URL: http://allparts.jo.by/box/utah/index.html
Submission Tags: phishing malicious Search All
Submission: On May 08 via api from JP

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 15 HTTP transactions. The main IP is 80.94.225.42, located in Belarus and belongs to IPTEL-AS, BY. The main domain is allparts.jo.by.
This is the only time allparts.jo.by was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: US Universities (Education)

Domain & IP information

IP Address AS Autonomous System
13 80.94.225.42 21305 (IPTEL-AS)
1 155.97.137.30 17055 (UTAH)
15 3
Apex Domain
Subdomains
Transfer
13 jo.by
allparts.jo.by
58 KB
1 utah.edu
www.umail.utah.edu
532 B
0 Failed
function sub() { [native code] }. Failed
15 3
Domain Requested by
13 allparts.jo.by allparts.jo.by
1 www.umail.utah.edu allparts.jo.by
0 hhojmcideegachlhfgfdhailpfhgknjm Failed allparts.jo.by
15 3
Subject Issuer Validity Valid
www.umail.utah.edu
InCommon RSA Server CA
2018-11-16 -
2020-11-15
2 years crt.sh

This page contains 1 frames:

Primary Page: http://allparts.jo.by/box/utah/index.html
Frame ID: 52864693050553DDB96D114C10F7A157
Requests: 15 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

15
Requests

7 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

58 kB
Transfer

96 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.html
allparts.jo.by/box/utah/
67 KB
29 KB
Document
General
Full URL
http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
24cd119d64e5c7bdb4d08ab2464daeca89d270f0b27f3d13f30394e8322a8de5

Request headers

Host
allparts.jo.by
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server
nginx/1.16.0
Date
Fri, 08 May 2020 17:09:24 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Host,Accept-Encoding
Content-Encoding
gzip
logon.css
allparts.jo.by/box/utah/index_files/
3 KB
4 KB
Stylesheet
General
Full URL
http://allparts.jo.by/box/utah/index_files/logon.css
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
e6b41c8774f6be10407c96c65e786f45a71343591ecf6d73acb6011124490c02

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-d2f"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3375
owafont.css
allparts.jo.by/box/utah/index_files/
5 KB
5 KB
Stylesheet
General
Full URL
http://allparts.jo.by/box/utah/index_files/owafont.css
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-12d6"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4822
flogon.js.download
allparts.jo.by/box/utah/index_files/
4 KB
2 KB
Script
General
Full URL
http://allparts.jo.by/box/utah/index_files/flogon.js.download
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Content-Encoding
gzip
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"97d4d6-10c8-5a3dfa41dbc80-gzip"
Vary
Host,Accept-Encoding
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1685
lgntopl.gif
allparts.jo.by/box/utah/index_files/
9 KB
9 KB
Image
General
Full URL
http://allparts.jo.by/box/utah/index_files/lgntopl.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
d9a847e157c07d64faa94862f40d5800f57f20addd3cf0d9fbf28fb06ea285d1

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-2503"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
9475
lgntopr.gif
allparts.jo.by/box/utah/index_files/
738 B
976 B
Image
General
Full URL
http://allparts.jo.by/box/utah/index_files/lgntopr.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
082ec41ad08138ac984a5b04a99595c8b08b727d5c5582cdf8dd8409bac9f4a1

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-2e2"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
738
lgnexlogo.gif
allparts.jo.by/box/utah/index_files/
6 KB
6 KB
Image
General
Full URL
http://allparts.jo.by/box/utah/index_files/lgnexlogo.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
3c11c3147a6748095b23c5c6919d43670137a99b36a2832d5a26ce3ffd02742e

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-189d"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6301
lgnbotl.gif
allparts.jo.by/box/utah/index_files/
180 B
417 B
Image
General
Full URL
http://allparts.jo.by/box/utah/index_files/lgnbotl.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
d43b54099a9b1b387857da97e98ec0e3fb06c1476e17cd1839f1e87da5da7f9f

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-b4"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
180
lgnbotr.gif
allparts.jo.by/box/utah/index_files/
76 B
312 B
Image
General
Full URL
http://allparts.jo.by/box/utah/index_files/lgnbotr.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
68735edb4b81bf80b20746699995d801b7d98941ed3a6e9eebe931fea734a6a3

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Last-Modified
Wed, 22 Apr 2020 11:43:30 GMT
Server
nginx/1.16.0
ETag
"5ea02de2-4c"
Content-Type
image/gif
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
76
index.js
hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/
0
0

page-bg.gif
www.umail.utah.edu/owa/auth/2010resources/
47 B
532 B
Image
General
Full URL
https://www.umail.utah.edu/owa/auth/2010resources/page-bg.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
155.97.137.30 Salt Lake City, United States, ASN17055 (UTAH, US),
Reverse DNS
www.umail.utah.edu
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
bab4372565d9faf99e6aec22c54a095d5ced7d47e7a946692e9ae3b5e6d83ce2

Request headers

Referer
http://allparts.jo.by/box/utah/index_files/logon.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

request-id
b93be47b-4bfd-418d-9bb9-5f3736b9c4bd
Date
Fri, 08 May 2020 17:09:23 GMT
Last-Modified
Thu, 15 Sep 2011 17:18:54 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"f2b0968bcb73cc1:0"
Content-Type
image/gif
Cache-Control
public,max-age=2592000
Accept-Ranges
bytes
Content-Length
47
lgntopm.gif
allparts.jo.by/owa/auth/2010resources/
0
180 B
Image
General
Full URL
http://allparts.jo.by/owa/auth/2010resources/lgntopm.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Server
nginx/1.16.0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
lgnleft.gif
allparts.jo.by/owa/auth/2010resources/
0
180 B
Image
General
Full URL
http://allparts.jo.by/owa/auth/2010resources/lgnleft.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Server
nginx/1.16.0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
lgnbotm.gif
allparts.jo.by/owa/auth/2010resources/
0
180 B
Image
General
Full URL
http://allparts.jo.by/owa/auth/2010resources/lgnbotm.gif
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 08 May 2020 17:09:24 GMT
Server
nginx/1.16.0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8
clm10
allparts.jo.by/
0
180 B
XHR
General
Full URL
http://allparts.jo.by/clm10
Requested by
Host: allparts.jo.by
URL: http://allparts.jo.by/box/utah/index.html
Protocol
HTTP/1.1
Server
80.94.225.42 , Belarus, ASN21305 (IPTEL-AS, BY),
Reverse DNS
mail.hosting.iptel.by
Software
nginx/1.16.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
http://allparts.jo.by/box/utah/index.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Fri, 08 May 2020 17:09:25 GMT
Server
nginx/1.16.0
Connection
keep-alive
Content-Length
0
Content-Type
text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
hhojmcideegachlhfgfdhailpfhgknjm
URL
chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: US Universities (Education)

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps function| clkSecExp function| kdSecExp function| checkSubmit number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr number| NS_CSM_td number| NS_CSM_pd string| NS_CSM_u string| NS_CSM_an function| sendTimingInfoInit function| sendTimingInfo

1 Cookies

Domain/Path Name / Value
allparts.jo.by/box/utah Name: cookieTest
Value: 1