ottermedicine.com
Open in
urlscan Pro
162.144.6.146
Malicious Activity!
Public Scan
Submission: On October 25 via manual from US
Summary
This is the only time ottermedicine.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education) University of Iowa (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
8 | 162.144.6.146 162.144.6.146 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
2 | 209.197.3.7 209.197.3.7 | 20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group) | |
3 | 2a00:1450:400... 2a00:1450:4001:820::200e | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
7 | 209.126.103.139 209.126.103.139 | 30083 (HEG-US) (HEG-US - HEG US Inc.) | |
2 | 2a00:1450:400... 2a00:1450:4001:819::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
36 | 6 |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: gator3133.hostgator.com
ottermedicine.com |
ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x007.map2.ssl.hwcdn.net
e2b8u3v8.map2.ssl.hwcdn.net |
ASN30083 (HEG-US - HEG US Inc., US)
PTR: condor2710.startdedicated.com
srv1.clk-analytics.com | |
king.contentssl.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ottermedicine.com
ottermedicine.com |
131 KB |
6 |
contentssl.com
king.contentssl.com |
1 KB |
3 |
google-analytics.com
www.google-analytics.com |
34 KB |
2 |
googleapis.com
ajax.googleapis.com |
31 KB |
2 |
hwcdn.net
e2b8u3v8.map2.ssl.hwcdn.net |
30 KB |
1 |
clk-analytics.com
srv1.clk-analytics.com |
2 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
36 | 7 |
Domain | Requested by | |
---|---|---|
8 | ottermedicine.com |
ottermedicine.com
|
6 | king.contentssl.com |
srv1.clk-analytics.com
|
3 | www.google-analytics.com |
ottermedicine.com
e2b8u3v8.map2.ssl.hwcdn.net |
2 | ajax.googleapis.com |
ottermedicine.com
|
2 | e2b8u3v8.map2.ssl.hwcdn.net |
ottermedicine.com
|
1 | srv1.clk-analytics.com |
ottermedicine.com
|
0 | cipmepknanmbbaneimacddfemfbfgpgo Failed |
ottermedicine.com
|
36 | 7 |
This site contains links to these domains. Also see Links.
Domain |
---|
apps.its.uiowa.edu |
myui.uiowa.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.map2.ssl.hwcdn.net COMODO RSA Domain Validation Secure Server CA |
2018-04-10 - 2020-04-09 |
2 years | crt.sh |
*.google-analytics.com Google Internet Authority G3 |
2018-10-09 - 2019-01-01 |
3 months | crt.sh |
srv1.clk-analytics.com Let's Encrypt Authority X3 |
2018-10-08 - 2019-01-06 |
3 months | crt.sh |
*.googleapis.com Google Internet Authority G3 |
2018-10-09 - 2019-01-01 |
3 months | crt.sh |
king.contentssl.com Let's Encrypt Authority X3 |
2018-07-14 - 2018-10-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://ottermedicine.com/shabe/uiowa/HawkID.htm
Frame ID: BCE9A0F9EF6309F1824A83075DD50178
Requests: 36 HTTP requests in this frame
Screenshot
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Google Analytics (Analytics) Expand
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
- env /^gaGlobal$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Twitter Bootstrap () Expand
Detected patterns
- html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: Forgot your HawkID password?
Search URL Search Domain Scan URL
Title: Click here for the guest login page
Search URL Search Domain Scan URL
Title: Courses
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: News & Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 19- http://www.google-analytics.com/ga.js HTTP 307
- https://www.google-analytics.com/ga.js
- http://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~ HTTP 307
- https://www.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=674076763&utmhn=ottermedicine.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=HawkID%20Login%20for%20myUI&utmhid=932022064&utmr=-&utmp=%2Fshabe%2Fuiowa%2FHawkID.htm&utmht=1540486622046&utmac=UA-21427431-1&utmcc=__utma%3D122534485.1375775657.1540486622.1540486622.1540486622.1%3B%2B__utmz%3D122534485.1540486622.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=864503748&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
36 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
HawkID.htm
ottermedicine.com/shabe/uiowa/ |
14 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
ottermedicine.com/shabe/uiowa/HawkID_files/ |
97 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
simple-login.css
ottermedicine.com/shabe/uiowa/HawkID_files/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ga.js.download
ottermedicine.com/shabe/uiowa/HawkID_files/ |
45 KB 19 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb9e66ea-4707-4278-8469-574fc4263123.js.download
ottermedicine.com/shabe/uiowa/HawkID_files/ |
35 KB 18 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js.download
ottermedicine.com/shabe/uiowa/HawkID_files/ |
84 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jz6rmF.js.download
ottermedicine.com/shabe/uiowa/HawkID_files/ |
35 KB 15 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
uiowa-dome.png
ottermedicine.com/shabe/uiowa/HawkID_files/ |
18 KB 19 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
web-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
video-search-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
google-images-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
