP-NET, US)
PTR: server86-4.web-hosting.com
linkgrid.xyz
Apex Domain
Subdomains		 Transfer
9 bankofamerica.com
secmail.bankofamerica.com — Cisco Umbrella Rank: 197810
987 KB
2 jquery.com
code.jquery.com — Cisco Umbrella Rank: 1211
108 KB
1 linkgrid.xyz
linkgrid.xyz
7 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 641
30 KB
1 cere.network
cdn.dragon.cere.network
1 MB
1 glitch.me
secmails-boa.glitch.me
1 KB
1 workers.dev
secmails-boa.oauth-us.workers.dev
461 B
16 7
Domain Requested by
9 secmail.bankofamerica.com secmails-boa.glitch.me
cdn.dragon.cere.network
2 code.jquery.com secmails-boa.glitch.me
1 linkgrid.xyz
1 ajax.googleapis.com secmails-boa.glitch.me
1 cdn.dragon.cere.network secmails-boa.glitch.me
1 secmails-boa.glitch.me
1 secmails-boa.oauth-us.workers.dev 1 redirects
16 7

This site contains no links.

Subject Issuer Validity Valid
glitch.com
Amazon RSA 2048 M03		 2023-12-04 -
2025-01-01		 a year crt.sh
*.dragon.cere.network
Certera DV SSL CA		 2023-12-28 -
2024-12-27		 a year crt.sh
upload.video.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA		 2024-06-25 -
2025-06-25		 a year crt.sh
secmail.bankofamerica.com
Entrust Certification Authority - L1M		 2024-07-09 -
2025-07-16		 a year crt.sh
linkgrid.xyz
Sectigo RSA Domain Validation Secure Server CA		 2024-06-17 -
2025-06-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i
Frame ID: A5BB289C29782EB6F6D0851CF3F10536
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Encrypted Email Login

Page URL History Show full URLs

  1. https://secmails-boa.oauth-us.workers.dev/ HTTP 302
    https://secmails-boa.glitch.me/ Page URL
  2. https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

94 %
HTTPS

43 %
IPv6

7
Domains

7
Subdomains

7
IPs

1
Countries

2535 kB
Transfer

2821 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secmails-boa.oauth-us.workers.dev/ HTTP 302
    https://secmails-boa.glitch.me/ Page URL
  2. https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://secmails-boa.oauth-us.workers.dev/ HTTP 302
  • https://secmails-boa.glitch.me/

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
secmails-boa.glitch.me/
Redirect Chain
  • https://secmails-boa.oauth-us.workers.dev/
  • https://secmails-boa.glitch.me/
839 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secmails-boa.glitch.me/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.90.44.119 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-90-44-119.compute-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
df2afa5be1d4a7c854c9433d5f0a429103578c29772976603c15e10c74fcdced

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-cache
content-length
839
content-type
text/html; charset=utf-8
date
Tue, 13 Aug 2024 10:35:33 GMT
etag
"703c75d7901d849421eb48b033a1757a"
last-modified
Tue, 13 Aug 2024 01:22:57 GMT
server
AmazonS3
x-amz-id-2
Mu5yWelq+n1qtsTLoBROiBq3DEjUAJgFRAoyNvl18cqIN/oaFGe4duYk00T6GKBXp8BsGvTH2odBeSeawemtoj8YGdRpgc2O
x-amz-request-id
BK56TM7EMG26Q8S6
x-amz-server-side-encryption
AES256
x-amz-version-id
Ac7K03eI_FgU_gR1T.kYCotWWyIvlQgq

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-ray
8b280f1a6d400f60-EWR
content-length
0
date
Tue, 13 Aug 2024 10:35:32 GMT
location
https://secmails-boa.glitch.me/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w7PCJ1YWTo9bj5TC9is4TpsCmb5UuF7AyjruarFbzChJ5LboTZZnVuxG5Lv8CNkzzaed5ux8wDksEMdQiXYGlpFXXU8eTMRz%2F38fRWnGqnNR9%2BpcvwcYgmX0xh1SlDCAVGyE2t82opu5jONU5IQN9F3GX8tqZIJjD3ByLJb35o0%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
Primary Request baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i
cdn.dragon.cere.network/280/ 		1 MB
1 MB 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.137.104.144 Miami, United States, ASN206216 (ADVIN-AS, US),
Reverse DNS
Software
nginx/1.25.3 /
Resource Hash
bbae890c4a2890590c812ae714032ea840d232650d374da188c687dbb5b7c51e

Request headers

Referer
https://secmails-boa.glitch.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-type
text/html; charset=utf-8
date
Tue, 13 Aug 2024 10:35:33 GMT
server
nginx/1.25.3
vary
Origin
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c17::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 13 Aug 2024 00:14:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
37278
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 13 Aug 2025 00:14:16 GMT
jquery-3.1.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.1.1.min.js
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 13 Aug 2024 10:35:34 GMT
content-encoding
gzip
via
1.1 varnish
age
956526
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
30070
x-served-by
cache-lga21963-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1723545334.306010,VS0,VE0
etag
W/"28feccc0-152b5"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
18
jquery-3.3.1.js
code.jquery.com/ 		265 KB
79 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.js
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
d8aa24ecc6cecb1a60515bc093f1c9da38a0392612d9ab8ae0f7f36e6eee1fad

