copywriter.co.rs
Open in
urlscan Pro
74.220.215.85
Malicious Activity!
Public Scan
Submission Tags: @ipnigh
Submission: On February 08 via api from GB
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 7th 2020. Valid for: 3 months.
This is the only time copywriter.co.rs was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Bank of America (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 74.220.215.85 74.220.215.85 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
21 | 1 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: host285.hostmonster.com
copywriter.co.rs |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
copywriter.co.rs
copywriter.co.rs |
1 MB |
21 | 1 |
Domain | Requested by | |
---|---|---|
21 | copywriter.co.rs |
copywriter.co.rs
|
21 | 1 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
copywriter.co.rs Let's Encrypt Authority X3 |
2020-01-07 - 2020-04-06 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://copywriter.co.rs/images/roro/ModifiedBofA/login.php?cmd=login_submit&id=b8a8df369e8a9e3c4291e78233335a72b8a8df369e8a9e3c4291e78233335a72&session=b8a8df369e8a9e3c4291e78233335a72b8a8df369e8a9e3c4291e78233335a72
Frame ID: BACC2A5A1BFB86508AA065B85C8C48D3
Requests: 21 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
copywriter.co.rs/images/roro/ModifiedBofA/ |
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq1.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
22 KB 22 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq2.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
199 KB 199 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq3.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
53 KB 53 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq4.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
414 KB 414 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ap1.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ap2.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq5.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
45 KB 45 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq6.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq7.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq8.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq9.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
72 KB 72 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq10.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq11.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
57 KB 58 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq12.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
61 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq13.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
39 KB 40 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq15.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq16.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
52 KB 52 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq14.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
aq17.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
abtn1.png
copywriter.co.rs/images/roro/ModifiedBofA/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Bank of America (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
copywriter.co.rs/ | Name: PHPSESSID Value: 7p34qm6c4dkuem2tk9sekhop04 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
copywriter.co.rs
74.220.215.85
002535b618096936121e349865a5b59d5e24769cb432a2170636232b3ed20d03
1213db829848be1170ddb977bffcef1df5d90203db94f49504563e471ff4303b
24616bd7ab450d965353e041e931f9386b4f55180e12c48fe746bc6075b3bd00
2bc16ed3c6bf2c303a5362fb737183e5f07070a2f537ba73b8f0bee03d6cc635
3aa82268ff06fe9e44991a62ac911d5c60946cb97fa80aec8188cf4aafbd61d3
47f5b0435558f49dc63a7a3a15b7e41d24f6ec9f67d9f9e62d9681fd85b6e1da
4cea92542f310fc6774fc357f535dbc17fea77d97f6fda126542086048f1dbf0
61408b242da1e94b3cf277d5ace2bd2c21b46bbc5147965a4ade759cf8668b8b
668a55f1f31e989e78496dc4b64f02c1a01971db7e3423f51a6f95b60fc67bd2
8cf21290dcd46d6dcb8dbf5d1d645fb4cef285229a792a064b85be2d69230886
9092335489d9406cbcfeaa552b33b8849dbf91cb823447dbb0766d2711bbec67
93657a7817d65540aad2b3461b86ea9e41950a7fe006ba120c397ad2b1a34a48
aae5e133217f9d7c305f3a71b113aa4f99a7ee5ed9d5de1572970c652e01c7d0
ab28a3eeed3ee6077b5728cd8f63bce900ba4520e4404dae143815c779d71c8a
ac0aa5674e1d069597ff95231c304c2a4f499299e900c297da4ad3a7e7e7afdb
ad0cb08aac6725340f2c3708203fc3b9e75d23c3ef13db7c9b04473554aa4434
ae5e5a3a3af9eeef2cc6ead5408c30fe86f53ae4681178f239c01e4163f81ba1
af9636ea7d481522be9d228d8496b7abcadeb26f07a53058148c3ec7c448e7c3
dec66fcc481c24e9e0a81bb909e01ad72b22063d4e14d7538436d8434c7f6769
e74a847fba09259d78e88ae5ed284ac7d8f1a2c0dbf539ea6c69baa9a343a10e
ee46f601366273905a17059df19d374d2f65718e3923bfdff13b4d6e0fd502a3