Windows Analysis Report
0430tely.pdf

Overview

General Information

Sample name: 0430tely.pdf
renamed because original name is a hash value
Original sample name: Unauthrizd Sign-ln Dtectd - nfirm unt Infrmtin Immditely.pdf
Analysis ID: 1592118
MD5: 9e8618badb9f66710a39c66e087b62df
SHA1: a52debd9dede1cf36e6a4d737cedcff98fb76804
SHA256: 6fea71e67dbb477790e602b8456613405ad62c253d6c977b2c636f6e497a9b5b
Infos:

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
AI detected landing page (webpage, office document or email)
Detected non-DNS traffic on DNS port
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML page contains obfuscated script src
IP address seen in connection with other malware
Invalid T&C link found
Stores files to the Windows start menu directory
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

Source: chromecache_208.14.dr Binary or memory string: a = "-----BEGIN PUBLIC KEY-----\n" + (this.wordwrap(this.getPublicBaseKeyB64()) + "\n"); memstr_c5d0a4f5-a

Phishing
barindex
AI detected phishing page
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go Joe Sandbox AI: Score: 9 Reasons: The brand 'Bank of America' is a well-known financial institution., The legitimate domain for Bank of America is 'bankofamerica.com'., The URL 'online.access.secure.bankofamerlica.com' contains a misspelling of 'bankofamerica' as 'bankofamerlica'., The presence of multiple subdomains and the misspelling are common phishing tactics., The input fields 'User ID' and 'Password' are typical targets for phishing attempts. DOM: 3.2.pages.csv
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go Joe Sandbox AI: Score: 9 Reasons: The brand 'Bank of America' is a well-known financial institution., The legitimate domain for Bank of America is 'bankofamerica.com'., The provided URL 'online.access.secure.bankofamerlica.com' contains a misspelling of 'bankofamerica' as 'bankofamerlica'., The URL structure includes multiple subdomains which can be a tactic used in phishing., The presence of input fields for 'User ID' and 'Password' on a suspicious URL increases the risk of phishing. DOM: 3.3.pages.csv
AI detected landing page (webpage, office document or email)
Source: PDF document Joe Sandbox AI: PDF document contains prominent button: 'continue'
HTML body contains low number of good links
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden javascript code
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: Base64 decoded: function _0x5f48(_0x2c5e02,_0xe19f15){var _0x1b34d0=_0x1b34();return _0x5f48=function(_0x5f482d,_0x502389){_0x5f482d=_0x5f482d-0x143;var _0x72c7d7=_0x1b34d0[_0x5f482d];return _0x72c7d7;},_0x5f48(_0x2c5e02,_0xe19f15);}(function(_0x471b0b,_0x52b3dd){var _0x...
HTML page contains obfuscated script src
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4NWY0OChfMHgyYzVlMDIsXzB4ZTE5ZjE1KXt2YXIgXzB4MWIzNGQwPV8weDFiMzQoKTtyZXR1cm4gXzB4NWY0OD1mdW5jdGlvbihfMHg1ZjQ4MmQsXzB4NTAyMzg5KXtfMHg1ZjQ4MmQ9XzB4NWY0ODJkLTB4MTQzO3ZhciBfMHg3MmM3ZDc9XzB4MWIzNGQwW18weDVmNDgyZF
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: Script src: data:text/javascript;base64,dmFyIF8weDNmZDY5MD1fMHg0Y2VkOyhmdW5jdGlvbihfMHg4ZTVlOTgsXzB4NGFhOTEwKXt2YXIgXzB4MmJjNjY1PV8weDRjZWQsXzB4NDMwNGQ4PV8weDhlNWU5OCgpO3doaWxlKCEhW10pe3RyeXt2YXIgXzB4MzA1MjJhPS1wYXJzZUludChfMHgyYmM2NjUoMHgzZDcpKS8weDErcGFyc2VJbn
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: Script src: data:text/javascript;base64,dmFyIF8weDVkM2JjYj1fMHgyZmZlOyhmdW5jdGlvbihfMHgyMzhlYmEsXzB4M2Q4NzJhKXt2YXIgXzB4MTZlNGQ3PV8weDJmZmUsXzB4MzdiMzJjPV8weDIzOGViYSgpO3doaWxlKCEhW10pe3RyeXt2YXIgXzB4M2YxYmFkPS1wYXJzZUludChfMHgxNmU0ZDcoMHgxMTMpKS8weDErLXBhcnNlSW
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4OTdjOChfMHgxNTEwOWIsXzB4MjYyNmRlKXtjb25zdCBfMHg1NDdlMDc9XzB4NTQ3ZSgpO3JldHVybiBfMHg5N2M4PWZ1bmN0aW9uKF8weDk3YzhmMSxfMHgyNjU4N2Epe18weDk3YzhmMT1fMHg5N2M4ZjEtMHgxN2M7bGV0IF8weDNhYjRlMj1fMHg1NDdlMDdbXzB4OTdjOG
Invalid T&C link found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: Invalid link: Privacy
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: Invalid link: Privacy
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: Invalid link: Privacy
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.js HTTP Parser: /*! jquery v3.5.1 | (c) js foundation and other contributors | jquery.org/license */ ! function(e, t) { "object" == typeof module && "object" == typeof module.exports ? module.exports = e.document ? t(e, !0) : function(e) { if (!e.document) { throw new error("jquery requires a window with a document") } return t(e) } : t(e)}("undefined" != typeof window ? window : this, function(c, e) { var t = [], r = object.getprototypeof, s = t.slice, g = t.flat ? function(e) { return t.flat.call(e) } : function(e) { return t.concat.apply([], e) }, u = t.push, i = t.indexof, n = {}, o = n.tostring, v = n.hasownproperty, a = v.tostring, l = a.call(object), y = {}, m = function(e) { return "function" == typeof e && "number" != typeof e.nodetype }, x = function(e) { return null != e && e === e.window ...
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: <input type="password" .../> found
Source: https://online.access.secure.bankofamerlica.com/secure/ HTTP Parser: No favicon
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="author".. found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="author".. found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="author".. found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="copyright".. found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="copyright".. found
Source: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go HTTP Parser: No <meta name="copyright".. found
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.16:59051 -> 162.159.36.2:53
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View IP Address: 188.119.66.154 188.119.66.154
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /?ref=9854tjwe46 HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://confirmationonline.blob.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /secure/ HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://confirmationonline.blob.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; ref=9854tjwe46; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/secure/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://online.access.secure.bankofamerlica.com/secure/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: global traffic HTTP traffic detected: GET /secure/secure.php HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: global traffic HTTP traffic detected: GET /login/sign-in/signOnV2Screen.go HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /login/sign-in/signOnV2Screen.go HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://online.access.secure.bankofamerlica.com/secure/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/vipaa-v4-jawr.css HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/onetrust-style.css HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/special/css/loader.css HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/vipaa-v4-jawr.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/online-id-vipaa-module-enter-skin.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/mobile_llama.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/mobile_llama.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/pill.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/BOA.PNG HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/online-id-vipaa-module-enter-skin.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/vipaa-v4-jawr.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/gfootb-static-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/fsd-secure-esp-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/help-qm-fsd.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/powered_by_logo.svg HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/special/js/main.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/pill.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/BofA_rgb.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/BOA.PNG HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/sign-in-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/fsd-secure-esp-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/help-qm-fsd.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/powered_by_logo.svg HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/gfoot-home-icon.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/help-qm-fsd-hover.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/gfootb-static-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/vipaa-v4-jawr-print.css HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/special/js/main.js HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/cnx-regular.woff HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://online.access.secure.bankofamerlica.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/BofA_rgb.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/sign-in-sprite.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/help-qm-fsd-hover.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/gfoot-home-icon.png HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/favicon.ico HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.goAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/favicon.ico HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /submit.php HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/error-large.gif HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=0; ppath=login%2Fsign-in%2FsignOnV2Screen.go
Source: global traffic HTTP traffic detected: GET /assets/error-large.gif HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D; stp=1; ppath=auth/reset/reset-entry/
Source: global traffic DNS traffic detected: DNS query: 241.42.69.40.in-addr.arpa
Source: global traffic DNS traffic detected: DNS query: x1.i.lencr.org
Source: global traffic DNS traffic detected: DNS query: online.access.secure.bankofamerlica.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: unknown HTTP traffic detected: POST /secure/secure.php HTTP/1.1Host: online.access.secure.bankofamerlica.comConnection: keep-aliveContent-Length: 76sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: */*Origin: https://online.access.secure.bankofamerlica.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://online.access.secure.bankofamerlica.com/secure/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=alsdop4fv79usle9amccp2tfgp; referer=aHR0cHM6Ly9jb25maXJtYXRpb25vbmxpbmUuYmxvYi5jb3JlLndpbmRvd3MubmV0Lw%3D%3D
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: http://api.jqueryui.com/position/
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: http://bassistance.de/jquery-plugins/jquery-plugin-validation/
Source: 77EC63BDA74BD0D0E0426DC8F80085060.2.dr String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: http://docs.jquery.com/Plugins/Validation
Source: chromecache_207.14.dr String found in binary or memory: http://jquery.org/license
Source: chromecache_207.14.dr String found in binary or memory: http://jqueryui.com
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: 0430tely.pdf String found in binary or memory: http://www.reportlab.com
Source: 0430tely.pdf String found in binary or memory: http://www.reportlab.com)
Source: 2D85F72862B55C4EADD9E66E06947F3D0.2.dr String found in binary or memory: http://x1.i.lencr.org/
Source: d52f2a14-5a7e-4fe8-9b3e-8660dd32ebfb.tmp.3.dr String found in binary or memory: https://chrome.cloudflare-dns.com
Source: 0430tely.pdf String found in binary or memory: https://confirmationonline.blob.core.windows.net/attestation/complete.html?1da72)
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://fls.doubleclick.net/activityi
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://github.com/ded/bowser
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://github.com/jquery/jquery-color
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://npmcdn.com/jsencrypt
Source: chromecache_176.14.dr String found in binary or memory: https://online.access.secure.bankofamerlica.com/?ref=9854tjwe46
Source: chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card.asp?
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card_d.asp
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card_d.asp?
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card_json_4_0_b.asp
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://secure.opinionlab.com/ccc01/comment_card_json_4_0_b.asp?r=
Source: chromecache_207.14.dr String found in binary or memory: https://www.bankofamerica.com
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://www.bankofamerica.com/homepage/language-not-available.go?target=https://www.bankofamerica.co
Source: chromecache_208.14.dr, chromecache_207.14.dr String found in binary or memory: https://www.bankofamerica.com/mweb/index.html?app=signon
Source: unknown Network traffic detected: HTTP traffic on port 59076 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59091 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59099 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59110 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59082 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59101 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59073 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59109 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59113 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59087 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59070 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59078 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59112 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59097 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59069 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59107 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59075 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59103
