imatoku-medic.com
Open in
urlscan Pro
183.90.246.6
Malicious Activity!
Public Scan
Submission: On November 25 via manual from US — Scanned from JP
Summary
This is the only time imatoku-medic.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Community Verdicts: Malicious — 1 votes Show Verdicts
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 183.90.246.6 183.90.246.6 | 131965 (XSERVER X...) (XSERVER Xserver Inc.) | |
9 | 34.82.201.164 34.82.201.164 | 396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM) | |
1 | 2606:4700::68... 2606:4700::6811:180e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:5d8 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 34.253.18.46 34.253.18.46 | 16509 (AMAZON-02) (AMAZON-02) | |
13 | 5 |
ASN131965 (XSERVER Xserver Inc., JP)
PTR: sv1505.xserver.jp
imatoku-medic.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 164.201.82.34.bc.googleusercontent.com
login-assets.stanford.edu |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-18-46.eu-west-1.compute.amazonaws.com
rum-collector-2.pingdom.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
stanford.edu
login-assets.stanford.edu — Cisco Umbrella Rank: 582232 |
82 KB |
2 |
pingdom.net
rum-static.pingdom.net — Cisco Umbrella Rank: 6067 rum-collector-2.pingdom.net — Cisco Umbrella Rank: 5420 |
3 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223 |
6 KB |
1 |
imatoku-medic.com
imatoku-medic.com |
3 KB |
13 | 4 |
Domain | Requested by | |
---|---|---|
9 | login-assets.stanford.edu |
imatoku-medic.com
login-assets.stanford.edu |
1 | rum-collector-2.pingdom.net |
rum-static.pingdom.net
|
1 | rum-static.pingdom.net |
imatoku-medic.com
|
1 | cdnjs.cloudflare.com |
imatoku-medic.com
|
1 | imatoku-medic.com | |
13 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.stanford.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.stanford.edu InCommon RSA Server CA 2 |
2023-10-24 - 2024-10-23 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
pingdom.net Cloudflare Inc ECC CA-3 |
2023-10-14 - 2024-10-13 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://imatoku-medic.com/wp/wp2/stanford/
Frame ID: 7BE6D6F4A3C27C51674E57E251ACDCCA
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Stanford LoginDetected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
imatoku-medic.com/wp/wp2/stanford/ |
7 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-1.11.1.min.js
login-assets.stanford.edu/assets/js/ |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
login-assets.stanford.edu/assets/css/ |
118 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
su-identity.css
login-assets.stanford.edu/assets/css/ |
2 KB 1018 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/ |
30 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.js
login-assets.stanford.edu/assets/js/ |
5 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login.css
login-assets.stanford.edu/assets/css/ |
13 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
brandbar-stanford-logo@2x.png
login-assets.stanford.edu/assets/images/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-header@2x.png
login-assets.stanford.edu/assets/images/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer-stanford-logo@2x.png
login-assets.stanford.edu/assets/images/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pa-5bedd10fdb2aac001600008c.js
rum-static.pingdom.net/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rt-arrow.png
login-assets.stanford.edu/assets/images/ |
1 KB 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
beacon.gif
rum-collector-2.pingdom.net/img/ |
0 213 B |
XHR
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Malicious
page.url
Submitted on
November 25th 2023, 5:46:51 am
UTC —
From United States
Threats:
Phishing
Comment: This page is a visual copy of Stanford University's SSO login page.
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| showPasscode function| showBackupFull function| hideBackupFull function| sf function| createCookie function| readCookie function| eraseCookie function| StickyFooter function| removeSpaces object| jQuery11110276746682294034540 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
imatoku-medic.com
login-assets.stanford.edu
rum-collector-2.pingdom.net
rum-static.pingdom.net
183.90.246.6
2606:4700:10::ac43:5d8
2606:4700::6811:180e
34.253.18.46
34.82.201.164
0120e4058ba668bbcd8694b55354463cc6e4fadb1cafd7c74c62e5d06c596888
2da63444e21dc7eeaf585e02e70a228058b0df804b00ae54256a87b63ed58183
4bb0e4a92748086660926033d73361c096a62f418f3040c0aa964f471121804b
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
87981e8062814ca279922ee55276ad14bbdc29649f98e34b2d83c3afb5052a51
a8bb3e8cfa031076956e644ae0b2bbe7ffe75b7e29dfc800e6de273af87e66e0
af42d4284e0d2ca792f28f2881815b4a9e91744b8da8a6be50472aefa2da5bb5
dd150b70b15fe81abffa83f87532feb19f58075f7e9a7e06dd04e77470f8bd1e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c4621aaa91d1378aaa10814f327ae6781afa59acb2586783e1aaf0f94269c2
e4f7f7d463fc8649d9e4a738d2f5166186489d497422bd8d14774ce5d3c92e2d
f7370753a9b05d5c9c59d3c0d2de426bb356344acfac07689d2bb4d8974a2ac5