urlscan.io logo urlscan.io
SecurityTrails logo

mob.bofa.com.update.yhb4.us Open in urlscan Pro
191.96.249.97  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mob.bofa.com.update.yhb4.us/
Effective URL: http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
Submission: On December 02 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 3 HTTP transactions. The main IP is 191.96.249.97, located in Moscow, Russian Federation and belongs to ASDMZHOST, NL. The main domain is mob.bofa.com.update.yhb4.us.
This is the only time mob.bofa.com.update.yhb4.us was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

IP Address AS Autonomous System
3 191.96.249.97 64484 (ASDMZHOST)
3 1
Apex Domain
Subdomains		 Transfer
3 yhb4.us
mob.bofa.com.update.yhb4.us
23 KB
3 1
Domain Requested by
3 mob.bofa.com.update.yhb4.us mob.bofa.com.update.yhb4.us
3 1

This site contains no links.

Subject Issuer Validity Valid

This page contains 1 frames:

Primary Page: http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
Frame ID: E8033875D7974E537BD9F2D55B058110
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://mob.bofa.com.update.yhb4.us/ Page URL
  2. http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /CentOS/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

3
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

23 kB
Transfer

22 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mob.bofa.com.update.yhb4.us/ Page URL
  2. http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Cookie set /
mob.bofa.com.update.yhb4.us/ 		115 B
503 B 		Document
General
Check archive.org
Download Go to
Full URL
http://mob.bofa.com.update.yhb4.us/
Protocol
HTTP/1.1
Server
191.96.249.97 Moscow, Russian Federation, ASN64484 (ASDMZHOST, NL),
Reverse DNS
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
c523f7c07efc9b1583bea642706a8f3047bc6d524aecb0b65eae38ba86d16f44

Request headers

Host
mob.bofa.com.update.yhb4.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 02 Dec 2018 19:32:24 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Set-Cookie
PHPSESSID=6dena9pl2id385jbei62pioc14; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Length
115
Connection
close
Content-Type
text/html; charset=UTF-8
Primary Request cmaWebMsg.php
mob.bofa.com.update.yhb4.us/ 		916 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
Protocol
HTTP/1.1
Server
191.96.249.97 Moscow, Russian Federation, ASN64484 (ASDMZHOST, NL),
Reverse DNS
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e17a59970fff14540836283fe7fdb3b78266099bec52a304ce7d4c61c0d1e343

Request headers

Host
mob.bofa.com.update.yhb4.us
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
http://mob.bofa.com.update.yhb4.us/
Accept-Encoding
gzip, deflate
Cookie
PHPSESSID=6dena9pl2id385jbei62pioc14
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://mob.bofa.com.update.yhb4.us/

Response headers

Date
Sun, 02 Dec 2018 19:32:24 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Content-Length
916
Connection
close
Content-Type
text/html; charset=UTF-8
base.png
mob.bofa.com.update.yhb4.us/record/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mob.bofa.com.update.yhb4.us/record/base.png?img_ret_id=NrIhonBdkpRNuIIDnhtMkX
Requested by
Host: mob.bofa.com.update.yhb4.us
URL: http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
Protocol
HTTP/1.1
Server
191.96.249.97 Moscow, Russian Federation, ASN64484 (ASDMZHOST, NL),
Reverse DNS
Software
Apache/2.2.15 (CentOS) /
Resource Hash
cc6c2e27d6f1c79f924f75c0649992015a9127c2f25168e109f4c4eb6260020b

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
mob.bofa.com.update.yhb4.us
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
Cookie
PHPSESSID=6dena9pl2id385jbei62pioc14
Connection
keep-alive
Cache-Control
no-cache
Referer
http://mob.bofa.com.update.yhb4.us/cmaWebMsg.php?display=Notify&notification_id=scqTnmhDDIAwDkwuhS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 02 Dec 2018 19:32:24 GMT
Last-Modified
Sun, 17 Dec 2000 18:52:34 GMT
Server
Apache/2.2.15 (CentOS)
ETag
"20a99-522b-378a5f7e44080"
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
21035

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Domain/Path Name / Value
mob.bofa.com.update.yhb4.us/ Name: PHPSESSID
Value: 6dena9pl2id385jbei62pioc14

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mob.bofa.com.update.yhb4.us
191.96.249.97
c523f7c07efc9b1583bea642706a8f3047bc6d524aecb0b65eae38ba86d16f44
cc6c2e27d6f1c79f924f75c0649992015a9127c2f25168e109f4c4eb6260020b
e17a59970fff14540836283fe7fdb3b78266099bec52a304ce7d4c61c0d1e343