botshocks.com
Open in
urlscan Pro
210.16.102.149
Malicious Activity!
Public Scan
Submission: On February 27 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 19th 2020. Valid for: 3 months.
This is the only time botshocks.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Citibank (Banking) KeyBank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 210.16.102.149 210.16.102.149 | 40676 (AS40676) (AS40676) | |
8 | 23.45.97.177 23.45.97.177 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
13 | 2 |
ASN20940 (AKAMAI-ASN1, US)
PTR: a23-45-97-177.deploy.static.akamaitechnologies.com
public.cobrowse.oraclecloud.com | |
sc40562060us3.cobrowse.oraclecloud.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
oraclecloud.com
public.cobrowse.oraclecloud.com sc40562060us3.cobrowse.oraclecloud.com |
15 KB |
5 |
botshocks.com
botshocks.com |
163 KB |
13 | 2 |
Domain | Requested by | |
---|---|---|
7 | public.cobrowse.oraclecloud.com |
botshocks.com
|
5 | botshocks.com |
botshocks.com
|
1 | sc40562060us3.cobrowse.oraclecloud.com |
botshocks.com
|
13 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
botshocks.com cPanel, Inc. Certification Authority |
2020-02-19 - 2020-05-19 |
3 months | crt.sh |
*.cobrowse.oraclecloud.com DigiCert SHA2 Secure Server CA |
2019-10-07 - 2021-01-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://botshocks.com/citi/confirm.php
Frame ID: 40B5FD6805AE99EB16DD8BB6D46ACC70
Requests: 13 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Angular (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+ ng-version="([\d.]+)"/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
confirm.php
botshocks.com/citi/ |
17 KB 17 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
botshocks.com/citi/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
caca.css
botshocks.com/citi/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
citi.png
botshocks.com/citi/ |
97 KB 97 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.gif
botshocks.com/citi/ |
49 KB 49 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpaneltoggler.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanel_innerlogo_background.png
sc40562060us3.cobrowse.oraclecloud.com/ui/images/ |
283 B 444 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelhovertooltipbg.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelbg.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelsepline.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
925 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelminimize.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
932 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelclosebutton.png
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
v4llpanelpreload.gif
public.cobrowse.oraclecloud.com/rely/resources/images/v4llpanel/ |
4 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Citibank (Banking) KeyBank (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| digitalData0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
botshocks.com
public.cobrowse.oraclecloud.com
sc40562060us3.cobrowse.oraclecloud.com
210.16.102.149
23.45.97.177
0dac73926687d157914c2595238a7af446317aa06024191b0ea1cb3984423b73
10e7fdbaeade51e1f7f593355cd292d750e68d6b412e9ddfcea8ebcc2b4d5c3b
26de07dd73786374a807a360158c28f7e6f4ac3be0ad17d2401521e5a289465c
2e733b2f42846990c39e4c67a2e33716f4b6f247a0fb615b6ec075d2e9c6d468
40cd18bafa4b8c016fb9062868737207dcad9898139431d94116e240c4f3cb33
6926b522cfe3ccd8341359a8885f3a943826ef1683d3c9576e21902b061329ce
6e91651dd8dd2854deacc60c489f40fe73db35e15dd757451064034919ea9e9f
70bfde3380108ca258f296bd76167e4ff5b6f7418e0f62064acd359e35e66281
d0de9fcadbcfe80e38edfafd43d58be839af4fb14533079dae76b9168b4229e8
d4d092bf6f1756eab6bba58b7b7da260bd95ecd474c03f71d9893a0dbb1106e3
ee6ef2ab637e9e6fe99885c6ac5948072f04b4dee3961e9e0fee05f04b4463f2