land20bank2aof26the3fphilippines.com Open in urlscan Pro
162.241.194.69  Malicious Activity! Public Scan

URL: http://land20bank2aof26the3fphilippines.com/
Submission: On May 23 via automatic, source openphish — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 162.241.194.69, located in United States and belongs to NETWORK-SOLUTIONS-HOSTING, US. The main domain is land20bank2aof26the3fphilippines.com.
This is the only time land20bank2aof26the3fphilippines.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Land Bank of the Philippines (Banking)

Live information

Domain & IP information

IP Address AS Autonomous System
2 162.241.194.69 19871 (NETWORK-S...)
4 141.193.213.20 209242 (CLOUDFLAR...)
4 141.193.213.21 209242 (CLOUDFLAR...)
10 3
Domain Requested by
8 florencelovekarsner.com land20bank2aof26the3fphilippines.com
florencelovekarsner.com
2 land20bank2aof26the3fphilippines.com land20bank2aof26the3fphilippines.com
10 2
Subject Issuer Validity Valid
florencelovekarsner.com
Cloudflare Inc ECC CA-3
2022-08-01 -
2023-07-31
a year crt.sh

This page contains 3 frames:

Primary Page: http://land20bank2aof26the3fphilippines.com/
Frame ID: 7E1CD96CB6C18C17D0B73365E397F93A
Requests: 2 HTTP requests in this frame

Frame: http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Frame ID: 35A50B4CE7646AF601E633EF5B3323A5
Requests: 4 HTTP requests in this frame

Frame: https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Frame ID: E6D258ED539D681372D061BC5F72181C
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

LANDBANK iAccess Retail Internet Banking - Retail

Page Statistics

10
Requests

40 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

439 kB
Transfer

477 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
land20bank2aof26the3fphilippines.com/
11 KB
2 KB
Document
General
Full URL
http://land20bank2aof26the3fphilippines.com/
Protocol
HTTP/1.1
Server
162.241.194.69 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
162-241-194-69.unifiedlayer.com
Software
nginx/1.23.2 /
Resource Hash
de24569d7ed9edd1fb1575399272e82cfaacf6bc9732f473df8e6b53d3955b26

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Encoding
gzip
Content-Length
2159
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 May 2023 06:18:54 GMT
Server
nginx/1.23.2
Vary
Accept-Encoding
X-Server-Cache
false
/
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/ Frame 35A5
20 KB
4 KB
Document
General
Full URL
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Requested by
Host: land20bank2aof26the3fphilippines.com
URL: http://land20bank2aof26the3fphilippines.com/
Protocol
HTTP/1.1
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
3e77f21cc28b8d2fa08dd4722179fdf9f721ae683c2ed3664c0a28f649389195

Request headers

Referer
http://land20bank2aof26the3fphilippines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

CF-Cache-Status
DYNAMIC
CF-RAY
7cbb2f2e097b362a-FRA
Cache-Control
max-age=600, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Tue, 23 May 2023 06:18:55 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Pragma
no-cache
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
X-Cache
HIT: 2
X-Cache-Group
normal
X-Cacheable
SHORT
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-powered-by
WP Engine
7ad9e231
land20bank2aof26the3fphilippines.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Retail_files/
0
0
Script
General
Full URL
http://land20bank2aof26the3fphilippines.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Retail_files/7ad9e231
Requested by
Host: land20bank2aof26the3fphilippines.com
URL: http://land20bank2aof26the3fphilippines.com/
Protocol
HTTP/1.1
Server
162.241.194.69 , United States, ASN19871 (NETWORK-SOLUTIONS-HOSTING, US),
Reverse DNS
162-241-194-69.unifiedlayer.com
Software
nginx/1.23.2 /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://land20bank2aof26the3fphilippines.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 23 May 2023 06:18:55 GMT
Content-Encoding
gzip
Last-Modified
Wed, 12 Oct 2022 20:23:42 GMT
Server
nginx/1.23.2
Vary
Accept-Encoding
Content-Type
text/html
Accept-Ranges
bytes
Content-Length
462
/
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/ Frame E6D2
20 KB
4 KB
Document
General
Full URL
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Requested by
Host: land20bank2aof26the3fphilippines.com
URL: http://land20bank2aof26the3fphilippines.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / WP Engine
Resource Hash
3e77f21cc28b8d2fa08dd4722179fdf9f721ae683c2ed3664c0a28f649389195

Request headers

Referer
http://land20bank2aof26the3fphilippines.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
max-age=600, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7cbb2f2e19de9267-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Tue, 23 May 2023 06:18:55 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
cloudflare
vary
Accept-Encoding Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
x-cache
HIT: 1
x-cache-group
normal
x-cacheable
SHORT
x-orig-cache-control
no-store, no-cache, must-revalidate
x-powered-by
WP Engine
2.jpg
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame 35A5
57 KB
57 KB
Image
General
Full URL
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/2.jpg
Requested by
Host: florencelovekarsner.com
URL: http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
HTTP/1.1
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd7944e393eebf0fe8b438e9893e48e023b5a154b8865c543d8dd95f21ab83de

