bankof-america-com.mw.lt Open in urlscan Pro
188.95.50.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://bankof-america-com.mw.lt/authenticate.html
Submission: On June 14 via automatic, source openphish (June 14th 2017, 2:01:04 am UTC)

Summary HTTP 12 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 6 IPs in 4 countries across 5 domains to perform 12 HTTP transactions. The main IP is 188.95.50.114, located in Netherlands and belongs to GLOBALLAYER, NL. The main domain is bankof-america-com.mw.lt.

This is the only time bankof-america-com.mw.lt was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address	AS Autonomous System
4	188.95.50.114 188.95.50.114	57172 (GLOBALLAYER) (GLOBALLAYER)
2	188.95.50.112 188.95.50.112	57172 (GLOBALLAYER) (GLOBALLAYER)
1	95.100.248.112 95.100.248.112	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:201... 2600:9000:201c:ae00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	95.172.94.62 95.172.94.62	15570 (Internap ...) (Internap European Autonomous System)
12	6

4 188.95.50.114 (Netherlands)

ASN57172 (GLOBALLAYER, NL)
PTR: xtgem.com

bankof-america-com.mw.lt	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 188.95.50.112 (Netherlands)

ASN57172 (GLOBALLAYER, NL)
PTR: xtgem.com

3.thumbs.xtstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
xtgem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.248.112 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a95-100-248-112.deploy.akamaitechnologies.com

edge.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:201c:ae00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.172.94.62 (United Kingdom)

ASN15570 (Internap European Autonomous System, GB)
PTR: pixel.quantserve.com

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
4	mw.lt bankof-america-com.mw.lt	187 KB
2	quantserve.com edge.quantserve.com pixel.quantserve.com	5 KB
1	quantcount.com rules.quantcount.com	3 B
1	xtgem.com xtgem.com Failed	564 B
1	xtstatic.com 3.thumbs.xtstatic.com enif.images.xtstatic.com Failed cif.images.xtstatic.com Failed	2 KB
12	5

	Domain	Requested by
4	bankof-america-com.mw.lt	bankof-america-com.mw.lt
1	pixel.quantserve.com	bankof-america-com.mw.lt
1	rules.quantcount.com	edge.quantserve.com
1	xtgem.com	bankof-america-com.mw.lt
1	edge.quantserve.com	bankof-america-com.mw.lt
1	3.thumbs.xtstatic.com	bankof-america-com.mw.lt
0	cif.images.xtstatic.com Failed	bankof-america-com.mw.lt
0	enif.images.xtstatic.com Failed	bankof-america-com.mw.lt
12	8

This site contains links to these domains. Also see Links.

Domain
xtgem.com

Subject Issuer	Validity	Valid

This page contains 4 frames:

Primary Page: http://bankof-america-com.mw.lt/authenticate.html
Frame ID: 11435.1
Requests: 9 HTTP requests in this frame

Frame: http://enif.images.xtstatic.com/tp.gif
Frame ID: 11435.2
Requests: 1 HTTP requests in this frame

Frame: http://cif.images.xtstatic.com/tp.gif
Frame ID: 11435.3
Requests: 1 HTTP requests in this frame

Frame: http://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9iYW5rb2YtYW1lcmljYS1jb20ubXcubHRcL2F1dGhlbnRpY2F0ZS5odG1sIiwibG9nZ2VkX2luIjpmYWxzZSwiZG9tYWluIjoiYmFua29mLWFtZXJpY2EtY29tLm13Lmx0IiwicG9zaXRpb24iOnsiYWJzb2x1dGUiOiJmaXhlZCJ9fQ==
Frame ID: 11435.4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Statistics

12
Requests

0 %
HTTPS

20 %
IPv6

5
Domains

8
Subdomains

6
IPs

4
Countries

195 kB
Transfer

220 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: http://xtgem.com/click?p=featured_other_web_clean&u=__urlaHR0cDovL2JhY2t0b29sZHNjaG9vbC54dGdlbS5jb20vaW5kZXgvX194dGJsb2dfZW50cnkvMTAxOTg2OTUtcGFjbWFuLXJhaW5ib3dzLWFuZC1yb2xsZXItc2thdGVzP3V0bV9tZWRpdW09eHRnZW1fYWRfd2ViX2Jhbm5lciZ1dG1fc291cmNlPWZlYXR1cmVkX2FkI3h0X2Jsb2c=&s=bankof-america-com.mw.lt&t=KhsfFRoaHwUECwYZBg4AAQ4MDw8KBw10c3I=&_is_adult=No&_ad_pos=Bottom&_ad_format=Plain&_ad_url=YmFua29mLWFtZXJpY2EtY29tLm13Lmx0L2F1dGhlbnRpY2F0ZS5odG1s&_ad_networks=&_ad_type=Banner
Title: pacman, rainbows, and rol»

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set authenticate.html Show response bankof-america-com.mw.lt/	24 KB 5 KB	102ms 64ms	Document text/html	188.95.50.114 GLOBALLAYER
General Check archive.org Show headers Download Go to Full URL http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.114 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `ed8289549c2dee5f1270761f60546b70da35d20bc17ec493fe28007a89d72293` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host bankof-america-com.mw.lt Accept-Language en-US,en;q=0.8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Cache-Control no-cache Connection keep-alive Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Wed, 14 Jun 2017 02:00:53 GMT Content-Encoding gzip Age 0 P3P CP="Not supported" Connection close Content-Length 4750 Pragma no-cache X-Robots-Tag Crawl-delay: 10 Vary Host,Accept-Encoding X-Varnish 1559692630 Via 1.1 varnish Cache-Control private, no-cache, no-cache=Set-Cookie, proxy-revalidate Set-Cookie _xta_uid=171b309c1de1408060906c125ca17d2f; expires=Fri, 14-Jun-2019 01:59:55 GMT; Max-Age=63072000; path=/; domain=.mw.lt; httponly _xta_vid=5b8699aec5e368fb296340365f1bc2be-1497405595; expires=Wed, 14-Jun-2017 02:29:55 GMT; Max-Age=1800; path=/; domain=.mw.lt; httponly Accept-Ranges bytes Content-Type text/html; charset=utf-8 Expires Wed, 17 Sep 1975 21:32:10 GMT
GET H/1.1	200 OK	finish.png bankof-america-com.mw.lt/	4 KB 4 KB	43ms 30ms	Image image/png	188.95.50.114 GLOBALLAYER
General Check archive.org Show headers Download Go to Show image Full URL http://bankof-america-com.mw.lt/finish.png Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.114 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `e4dc252c698b6261709240820f0c2b7b0a443ed4dac87ad23da52cb224c6556e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host bankof-america-com.mw.lt Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Cookie _xta_uid=171b309c1de1408060906c125ca17d2f; _xta_vid=5b8699aec5e368fb296340365f1bc2be-1497405595 Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers X-Ngz 1 Via 1.1 varnish Age 0 Date Wed, 14 Jun 2017 02:00:53 GMT X-Robots-Tag Crawl-delay: 10 P3P CP="Not supported" Cache-Control max-age=2592000 X-Varnish 2485989668 Connection close Accept-Ranges bytes Content-Type image/png Content-Length 3923 Expires Fri, 14 Jul 2017 02:00:53 GMT
GET H/1.1	200 OK	w.png bankof-america-com.mw.lt/	121 B 121 B	78ms 66ms	Image image/png	188.95.50.114 GLOBALLAYER
General Check archive.org Show headers Download Go to Show image Full URL http://bankof-america-com.mw.lt/w.png Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.114 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `21acf758a3ee2eb84b46ca8c51be22a92fd84086f04c00d3f12b33c3bb5876bf` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host bankof-america-com.mw.lt Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Cookie _xta_uid=171b309c1de1408060906c125ca17d2f; _xta_vid=5b8699aec5e368fb296340365f1bc2be-1497405595 Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers X-Ngz 1 Via 1.1 varnish Age 0 Date Wed, 14 Jun 2017 02:00:54 GMT X-Robots-Tag Crawl-delay: 10 P3P CP="Not supported" Cache-Control max-age=2592000 X-Varnish 1041665731 Connection close Accept-Ranges bytes Content-Type image/png Content-Length 121 Expires Fri, 14 Jul 2017 02:00:53 GMT
GET H/1.1	200 OK	pacman-rainbows-and-roller-ska-4284.jpg 3.thumbs.xtstatic.com/100/50/-/3b6c32f88af4658b12f405e98a802385/backtooldschool.xtgem.com/images/blog/	2 KB 2 KB	49ms 13ms	Image image/jpeg	188.95.50.112 GLOBALLAYER
General Check archive.org Show headers Download Go to Show image Full URL http://3.thumbs.xtstatic.com/100/50/-/3b6c32f88af4658b12f405e98a802385/backtooldschool.xtgem.com/images/blog/pacman-rainbows-and-roller-ska-4284.jpg Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.112 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `c935d79b7ee386a322880197d37aeecbebfde2312a7680047d353fc00bbe42bc` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host 3.thumbs.xtstatic.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Wed, 14 Jun 2017 02:00:53 GMT X-Ngz 1 Content-Type image/jpeg Last-Modified Sat, 18 Mar 2017 05:15:44 GMT ETag "503d5e-74c-0" X-Cache-Status HIT Sent-XS 0.000 P3P CP="Not supported" Cache-Control max-age=172800, pre-check=172800 Connection close X-Robots-Tag Crawl-delay: 10 Content-Length 1868 Expires Thu, 15 Jun 2017 06:25:20 GMT
GET H/1.1	200 OK	quant.js Show response edge.quantserve.com/	12 KB 5 KB	12ms 6ms	Script application/x-javascript	95.100.248.112 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL http://edge.quantserve.com/quant.js Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 95.100.248.112 , European Union, ASN20940 (AKAMAI-ASN1, US), Reverse DNS a95-100-248-112.deploy.akamaitechnologies.com Software Apache / Resource Hash `0356044214bfbedb4744e88e7b07a853ac4fa09bb7381832e48886d6d4b7096e` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host edge.quantserve.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer http://bankof-america-com.mw.lt/authenticate.html Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Wed, 14 Jun 2017 02:00:53 GMT Content-Encoding gzip Last-Modified Thu, 25 May 2017 20:26:55 GMT Server Apache Vary Accept-Encoding Content-Type application/x-javascript Cache-Control private, max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 5458 Expires Thu, 15 Jun 2017 02:00:53 GMT
GET		tp.gif enif.images.xtstatic.com/ Frame 1143	0 0

