domtkaney.by
Open in
urlscan Pro
178.124.139.58
Malicious Activity!
Public Scan
Submission: On May 11 via manual from US
Summary
This is the only time domtkaney.by was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
9 | 178.124.139.58 178.124.139.58 | 6697 (BELPAK-AS...) (BELPAK-AS BELPAK) | |
4 | 134.126.6.131 134.126.6.131 | 10357 (JMUNET) (JMUNET) | |
14 | 3 |
ASN10357 (JMUNET, US)
PTR: login.jmu.edu
login.jmu.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
domtkaney.by
domtkaney.by |
108 KB |
4 |
jmu.edu
login.jmu.edu |
49 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
9 | domtkaney.by |
domtkaney.by
|
4 | login.jmu.edu |
domtkaney.by
|
0 | hhojmcideegachlhfgfdhailpfhgknjm Failed |
domtkaney.by
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.jmu.edu |
login.jmu.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.jmu.edu InCommon RSA Server CA |
2020-01-13 - 2022-01-12 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://domtkaney.by/bx/jmu/
Frame ID: 36DB8F93BEC8D505ACF2A9FB3C2E6184
Requests: 14 HTTP requests in this frame
Screenshot
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Title: Help
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Title: Logout
Search URL Search Domain Scan URL
Title: Applicants - Forgot your Password?
Search URL Search Domain Scan URL
Title: Students/Faculty/Staff/Affiliates - Forgot your Password?
Search URL Search Domain Scan URL
Title: James Madison University Acceptable Use Policy
Search URL Search Domain Scan URL
Title: Accessibility
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
domtkaney.by/bx/jmu/ |
4 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
idm_uio.css
domtkaney.by/bx/jmu/index_files/ |
8 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
idm_mobile.css
domtkaney.by/bx/jmu/index_files/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js.download
domtkaney.by/bx/jmu/index_files/ |
86 KB 86 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
scripts.js.download
domtkaney.by/bx/jmu/index_files/ |
3 KB 3 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
idm.js.download
domtkaney.by/bx/jmu/index_files/ |
23 B 266 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loginpage.js.download
domtkaney.by/bx/jmu/index_files/ |
801 B 1 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.js
hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login_page.png
login.jmu.edu/images/headers/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
seal01002.png
login.jmu.edu/images/ |
41 KB 42 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
error.png
login.jmu.edu/images/silk/ |
666 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
exclamation.png
login.jmu.edu/images/silk/ |
701 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.cgi
domtkaney.by/cgi-bin/timecheck/ |
225 B 389 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
information.html
domtkaney.by/docs/ |
219 B 383 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- hhojmcideegachlhfgfdhailpfhgknjm
- URL
- chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery object| $error string| error0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
domtkaney.by
hhojmcideegachlhfgfdhailpfhgknjm
login.jmu.edu
hhojmcideegachlhfgfdhailpfhgknjm
134.126.6.131
178.124.139.58
011f4e33d86b448078a2bd56b7060770b2c079e86aad2b7298ab0db216758f34
0356f7129dcf6be92e698fc18590c7e301f444bb9212fc5b7fd686574422e415
03675e0468a49bd391f9a5884df58ae0733a0e1ab1c2b5933c35abf407dded93
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
16cc42f5d39f4e9580c1947a172c43c9dcd9821b80e647b01a05e4bed2960ebd
4f4d7fe1e003476ba160a85d9fa576c3d4130810e16d197ac3c6dfb633fca78f
51f7b654e570c811bd982327dba5521f35a86e512809358a0a591cc38d20a94e
83aad588384cfb4b51c90f90945698c1f484a85cdfc4995db05ab32fd16722d7
b53bf07a142bb44352453cba670432ce34df3abb4120259b5b667271449601ea
c68e02911e6cf2594fad10027d812e71927f9f376f8bb40269f97cb313afa549
c89b56c55b934b1f05ef01d47aa7169b5ca0322c37d1fcf62b067d660eb29f12
d8ac8d9fb11ec49917089987b2472be6cc9be470bb59fe952180a13dd223d174
f36f71a3d0e791bb7695901c0c4011e82c3d77b973f9b30d7c7bf9943f3ee29c