ycms.technorama.pk
Open in
urlscan Pro
2606:4700:3037::ac43:baf3
Malicious Activity!
Public Scan
Submission: On March 23 via automatic, source phishtank — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 16th 2022. Valid for: a year.
This is the only time ycms.technorama.pk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Cloudflare (Online) Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 6 | 2606:4700:303... 2606:4700:3037::ac43:baf3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700::68... 2606:4700::6810:3965 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
6 | 3 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
technorama.pk
1 redirects
ycms.technorama.pk |
370 KB |
1 |
cloudflareinsights.com
static.cloudflareinsights.com — Cisco Umbrella Rank: 886 |
6 KB |
6 | 2 |
Domain | Requested by | |
---|---|---|
6 | ycms.technorama.pk |
1 redirects
ycms.technorama.pk
static.cloudflareinsights.com |
1 | static.cloudflareinsights.com |
ycms.technorama.pk
|
6 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
secure.bankofamerica.com |
www.bankofamerica.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-16 - 2023-06-16 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://ycms.technorama.pk/BOA/Login.php
Frame ID: 82D4819E42A10C715B5F26E694458C2F
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Bank of America | Online Banking | Log In | Online IDPage URL History Show full URLs
- https://ycms.technorama.pk/BOA/Login.php Page URL
-
https://ycms.technorama.pk/cdn-cgi/phish-bypass?atok=sWtW2TwvKxT1JR1O7JoTpGUNp5UiVEeCqGwAVEWPao8-167953...
HTTP 301
https://ycms.technorama.pk/BOA/Login.php Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Cloudflare Browser Insights (Analytics) Expand
Detected patterns
- static\.cloudflareinsights\.com/beacon(?:\.min)?\.js
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Title: En español
Search URL Search Domain Scan URL
Title: {storeLinkText}
Search URL Search Domain Scan URL
Title: Learn about your Banking by Phone options ››
Search URL Search Domain Scan URL
Title: Forgot ID/Password?
Search URL Search Domain Scan URL
Title: Problem logging in?
Search URL Search Domain Scan URL
Title: Enroll now for online Banking
Search URL Search Domain Scan URL
Title: Learn more about Online Banking
Search URL Search Domain Scan URL
Title: Service Agreement
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Security
Search URL Search Domain Scan URL
Title: Equal Housing Lender
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ycms.technorama.pk/BOA/Login.php Page URL
-
https://ycms.technorama.pk/cdn-cgi/phish-bypass?atok=sWtW2TwvKxT1JR1O7JoTpGUNp5UiVEeCqGwAVEWPao8-1679539231-0-%2FBOA%2FLogin.php
HTTP 301
https://ycms.technorama.pk/BOA/Login.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
6 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Login.php
ycms.technorama.pk/BOA/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cf.errors.css
ycms.technorama.pk/cdn-cgi/styles/ |
24 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon-exclamation.png
ycms.technorama.pk/cdn-cgi/images/ |
452 B 541 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
Login.php
ycms.technorama.pk/BOA/ Redirect Chain
|
936 KB 362 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
38 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
19 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
vb26e4fa9e5134444860be286fd8771851679335129114
static.cloudflareinsights.com/beacon.min.js/ |
16 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
473 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
48 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
144 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
82 KB 82 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
rum
ycms.technorama.pk/cdn-cgi/ |
0 167 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Cloudflare (Online) Bank of America (Banking)5 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 boolean| credentialless function| savepage_ShadowLoader object| __cfBeacon1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ycms.technorama.pk/ | Name: __cf_mw_byp Value: sWtW2TwvKxT1JR1O7JoTpGUNp5UiVEeCqGwAVEWPao8-1679539231-0-/BOA/Login.php |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
static.cloudflareinsights.com
ycms.technorama.pk
2606:4700:3037::ac43:baf3
2606:4700::6810:3965
1103290e25ebda2712abe344a87facbac00ddaba712729be9fe5feef807bf91b
1172386e1cd9f7fd9d7646df035d93473bbbf19e1b325fc54d9c2aa76e5a7a80
1fd0165c614119c55eb769ab77eff8b44ddc24a3c7f9a2c4bc8da80b965e94fb
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
5c7654fa8823bf309b4fcfebd219246ba2a104468d99f152cfd8637caa6c16cf
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
a4ef73601a6552d55503bcbd9b6cd23fc0c33fa075f8efe724cddd4e3ee55542
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4
e1ac56ae25629e508f729b799d563d71920902a4cb26cf3bb602beb3e368775e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f1591a5221136c49438642155691ae6c68e25b7241f3d7ebe975b09a77662016