google-translate-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
wikipedia-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
facebook-share-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
twitter-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pinterest-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
google-plus-center-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
linkedin-content.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fb9e66ea-4707-4278-8469-574fc4263123.js
e2b8u3v8.map2.ssl.hwcdn.net/s/ |
34 KB 16 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
ga.js
www.google-analytics.com/ Redirect Chain
|
45 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
srv1.clk-analytics.com/i/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dropToSearchHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
dropToShareHint.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
btn_settings.png
cipmepknanmbbaneimacddfemfbfgpgo/images/content/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
openxtag.js
ajax.googleapis.com/ajax/libs/ |
2 KB 2 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
__utm.gif
www.google-analytics.com/r/ Redirect Chain
|
35 B 111 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jz6rmF.js
e2b8u3v8.map2.ssl.hwcdn.net/k/709010/12c/ |
35 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
analytics.js
www.google-analytics.com/ |
42 KB 17 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats.php
king.contentssl.com/f/ |
5 B 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats.php
king.contentssl.com/f/ |
5 B 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
stats.php
king.contentssl.com/f/ |
5 B 271 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
speed.php
king.contentssl.com/f/ |
0 198 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
speed.php
king.contentssl.com/f/ |
0 198 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
speed.php
king.contentssl.com/f/ |
0 198 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/web-search-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/video-search-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-images-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-translate-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/wikipedia-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/facebook-share-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/twitter-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/pinterest-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/google-plus-center-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/providers/linkedin-content.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToSearchHint.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/dropToShareHint.png
- Domain
- cipmepknanmbbaneimacddfemfbfgpgo
- URL
- chrome-extension://cipmepknanmbbaneimacddfemfbfgpgo/images/content/btn_settings.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education) University of Iowa (Education)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| amplS object| _gaq number| f81wPVTO object| QXRt undefined| focusControl object| _gat object| gaGlobal string| GoogleAnalyticsObject function| ga function| $ function| jQuery function| beFg object| google_tag_data object| gaplugins object| sa object| S0s37 object| b6s87 object| W4I17 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.ottermedicine.com/ | Name: _gid Value: GA1.2.564355811.1540486622 |
|
.ottermedicine.com/ | Name: _ga Value: GA1.2.1375775657.1540486622 |
|
.ottermedicine.com/ | Name: __utma Value: 122534485.1375775657.1540486622.1540486622.1540486622.1 |
|
.ottermedicine.com/ | Name: __utmz Value: 122534485.1540486622.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none) |
|
.ottermedicine.com/ | Name: __utmb Value: 122534485.1.10.1540486622 |
|
.ottermedicine.com/ | Name: __utmt Value: 1 |
|
.ottermedicine.com/ | Name: __utmc Value: 122534485 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cipmepknanmbbaneimacddfemfbfgpgo
e2b8u3v8.map2.ssl.hwcdn.net
king.contentssl.com
ottermedicine.com
srv1.clk-analytics.com
www.google-analytics.com
cipmepknanmbbaneimacddfemfbfgpgo
162.144.6.146
209.126.103.139
209.197.3.7
2a00:1450:4001:819::200a
2a00:1450:4001:820::200e
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
23436568dc11cdeaa51ac4bcaf83529fb196d8fd5e9e1e423b5d7c808adf0556
24e59526b5fc9816d6e16a670bf9603b1c01ecff1b432926cc3cd72eefaf502c
46a2de362f54e3c988cc8c9fbf68fe12018c8ae42fe11509a747f52f17834466
476981d3a31a5348ff22f410c2c65ef9960c2cff9f9fa64f5749d05aa4e597b4
5790171db3ebcf4215667322c8fda796f3157b872b53d45bf153cca7aa1d75bc
7c2c58fc24e2d3458b88680cfad4577011697df9a1406808f2f7d8f46060d8a7
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
890ef9703f755eece6a9f2a3b221911989cb142d32a4ee61fcb4ff3bbe5e89c4
8cb05b675fe6419a9e91eb587c60902c7ed1cb6c42b8cff8ce404ef89f635cde
97f454e8dd422e2597ec098c1dfd5f13fc9fa19fa7467110e6ca66e34a56b0b1
aa99efb299ea82cf5f741a65d1949694a2a6353c7ebc7a8a54b52857061a56f0
ab7821d6322bc15b1a3d40209a610a91f06fa1f4728f68190edf9ae6a91f001d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e73ec758c4da39298816c8e87058029d84beb14bd29d502d4f72af110f869bd7
fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa