urlscan.io logo urlscan.io
SecurityTrails logo

myjobmytown.com Open in urlscan Pro
68.66.216.56  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mail.architekfoundation.org/wp-includes/IXR/
Effective URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Submission: On February 17 via manual from BY
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 7 HTTP transactions. The main IP is 68.66.216.56, located in United States and belongs to A2HOSTING, US. The main domain is myjobmytown.com.
TLS certificate: Issued by R3 on December 24th 2020. Valid for: 3 months.
This is the only time myjobmytown.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Blockchain (Crypto Exchange)

Domain & IP information

IP Address AS Autonomous System
1 1 198.12.209.53 398101 (GO-DADDY-...)
1 7 68.66.216.56 55293 (A2HOSTING)
1 2606:4700::68... 13335 (CLOUDFLAR...)
7 2
Apex Domain
Subdomains		 Transfer
7 myjobmytown.com
myjobmytown.com
344 KB
1 cloudflare.com
cdnjs.cloudflare.com
5 KB
1 architekfoundation.org
mail.architekfoundation.org
164 B
7 3
Domain Requested by
7 myjobmytown.com 1 redirects myjobmytown.com
1 cdnjs.cloudflare.com myjobmytown.com
1 mail.architekfoundation.org 1 redirects
7 3

This site contains no links.

Subject Issuer Validity Valid
www.myjobmytown.com
R3		 2020-12-24 -
2021-03-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-10-21 -
2021-10-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Frame ID: E60331A790305F7711D6BAA585EEA737
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://mail.architekfoundation.org/wp-includes/IXR/ HTTP 302
    https://myjobmytown.com/wp-includes/IXR/wp-form/?id=block HTTP 302
    https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

7
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

348 kB
Transfer

435 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mail.architekfoundation.org/wp-includes/IXR/ HTTP 302
    https://myjobmytown.com/wp-includes/IXR/wp-form/?id=block HTTP 302
    https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
myjobmytown.com/wp-includes/IXR/wp-form/Auth/
Redirect Chain
  • https://mail.architekfoundation.org/wp-includes/IXR/
  • https://myjobmytown.com/wp-includes/IXR/wp-form/?id=block
  • https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache / PHP/7.0.33
Resource Hash
d23dade784b6620ba6634f7b762b5626f2805ccd1935f3556778c027fb2b203d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

:method
GET
:authority
myjobmytown.com
:scheme
https
:path
/wp-includes/IXR/wp-form/Auth/index.php?/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=9ggovjgn1upl3elbbcf438un56
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
server
Apache
x-powered-by
PHP/7.0.33
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
strict-transport-security
max-age=63072000; includeSubDomains
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
vary
Accept-Encoding
content-encoding
gzip
content-length
2563
content-type
text/html; charset=UTF-8

Redirect headers

date
Wed, 17 Feb 2021 13:18:57 GMT
server
Apache
x-powered-by
PHP/7.0.33
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=9ggovjgn1upl3elbbcf438un56; path=/
strict-transport-security
max-age=63072000; includeSubDomains
x-frame-options
SAMEORIGIN
x-content-type-options
nosniff
location
./Auth/index.php?/#/login
content-length
0
content-type
text/html; charset=UTF-8
block.css
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/css/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/css/block.css
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache /
Resource Hash
e581ddb20d1c2ff3eb29a16d922a25d42a2d8f2973b248d61b4c4a59d5ec09f4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 16 Feb 2021 03:00:56 GMT
server
Apache
etag
"3c4a76-3d94-5bb6b4faa2a00-gzip"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=604800, public
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
vary
Accept-Encoding
content-length
2419
bc-logo.svg
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/bc-logo.svg
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache /
Resource Hash
a6fdd6df66992c94ee619a7d602b16fcd06ae091df353643df482b89883062fb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Feb 2021 23:03:08 GMT
server
Apache
etag
"3c4a7a-1885-5bb67fd39c300"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
6277
2.png
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ 		271 B
399 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/2.png
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache /
Resource Hash
58a94e066ac4b72de8350b81186f8016ceddf66000fdbe1521b88b50c31ae501
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 15 Feb 2021 23:45:36 GMT
server
Apache
etag
"3c4a78-10f-5bb6895192800-gzip"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=604800, public
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
vary
Accept-Encoding
content-length
288
jquery.min.js
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/js/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/js/jquery.min.js
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache /
Resource Hash
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 01 Apr 2019 15:39:50 GMT
server
Apache
etag
"3c4a80-1538f-58579d4b93d80-gzip"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=604800, public
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
vary
Accept-Encoding
content-length
30309
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/ 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.10/jquery.mask.js
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be483938eb34538b970684f72e312f62652e84b42b7ad86953962d1ce2217c44
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/index.php?/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1959175
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
4517
cf-request-id
0851bde32d00000eb34a9d0000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 16:11:47 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb03ec3-4e98"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=4hK%2B9vVbZH%2BHJj2vuIpVZYxBgxZJ%2BZLIpmZwGimQ9Nn%2BEjBPumCId7rlbKahkeb3kuM2ali5D4Mc19Ft5Ls4LV9ZWCRLdbdUNJFyFU3tTA%2BdZzJQam%2BdibX5goZACP1r1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
622fcc1848b70eb3-FRA
expires
Mon, 07 Feb 2022 13:18:57 GMT
bg-pattern.svg
myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/ 		300 KB
302 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/img/bg-pattern.svg
Requested by
Host: myjobmytown.com
URL: https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/css/block.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
68.66.216.56 , United States, ASN55293 (A2HOSTING, US),
Reverse DNS
mi3-sr12.supercp.com
Software
Apache /
Resource Hash
2ba246c1d89fb2707ed8f1168ca7e7fc8a98c86242115fd71d1967e8d45a0802
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://myjobmytown.com/wp-includes/IXR/wp-form/Auth/Lib/css/block.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 17 Feb 2021 13:18:57 GMT
x-content-type-options
nosniff
last-modified
Mon, 15 Feb 2021 22:45:38 GMT
server
Apache
etag
"3c4a7b-4af6b-5bb67bea40880"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
strict-transport-security
max-age=63072000; includeSubDomains
accept-ranges
bytes
content-length
307051

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Blockchain (Crypto Exchange)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
myjobmytown.com/ Name: PHPSESSID
Value: 9ggovjgn1upl3elbbcf438un56

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN