myjobmytown.com
Open in
urlscan Pro
68.66.216.56
Malicious Activity!
Public Scan
Effective URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Submission: On February 17 via manual from BY
Summary
TLS certificate: Issued by R3 on December 24th 2020. Valid for: 3 months.
This is the only time myjobmytown.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Blockchain (Crypto Exchange)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 198.12.209.53 198.12.209.53 | 398101 (GO-DADDY-...) (GO-DADDY-COM-LLC) | |
1 7 | 68.66.216.56 68.66.216.56 | 55293 (A2HOSTING) (A2HOSTING) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
7 | 2 |
ASN398101 (GO-DADDY-COM-LLC, US)
PTR: ip-198-12-209-53.ip.secureserver.net
mail.architekfoundation.org |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
myjobmytown.com
1 redirects
myjobmytown.com |
344 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
5 KB |
1 |
architekfoundation.org
1 redirects
mail.architekfoundation.org |
164 B |
7 | 3 |
Domain | Requested by | |
---|---|---|
7 | myjobmytown.com |
1 redirects
myjobmytown.com
|
1 | cdnjs.cloudflare.com |
myjobmytown.com
|
1 | mail.architekfoundation.org | 1 redirects |
7 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.myjobmytown.com R3 |
2020-12-24 - 2021-03-24 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Frame ID: E60331A790305F7711D6BAA585EEA737
Requests: 7 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://mail.architekfoundation.org/wp-includes/IXR/
HTTP 302
https://myjobmytown.com/wp-includes/IXR/wp-form/?id=block HTTP 302
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mail.architekfoundation.org/wp-includes/IXR/
HTTP 302
https://myjobmytown.com/wp-includes/IXR/wp-form/?id=block HTTP 302
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.php
myjobmytown.com/wp-includes/IXR/wp-form/Auth/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
block.css
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/css/ |
15 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bc-logo.svg
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ |
6 KB 6 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2.png
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ |
271 B 399 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/js/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ |
20 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bg-pattern.svg
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ |
300 KB 302 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Blockchain (Crypto Exchange)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
myjobmytown.com/ | Name: PHPSESSID Value: 9ggovjgn1upl3elbbcf438un56 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=63072000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
mail.architekfoundation.org
myjobmytown.com
198.12.209.53
2606:4700::6810:135e
68.66.216.56
2ba246c1d89fb2707ed8f1168ca7e7fc8a98c86242115fd71d1967e8d45a0802
58a94e066ac4b72de8350b81186f8016ceddf66000fdbe1521b88b50c31ae501
a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
d23dade784b6620ba6634f7b762b5626f2805ccd1935f3556778c027fb2b203d
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
e581ddb20d1c2ff3eb29a16d922a25d42a2d8f2973b248d61b4c4a59d5ec09f4