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 23 May 2023 06:18:55 GMT
CF-Cache-Status
HIT
Age
152774
Cf-Polished
origFmt=jpeg, origSize=381246
Content-Disposition
inline; filename="2.webp"
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
57958
Cf-Bgj
imgq:100,h2pri
Last-Modified
Mon, 08 May 2023 20:20:36 GMT
Server
cloudflare
ETag
"64595994-5d13e"
Vary
Accept
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
CF-RAY
7cbb2f2f4af7362a-FRA
1.jpg
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame 35A5
147 KB
147 KB
Image
General
Full URL
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/1.jpg
Requested by
Host: florencelovekarsner.com
URL: http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
HTTP/1.1
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c47c2c306daf9bbf48e667187bfa10ec85ffe61592b52e2b19e04556c85c4b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 23 May 2023 06:18:55 GMT
CF-Cache-Status
HIT
Age
152734
Cf-Polished
origFmt=jpeg, origSize=197596
Content-Disposition
inline; filename="1.webp"
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
150394
Cf-Bgj
imgq:100,h2pri
Last-Modified
Mon, 08 May 2023 20:20:46 GMT
Server
cloudflare
ETag
"6459599e-303dc"
Vary
Accept
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
CF-RAY
7cbb2f2f5aa81997-FRA
bancnet.png
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame 35A5
2 KB
3 KB
Image
General
Full URL
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/bancnet.png
Requested by
Host: florencelovekarsner.com
URL: http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
HTTP/1.1
Server
141.193.213.20 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea2427c420726b9a96cfb35611e56df136e96a4e504a2bfb8a8e2d005e72fa70

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

Date
Tue, 23 May 2023 06:18:55 GMT
CF-Cache-Status
HIT
Age
4996
Cf-Polished
origFmt=png, origSize=4926
Content-Disposition
inline; filename="bancnet.webp"
Connection
keep-alive
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
Content-Length
2072
Cf-Bgj
imgq:100,h2pri
Last-Modified
Sat, 01 Apr 2023 18:09:38 GMT
Server
cloudflare
ETag
"64287362-133e"
Vary
Accept
Content-Type
image/webp
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Accept-Ranges
bytes
CF-RAY
7cbb2f2f5db690e0-FRA
2.jpg
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame E6D2
58 KB
58 KB
Image
General
Full URL
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/2.jpg
Requested by
Host: florencelovekarsner.com
URL: https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c936c0cf76c536da63fbffe39d58db082d4c4f2bdaad2bf4560a41097cb3b4f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 06:18:55 GMT
cf-cache-status
HIT
age
150313
cf-polished
origSize=381246, status=webp_bigger
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
59147
cf-bgj
imgq:100,h2pri
last-modified
Mon, 08 May 2023 20:20:36 GMT
server
cloudflare
etag
"64595994-5d13e"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7cbb2f2f6af09267-FRA
1.jpg
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame E6D2
161 KB
162 KB
Image
General
Full URL
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/1.jpg
Requested by
Host: florencelovekarsner.com
URL: https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5efd13d1cb0547ddd6f720a587b419b03eefe4e385ee792d8e986a020c62d41e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 06:18:55 GMT
cf-cache-status
HIT
age
150313
cf-polished
origSize=197596, status=webp_bigger
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
165091
cf-bgj
imgq:100,h2pri
last-modified
Mon, 08 May 2023 20:20:46 GMT
server
cloudflare
etag
"6459599e-303dc"
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7cbb2f2f6af29267-FRA
bancnet.png
florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/ Frame E6D2
2 KB
2 KB
Image
General
Full URL
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/lb_files/img/bancnet.png
Requested by
Host: florencelovekarsner.com
URL: https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.193.213.21 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea2427c420726b9a96cfb35611e56df136e96a4e504a2bfb8a8e2d005e72fa70

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://florencelovekarsner.com/text-align:right;white-space:nowrap;width:650px;font-size:.8em;font-family:arial,helvetica,sans-serif;margin-left:20px;/Update/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.126 Safari/537.36

Response headers

date
Tue, 23 May 2023 06:18:55 GMT
cf-cache-status
HIT
age
150313
cf-polished
origFmt=png, origSize=4926
content-disposition
inline; filename="bancnet.webp"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
2072
cf-bgj
imgq:100,h2pri
last-modified
Sat, 01 Apr 2023 18:09:38 GMT
server
cloudflare
etag
"64287362-133e"
vary
Accept
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
7cbb2f2f6af49267-FRA

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Land Bank of the Philippines (Banking)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 boolean| credentialless string| bazadebezolkohpepadr

0 Cookies

1 Console Messages

Source Level URL
Text
network error URL: http://land20bank2aof26the3fphilippines.com/LANDBANK%20iAccess%20Retail%20Internet%20Banking%20-%20Retail_files/7ad9e231
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)