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59069
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59102
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59104
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59066
Source: unknown Network traffic detected: HTTP traffic on port 59118 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59067
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59100
Source: unknown Network traffic detected: HTTP traffic on port 59081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59089 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59108 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59072 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59114 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59107
Source: unknown Network traffic detected: HTTP traffic on port 59095 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59109
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59108
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59114
Source: unknown Network traffic detected: HTTP traffic on port 59086 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59113
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59077
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59076
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59079
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59112
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59078
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59073
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59072
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59075
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59074
Source: unknown Network traffic detected: HTTP traffic on port 59105 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59071
Source: unknown Network traffic detected: HTTP traffic on port 59120 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59070
Source: unknown Network traffic detected: HTTP traffic on port 59117 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59118
Source: unknown Network traffic detected: HTTP traffic on port 59077 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59117
Source: unknown Network traffic detected: HTTP traffic on port 59098 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59119
Source: unknown Network traffic detected: HTTP traffic on port 59090 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59088
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59087
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59120
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59089
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59084
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59083
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59086
Source: unknown Network traffic detected: HTTP traffic on port 59066 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59083 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59085
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59082
Source: unknown Network traffic detected: HTTP traffic on port 59102 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59081
Source: unknown Network traffic detected: HTTP traffic on port 59074 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59119 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59099
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59098
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59095
Source: unknown Network traffic detected: HTTP traffic on port 59103 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59097
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59096
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59091
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59090
Source: unknown Network traffic detected: HTTP traffic on port 59088 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59096 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59111 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59085 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59100 -> 443
Document contains embedded VBA macros
Source: chromecache_194.14.dr OLE indicator, VBA macros: true
Document misses a certain OLE stream usually present in this Microsoft Office document type
Source: chromecache_194.14.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: mal52.phis.winPDF@30/122@4/4
Source: 0430tely.pdf Initial sample: https://confirmationonline.blob.core.windows.net/attestation/complete.html?1da72
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.6308 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-15 13-41-21-511.log Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: unknown Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\0430tely.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1580,i,6253502165632248395,16397532995403406337,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://confirmationonline.blob.core.windows.net/attestation/complete.html?1da72
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1788,i,3425846688857665517,9014097320282314136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://confirmationonline.blob.core.windows.net/attestation/complete.html?1da72 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2100 --field-trial-handle=1580,i,6253502165632248395,16397532995403406337,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 --field-trial-handle=1788,i,3425846688857665517,9014097320282314136,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.13.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: 0430tely.pdf Initial sample: PDF keyword /JS count = 0
Source: 0430tely.pdf Initial sample: PDF keyword /JavaScript count = 0
Source: 0430tely.pdf Initial sample: PDF keyword /EmbeddedFile count = 0
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe Process information queried: ProcessInformation Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592118 Sample: 0430tely.pdf Startdate: 15/01/2025 Architecture: WINDOWS Score: 52 20 x1.i.lencr.org 2->20 22 www.google.com 2->22 24 3 other IPs or domains 2->24 34 AI detected phishing page 2->34 36 AI detected landing page (webpage, office document or email) 2->36 8 Acrobat.exe 20 76 2->8         started        signatures3 process4 process5 10 chrome.exe 8 8->10         started        13 AcroCEF.exe 108 8->13         started        dnsIp6 26 192.168.2.16, 138, 443, 53 unknown unknown 10->26 28 239.255.255.250 unknown Reserved 10->28 15 chrome.exe 10->15         started        18 AcroCEF.exe 4 13->18         started        process7 dnsIp8 30 www.google.com 142.250.184.196, 443, 59072 GOOGLEUS United States 15->30 32 online.access.secure.bankofamerlica.com 188.119.66.154, 443, 59066, 59067 FLYNETRU Russian Federation 15->32
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.184.196
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.119.66.154
 online.access.secure.bankofamerlica.com Russian Federation
209499 FLYNETRU false

