urlscan.io logo urlscan.io
SecurityTrails logo

staticweb-bankofamerica-verify09.duckdns.org Open in urlscan Pro
147.182.254.155  Public Scan

Go To Rescan Add Verdict Report
URL: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Submission: On August 19 via automatic, source openphish
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 147.182.254.155, located in San Francisco, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is staticweb-bankofamerica-verify09.duckdns.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on August 18th 2021. Valid for: 3 months.
This is the only time staticweb-bankofamerica-verify09.duckdns.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 147.182.254.155 14061 (DIGITALOC...)
9 2
Domain Requested by
5 staticweb-bankofamerica-verify09.duckdns.org staticweb-bankofamerica-verify09.duckdns.org
0 secure.bankofamerica.com Failed staticweb-bankofamerica-verify09.duckdns.org
9 2

This site contains links to these domains. Also see Links.

Domain
www.bankofamerica.com
Subject Issuer Validity Valid
staticweb-bankofamerica-verify09.duckdns.org
cPanel, Inc. Certification Authority		 2021-08-18 -
2021-11-16		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Frame ID: 6072DD02E0B1C248DC4D578572AEFE17
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

50 kB
Transfer

49 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/ 		37 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.254.155 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
a617afd7feca4e2abf7f72e2303ecb564649dfb3b2fa09687da84f65da146c70

Request headers

Host
staticweb-bankofamerica-verify09.duckdns.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Thu, 19 Aug 2021 01:21:31 GMT
Server
Apache
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
vipaa-v4-jawr.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/style/ 		0
0
Cookie set vipaa-v4-jawr.js
staticweb-bankofamerica-verify09.duckdns.org/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/script/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staticweb-bankofamerica-verify09.duckdns.org/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/script/vipaa-v4-jawr.js
Requested by
Host: staticweb-bankofamerica-verify09.duckdns.org
URL: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.254.155 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
c419afc394734710b503ca276721cc64c9e6f4d0678acac9923e848445a41a95

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
staticweb-bankofamerica-verify09.duckdns.org
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Connection
keep-alive
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Aug 2021 01:21:31 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Set-Cookie
PHPSESSID=463c93e74c6e8417f0e074be53123ecd; path=/
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
3084
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cookie set jquery-migrate-custom.js
staticweb-bankofamerica-verify09.duckdns.org/pa/global-assets/1.0/script/libraries/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staticweb-bankofamerica-verify09.duckdns.org/pa/global-assets/1.0/script/libraries/jquery-migrate-custom.js
Requested by
Host: staticweb-bankofamerica-verify09.duckdns.org
URL: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.254.155 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
c419afc394734710b503ca276721cc64c9e6f4d0678acac9923e848445a41a95

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
staticweb-bankofamerica-verify09.duckdns.org
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Connection
keep-alive
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Aug 2021 01:21:31 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Set-Cookie
PHPSESSID=cb169e704bb3717bf1274c0d2e44f1de; path=/
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
3084
Expires
Thu, 19 Nov 1981 08:52:00 GMT
BofA_rgb.png
secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/ 		0
0
vipaa-v4-jawr-print.css
secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/style/ 		0
0
online-id-vipaa-module-enter-skin.js
staticweb-bankofamerica-verify09.duckdns.org/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staticweb-bankofamerica-verify09.duckdns.org/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/script/online-id-vipaa-module-enter-skin.js
Requested by
Host: staticweb-bankofamerica-verify09.duckdns.org
URL: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.254.155 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
c419afc394734710b503ca276721cc64c9e6f4d0678acac9923e848445a41a95

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
staticweb-bankofamerica-verify09.duckdns.org
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Cookie
PHPSESSID=cb169e704bb3717bf1274c0d2e44f1de
Connection
keep-alive
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Aug 2021 01:21:32 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
3084
Expires
Thu, 19 Nov 1981 08:52:00 GMT
mobile_llama.png
secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/ 		0
0
cm-jawr.js
staticweb-bankofamerica-verify09.duckdns.org/pa/components/bundles/text-decompressed/xengine/VIPAA/8.0/script/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://staticweb-bankofamerica-verify09.duckdns.org/pa/components/bundles/text-decompressed/xengine/VIPAA/8.0/script/cm-jawr.js
Requested by
Host: staticweb-bankofamerica-verify09.duckdns.org
URL: https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.182.254.155 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
Apache /
Resource Hash
c419afc394734710b503ca276721cc64c9e6f4d0678acac9923e848445a41a95

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
staticweb-bankofamerica-verify09.duckdns.org
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
Cookie
PHPSESSID=cb169e704bb3717bf1274c0d2e44f1de
Connection
keep-alive
Referer
https://staticweb-bankofamerica-verify09.duckdns.org/cavmwebbactouch/common/login.php?online_id=a99f209eb337ab7d897f8c3da&country=Canada&iso=CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 19 Aug 2021 01:21:33 GMT
Server
Apache
Content-Type
text/html; charset=UTF-8
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
3084
Expires
Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.bankofamerica.com
URL
https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/style/vipaa-v4-jawr.css
Domain
secure.bankofamerica.com
URL
https://secure.bankofamerica.com/content/images/ContextualSiteGraphics/Logos/en_US/BofA_rgb.png
Domain
secure.bankofamerica.com
URL
https://secure.bankofamerica.com/pa/components/bundles/gzip-compressed/xengine/VIPAA/8.0/style/vipaa-v4-jawr-print.css
Domain
secure.bankofamerica.com
URL
https://secure.bankofamerica.com/pa/components/modules-app/VIPAA/online-id-vipaa-module/1.0/graphic/mobile_llama.png

Verdicts & Comments Add Verdict or Comment

50 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated string| boaVIPAAuseGzippedBundles string| boaVIPAAjawrEnabled string| dotcomURLPrefix string| pinRegexSwitch string| sbPinRegexSwitch string| newPwdStandardSwitch boolean| enableKeypress object| boaPageDataJS object| theBody string| captureMouseEvents number| maxMouseEvents string| ccPath string| _ia11 boolean| isFPEnabled boolean| enableDI string| windowsHelloSigninFailedTitle string| windowsHelloSigninFailedContent string| windowsHelloTempOffTitle string| windowsHelloTempOffContent string| windowsHelloCurrentlyOffTitle string| windowsHelloCurrentlyOffContent string| vipaaGISMaskingEnabled object| GetAppDownloadConfig string| cmPageId string| cmCategoryId string| cmPageId_Modal string| cmSessionID string| appStepNumber string| appStepName string| appName undefined| testString undefined| cmFailure undefined| cmErrorMsg undefined| cmReqLocale undefined| locAppendage function| cmSetDD undefined| errorCode undefined| errorCodeCounter undefined| errorCodeIndex

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

secure.bankofamerica.com
staticweb-bankofamerica-verify09.duckdns.org
secure.bankofamerica.com
147.182.254.155
a617afd7feca4e2abf7f72e2303ecb564649dfb3b2fa09687da84f65da146c70
c419afc394734710b503ca276721cc64c9e6f4d0678acac9923e848445a41a95