GET		tp.gif cif.images.xtstatic.com/ Frame 1143	0 0

GET		__xt_authbar xtgem.com/ Frame 1143	0 0

GET H/1.1	200 OK	bg2.png bankof-america-com.mw.lt/	179 KB 179 KB	48ms 36ms	Image image/png	188.95.50.114 GLOBALLAYER
General Check archive.org Show headers Download Go to Show image Full URL http://bankof-america-com.mw.lt/bg2.png Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.114 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `e71acbf43c3a5de14f85ea06e9fb35e0d05ad88d2eb33f21b42d8760784ce51d` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host bankof-america-com.mw.lt Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Cookie _xta_uid=171b309c1de1408060906c125ca17d2f; _xta_vid=5b8699aec5e368fb296340365f1bc2be-1497405595; test Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers X-Ngz 1 Via 1.1 varnish Last-Modified Tue, 13 Jun 2017 23:10:24 GMT Age 0 ETag "3683e49f-2cb5a-551df8a55f800" X-Robots-Tag Crawl-delay: 10 P3P CP="Not supported" Cache-Control max-age=2592000 Date Wed, 14 Jun 2017 02:00:54 GMT X-Varnish 1041665735 Connection close Accept-Ranges bytes Content-Type image/png Content-Length 183130 Expires Fri, 14 Jul 2017 02:00:53 GMT
GET H/1.1	200 OK	close2.png xtgem.com/images/	564 B 564 B	37ms 13ms	Image image/png	188.95.50.112 GLOBALLAYER
General Check archive.org Show headers Download Go to Show image Full URL http://xtgem.com/images/close2.png?v=0.01 Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 188.95.50.112 , Netherlands, ASN57172 (GLOBALLAYER, NL), Reverse DNS xtgem.com Software / Resource Hash `bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host xtgem.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers X-Ngz 1 Via 1.1 varnish Last-Modified Tue, 06 Jun 2017 10:57:31 GMT Age 0 ETag "991e5-234-551487c739cc0" Content-Type image/png Cache-Control max-age=2592000 Date Wed, 14 Jun 2017 02:00:54 GMT X-Varnish 1068923267 Connection close Accept-Ranges bytes X-Robots-Tag Crawl-delay: 10 Content-Length 564 Expires Fri, 14 Jul 2017 02:00:54 GMT
GET H/1.1	200 OK	rules-p-0cfM8Oh7M9bVQ.js Show response rules.quantcount.com/	3 B 3 B	172ms 87ms	Script application/x-javascript	2600:9000:201c:ae00:6:44e3:f8c0:93a1 Amazon.com
General Check archive.org Show headers Download Go to Full URL http://rules.quantcount.com/rules-p-0cfM8Oh7M9bVQ.js Requested by Host: edge.quantserve.com URL: http://edge.quantserve.com/quant.js Protocol HTTP/1.1 Server 2600:9000:201c:ae00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US), Reverse DNS Software AmazonS3 / Resource Hash `ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host rules.quantcount.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept / Referer http://bankof-america-com.mw.lt/authenticate.html Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Date Thu, 09 Mar 2017 15:06:17 GMT Via 1.1 1ed704145e031b363677b35b95885a81.cloudfront.net (CloudFront) Last-Modified Sat, 04 Mar 2017 19:40:53 GMT Server AmazonS3 Age 22884 ETag "8a80554c91d9fca8acb82f023de02f11" X-Cache Hit from cloudfront Content-Type application/x-javascript Cache-Control max-age=86400 Connection keep-alive Accept-Ranges bytes Content-Length 3 X-Amz-Cf-Id auNOvI8husE7qx20LuM0dSFyf_SByqruRldmIs7rBUAKXNx45e1SCw==
GET H/1.1	200 OK	Cookie set pixel;r=1802141800;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fbankof-america-com.mw.lt%2Fauthenticate.html;fpan=1;fpa=P0-1363069406-1497405654152;ns=0;ce=1;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et... pixel.quantserve.com/	35 B 35 B	23ms 11ms	Image image/gif	95.172.94.62 Internap European...
General Check archive.org Show headers Download Go to Show image Full URL http://pixel.quantserve.com/pixel;r=1802141800;rf=0;a=p-0cfM8Oh7M9bVQ;url=http%3A%2F%2Fbankof-america-com.mw.lt%2Fauthenticate.html;fpan=1;fpa=P0-1363069406-1497405654152;ns=0;ce=1;cm=;ref=;je=0;sr=1600x1200x24;enc=n;dst=0;et=1497405654151;tzo=0;ogl= Requested by Host: bankof-america-com.mw.lt URL: http://bankof-america-com.mw.lt/authenticate.html Protocol HTTP/1.1 Server 95.172.94.62 , United Kingdom, ASN15570 (Internap European Autonomous System, GB), Reverse DNS pixel.quantserve.com Software QS / Resource Hash `a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8` Request headers Pragma no-cache Accept-Encoding gzip, deflate, sdch Host pixel.quantserve.com Accept-Language en-US,en;q=0.8 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Accept image/webp,image/,/;q=0.8 Referer* http://bankof-america-com.mw.lt/authenticate.html Connection keep-alive Cache-Control no-cache Referer http://bankof-america-com.mw.lt/authenticate.html User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Response headers Pragma no-cache Date Wed, 14 Jun 2017 02:00:54 GMT Server QS P3P CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV" Set-Cookie mc=594098d6-2a270-7fb67-10dbe; expires=Sun, 15-Jul-2018 02:00:54 GMT; path=/; domain=.quantserve.com Cache-Control private, no-cache, no-store, proxy-revalidate Connection close Content-Type image/gif Content-Length 35 Expires Fri, 04 Aug 1978 12:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: enif.images.xtstatic.com
URL: http://enif.images.xtstatic.com/tp.gif

