bsc.ph - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 5 HTTP transactions. The main IP is 38.123.253.106, located in Oklahoma City, United States and belongs to COGENT-174 - Cogent Communications, US. The main domain is bsc.ph.

This is the only time bsc.ph was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
5	38.123.253.106 38.123.253.106		174 (COGENT-174) (COGENT-174 - Cogent Communications)
5	1

5 38.123.253.106 (Oklahoma City, United States)

ASN174 (COGENT-174 - Cogent Communications, US)
PTR: host218.kvchosting.com

bsc.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	bsc.ph bsc.ph	120 KB
5	1

	Domain	Requested by
5	bsc.ph	bsc.ph
5	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e
Frame ID: 5902.1
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

120 kB
Transfer

134 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request challengevdl.php Show response
bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/ 13 KB
2 KB 323ms
185ms Document
text/html 38.123.253.106
Cogent Communicat...

General

Check archive.org

Show headers Download Go to

Full URL

http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e

Protocol

HTTP/1.1

Server

38.123.253.106 Oklahoma City, United States, ASN174 (COGENT-174 - Cogent Communications, US),

Reverse DNS

host218.kvchosting.com

Software

nginx / PHP/5.6.28

Resource Hash

514a35757d4c2cf01cb73259d9855b917b59d87792acb479b3868fa1a8fda343

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 04 Aug 2017 22:55:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
X-Powered-By: PHP/5.6.28
Vary: Accept-Encoding
X-Nginx-Cache-Status: EXPIRED
Transfer-Encoding: chunked
X-Server-Powered-By: Engintron
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK style1.css
bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/ 3 KB
987 B 139ms
138ms Stylesheet
text/css 38.123.253.106
Cogent Communicat...

General

Check archive.org

Show headers Download Go to

Full URL

http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/style1.css

Requested by

Host: bsc.ph
URL: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e

Protocol

HTTP/1.1

Server

38.123.253.106 Oklahoma City, United States, ASN174 (COGENT-174 - Cogent Communications, US),

Reverse DNS

host218.kvchosting.com

Software

nginx /

Resource Hash

94f243198ac37ef309f89bf03a8faf0c93c1c5a45a39f46c1ca7491306b0ac68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Date: Fri, 04 Aug 2017 22:55:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
X-Nginx-Cache-Status: REVALIDATED
X-Server-Powered-By: Engintron
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Pragma: public
Last-Modified: Sat, 06 Feb 2016 19:37:06 GMT
Server: nginx
ETag: W/"17388c2-d57-52b1f17c01c80"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Expires: Sun, 03 Sep 2017 22:55:09 GMT

GET
H/1.1 200
OK new%20header.png
bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/ 104 KB
104 KB 276ms
139ms Image
image/png 38.123.253.106
Cogent Communicat...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/new%20header.png

Requested by

Host: bsc.ph
URL: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e

Protocol

HTTP/1.1

Server

38.123.253.106 Oklahoma City, United States, ASN174 (COGENT-174 - Cogent Communications, US),

Reverse DNS

host218.kvchosting.com

Software

nginx /

Resource Hash

1dbaa336651d898b99626cd80ec5f2ca9b0971429d6e0d9c20bead1322c362c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Fri, 04 Aug 2017 22:55:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 06 Feb 2016 19:37:04 GMT
Server: nginx
ETag: "17388bd-1a18f-52b1f17a19800"
X-Nginx-Cache-Status: MISS
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 106895
X-XSS-Protection: 1; mode=block
Expires: Tue, 03 Oct 2017 22:55:10 GMT

GET
H/1.1 200
OK confirm.png
bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/ 2 KB
2 KB 139ms
139ms Image
image/png 38.123.253.106
Cogent Communicat...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/confirm.png

Requested by

Host: bsc.ph
URL: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e

Protocol

HTTP/1.1

Server

38.123.253.106 Oklahoma City, United States, ASN174 (COGENT-174 - Cogent Communications, US),

Reverse DNS

host218.kvchosting.com

Software

nginx /

Resource Hash

3bd5ac9684632300424ca98cbe5c5ee9af57d20ba97ced23899daf5ea9bd6685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Fri, 04 Aug 2017 22:55:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 06 Feb 2016 19:37:04 GMT
Server: nginx
ETag: "17388b5-86a-52b1f17a19800"
X-Nginx-Cache-Status: MISS
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 2154
X-XSS-Protection: 1; mode=block
Expires: Tue, 03 Oct 2017 22:55:10 GMT

GET
H/1.1 200
OK footer.png
bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/ 11 KB
11 KB 278ms
139ms Image
image/png 38.123.253.106
Cogent Communicat...

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/images/footer.png

Requested by

Host: bsc.ph
URL: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e

Protocol

HTTP/1.1

Server

38.123.253.106 Oklahoma City, United States, ASN174 (COGENT-174 - Cogent Communications, US),

Reverse DNS

host218.kvchosting.com

Software

nginx /

Resource Hash

28b7d265d56813fc5fbe7201db185a3eb4ddfcca697b34775338e2ede6e426ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: http://bsc.ph/wp-content/uploads/2017/07/bofa/bankofamerica.securemail.online/bankofamerica.securemail.online/bankofamerica.securemail.online/bofa.zip%202017/bofa/bnd/challengevdl.php?tm&aof=1627c6991373daa0f2121babc8683d86&challengesession=5cf94d95f0640e416bdd2f80926b72f7a8b30c8e
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/59.0.3071.115 Safari/537.36

Response headers

Pragma: public
Date: Fri, 04 Aug 2017 22:55:10 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 06 Feb 2016 19:37:04 GMT
Server: nginx
ETag: "17388b8-2a96-52b1f17a19800"
X-Nginx-Cache-Status: MISS
Cache-Control: max-age=5184000
X-Server-Powered-By: Engintron
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 10902
X-XSS-Protection: 1; mode=block
Expires: Tue, 03 Oct 2017 22:55:10 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bsc.ph
38.123.253.106
1dbaa336651d898b99626cd80ec5f2ca9b0971429d6e0d9c20bead1322c362c7
28b7d265d56813fc5fbe7201db185a3eb4ddfcca697b34775338e2ede6e426ca
3bd5ac9684632300424ca98cbe5c5ee9af57d20ba97ced23899daf5ea9bd6685
514a35757d4c2cf01cb73259d9855b917b59d87792acb479b3868fa1a8fda343
94f243198ac37ef309f89bf03a8faf0c93c1c5a45a39f46c1ca7491306b0ac68

bsc.ph Open in urlscan Pro 38.123.253.106 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

5 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

120 kBTransfer

134 kBSize

0 Cookies

0 Outgoing links

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Security Headers

Indicators

bsc.ph Open in urlscan Pro
38.123.253.106 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

120 kB
Transfer

134 kB
Size

0
Cookies

5 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!