Request headers

Referer
https://cdn.dragon.cere.network/
Origin
https://cdn.dragon.cere.network
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date
Tue, 13 Aug 2024 10:35:34 GMT
content-encoding
gzip
via
1.1 varnish
age
1816263
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
80268
x-served-by
cache-lga21955-LGA
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
server
nginx
x-timer
S1723545334.307141,VS0,VE0
etag
W/"28feccc0-42587"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=604800
accept-ranges
bytes
x-cache-hits
13393
theme.css.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		25 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/theme.css.jsf?ln=primefaces-aristo
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
4e4a1edd64e32c55bb71e49fddaf41ee58aad04bdc1570a93a89645cb3c09895
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"24683-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Thu, 12 Sep 2024 10:35:34 GMT
components.css.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		92 KB
92 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.css.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
19846dea837aa2a28869f608db27827473e96713c9de87ed94906af0a928ddc2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"93422-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Thu, 12 Sep 2024 10:35:34 GMT
jquery.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
c4dccdd9ae25b64078e0c73f273de94f8894d5c99e4741645ece29aeefc9c5a4
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"89493-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=99
Expires
Thu, 12 Sep 2024 10:35:34 GMT
jquery-plugins.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/ 		261 KB
262 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
52d03b5ea1d204f7e6917075ecbb1c562f2fbe9029fe95c4bd25a70eddde2728
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"267239-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Thu, 12 Sep 2024 10:35:34 GMT
core.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		37 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
60a0e7bcf2f261816807201bb2a09522f62c399293cdf4b0b6443a42f6228c8b
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"37785-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=99
Expires
Thu, 12 Sep 2024 10:35:34 GMT
components.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		420 KB
421 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
a73d718ded1e36a2b0330ee5c0b5806ae9da6306c406149ef0d4d7d0db1670ba
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"430302-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Thu, 12 Sep 2024 10:35:34 GMT
hotkey.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
aa45349925767e946b92475663269f3388b684612caf430e23e5080c60d617df
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Connection
Keep-Alive
Content-Length
2266
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:12 GMT
Server
ETag
W/"2266-1707839112000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=98
Expires
Thu, 12 Sep 2024 10:35:34 GMT
Image
secmail.bankofamerica.com/securereader/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secmail.bankofamerica.com/securereader/Image?i=6
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
23c899294ee7f44d81bcd666bf1032719f3b0071ceca7a084f9bbe6e2427ca72
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-UA-Compatible
IE=edge
Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Server
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
10879
X-XSS-Protection
1; mode=block
Expires
Tue, 13 Aug 2024 10:35:34 GMT
jsf.js.jsf
secmail.bankofamerica.com/securereader/javax.faces.resource/ 		46 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secmail.bankofamerica.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces
Requested by
Host: secmails-boa.glitch.me
URL: https://secmails-boa.glitch.me/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
148.163.158.107 , United States, ASN22843 (PROOFPOINT-ASN-US-EAST, US),
Reverse DNS
mx0b-0000ec08.pphosted.com
Software
/
Resource Hash
a1d563139c7afa362c35519099d7018c09a72c05952cae3ca5ed3c277c5554f2
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Tue, 13 Aug 2024 10:35:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'self'
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-UA-Compatible
IE=edge
Last-Modified
Tue, 13 Feb 2024 15:45:14 GMT
Server
ETag
W/"47334-1707839114000"
Expect-CT
max-age=86400, enforce
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
max-age=604800, max-age=2592000
Keep-Alive
timeout=5, max=100
Expires
Thu, 12 Sep 2024 10:35:34 GMT
sourcesanspro-regular.ttf.woff
secmail.bankofamerica.com/securereader/fonts/ 		0
0
pp.png
linkgrid.xyz/bab/img/ 		7 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://linkgrid.xyz/bab/img/pp.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
198.54.116.86 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
server86-4.web-hosting.com
Software
LiteSpeed /
Resource Hash
6f5d99beeedafef5cc7157a5e3d01794dd08cec30ff356d63fe189e922b6119c

Request headers

Referer
https://cdn.dragon.cere.network/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 13 Aug 2024 10:35:36 GMT
last-modified
Fri, 02 Aug 2024 20:45:55 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=604800
x-turbo-charged-by
LiteSpeed
accept-ranges
bytes
content-length
7011
expires
Tue, 20 Aug 2024 10:35:36 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secmail.bankofamerica.com
URL
https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic Email (Online)

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| autosize function| PF object| PrimeFaces function| Class object| pfptTimeout function| setTimeoutTimer function| timeoutCallback function| dialogTimeoutCallback function| setTimeoutMessageInterval function| updateTimeoutMessageTime function| showTimeoutModal function| endSession function| redirectToTimeoutPage function| continueSession function| closeTimeoutModal function| clearTimeoutTimers function| resetTimeoutTimer function| keepFocusInModal function| setLinkDisable function| setLinkEnable function| throttleResend function| delayedRestore function| enableLink object| jsf object| mojarra function| _0x122ea3 function| _0x37d7f7 function| _0x54e900 function| _0x6b7a7a function| _0x4efa89 function| _0x40d3 function| _0x579776 function| _0x2b0c

1 Cookies

Domain/Path Name / Value
cdn.dragon.cere.network/280 Name: token
Value:

12 Console Messages

Source Level URL
Text
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.1.1.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.3.1.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jquery/jquery-plugins.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/core.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/components.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/hotkey/hotkey.js.jsf?ln=primefaces&v=7.0.17, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript warning
Message:
A parser-blocking, cross site (i.e. different eTLD+1) script, https://secmail.bankofamerica.com/securereader/javax.faces.resource/jsf.js.jsf?ln=javax.faces, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript error URL: https://cdn.dragon.cere.network/280/baebb4iachiwspc2zyibx3i2vdhpie3r3agvudhzcb2mxfj4cwqpnx4pe6i#undefined
Message:
Access to font at 'https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff' from origin 'https://cdn.dragon.cere.network' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://secmail.bankofamerica.com/securereader/fonts/sourcesanspro-regular.ttf.woff
Message:
Failed to load resource: net::ERR_FAILED