Domain: cif.images.xtstatic.com
URL: http://cif.images.xtstatic.com/tp.gif

Domain: xtgem.com
URL: http://xtgem.com/__xt_authbar?data=eyJ1cmwiOiJodHRwOlwvXC9iYW5rb2YtYW1lcmljYS1jb20ubXcubHRcL2F1dGhlbnRpY2F0ZS5odG1sIiwibG9nZ2VkX2luIjpmYWxzZSwiZG9tYWluIjoiYmFua29mLWFtZXJpY2EtY29tLm13Lmx0IiwicG9zaXRpb24iOnsiYWJzb2x1dGUiOiJmaXhlZCJ9fQ==

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bankof-america-com.mw.lt/	2018-07-11 02:00:54	Name: __qca Value: P0-1363069406-1497405654152
.mw.lt/	2019-06-14 02:00:53	Name: _xta_uid Value: 171b309c1de1408060906c125ca17d2f
xtgem.com/	2017-07-14 02:00:54	Name: __lang Value: DE
.xtgem.com/	2017-06-15 02:00:54	Name: session Value: ab73gsqsb350p4u4odduq2j494
bankof-america-com.mw.lt/	1970-01-01 00:00:00	Name: Value: test
.mw.lt/	2017-06-14 02:30:53	Name: _xta_vid Value: 5b8699aec5e368fb296340365f1bc2be-1497405595
xtgem.com/	2017-07-14 02:00:54	Name: __template Value: web

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3.thumbs.xtstatic.com
bankof-america-com.mw.lt
cif.images.xtstatic.com
edge.quantserve.com
enif.images.xtstatic.com
pixel.quantserve.com
rules.quantcount.com
xtgem.com
cif.images.xtstatic.com
enif.images.xtstatic.com
xtgem.com
188.95.50.112
188.95.50.114
2600:9000:201c:ae00:6:44e3:f8c0:93a1
95.100.248.112
95.172.94.62
0356044214bfbedb4744e88e7b07a853ac4fa09bb7381832e48886d6d4b7096e
21acf758a3ee2eb84b46ca8c51be22a92fd84086f04c00d3f12b33c3bb5876bf
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
bc5dcb35fc074321d66b9d7809e286e4afe72c7b08d1e799672126c92150ecd3
c935d79b7ee386a322880197d37aeecbebfde2312a7680047d353fc00bbe42bc
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
e4dc252c698b6261709240820f0c2b7b0a443ed4dac87ad23da52cb224c6556e
e71acbf43c3a5de14f85ea06e9fb35e0d05ad88d2eb33f21b42d8760784ce51d
ed8289549c2dee5f1270761f60546b70da35d20bc17ec493fe28007a89d72293

bankof-america-com.mw.lt Open in urlscan Pro 188.95.50.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Statistics

12 Requests

0 %HTTPS

20 %IPv6

5 Domains

8 Subdomains

6 IPs

4 Countries

195 kBTransfer

220 kBSize

7 Cookies

1 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

7 Cookies

Indicators

bankof-america-com.mw.lt Open in urlscan Pro
188.95.50.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

0 %
HTTPS

20 %
IPv6

5
Domains

8
Subdomains

6
IPs

4
Countries

195 kB
Transfer

220 kB
Size

7
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!