Private

IP
192.168.2.16

Contacted Domains

Name IP Active
bg.microsoft.map.fastly.net 199.232.210.172 true
online.access.secure.bankofamerlica.com 188.119.66.154 true
www.google.com 142.250.184.196 true
241.42.69.40.in-addr.arpa unknown unknown
x1.i.lencr.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://online.access.secure.bankofamerlica.com/assets/cnx-regular.woff false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/gfoot-home-icon.png false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/onetrust-style.css false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/special/css/loader.css false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/error-large.gif false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/fsd-secure-esp-sprite.png false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/pill.png false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/help-qm-fsd.png false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/online-id-vipaa-module-enter-skin.js false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.js false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/BofA_rgb.png false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/submit.php false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/ false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/?ref=9854tjwe46 false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/assets/special/js/main.js false
  • Avira URL Cloud: safe
 unknown
https://online.access.secure.bankofamerlica.com/login/sign-in/signOnV2Screen.go true
    		unknown
    https://online.access.secure.bankofamerlica.com/assets/powered_by_logo.svg false
    • Avira URL Cloud: safe
    		 unknown
    https://online.access.secure.bankofamerlica.com/secure/ false
      		unknown
      https://online.access.secure.bankofamerlica.com/assets/BOA.PNG false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/sign-in-sprite.png false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/secure/secure.php false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/help-qm-fsd-hover.png false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr-print.css false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/gfootb-static-sprite.png false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/mobile_llama.png false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/favicon.ico false
      • Avira URL Cloud: safe
      		 unknown
      https://online.access.secure.bankofamerlica.com/assets/vipaa-v4-jawr.css false
      • Avira URL Cloud: safe
      		 unknown