allparts.jo.by
Open in
urlscan Pro
80.94.225.42
Malicious Activity!
Public Scan
Submission Tags: phishing malicious Search All
Submission: On May 08 via api from JP
Summary
This is the only time allparts.jo.by was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: US Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
13 | 80.94.225.42 80.94.225.42 | 21305 (IPTEL-AS) (IPTEL-AS) | |
1 | 155.97.137.30 155.97.137.30 | 17055 (UTAH) (UTAH) | |
15 | 3 |
ASN17055 (UTAH, US)
PTR: www.umail.utah.edu
www.umail.utah.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
jo.by
allparts.jo.by |
58 KB |
1 |
utah.edu
www.umail.utah.edu |
532 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
15 | 3 |
Domain | Requested by | |
---|---|---|
13 | allparts.jo.by |
allparts.jo.by
|
1 | www.umail.utah.edu |
allparts.jo.by
|
0 | hhojmcideegachlhfgfdhailpfhgknjm Failed |
allparts.jo.by
|
15 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
uofu.service-now.com |
webtools.umail.utah.edu |
www.umail.utah.edu |
office.com |
www.it.utah.edu |
www.utah.edu |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.umail.utah.edu InCommon RSA Server CA |
2018-11-16 - 2020-11-15 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://allparts.jo.by/box/utah/index.html
Frame ID: 52864693050553DDB96D114C10F7A157
Requests: 15 HTTP requests in this frame
8 Outgoing links
These are links going to different origins than the main page.
Title: UMail Help
Search URL Search Domain Scan URL
Title: WebTools
Search URL Search Domain Scan URL
Title: What is this?
Search URL Search Domain Scan URL
Title: click here.
Search URL Search Domain Scan URL
Title: University Information Technology
Search URL Search Domain Scan URL
Title: The University of Utah
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.html
allparts.jo.by/box/utah/ |
67 KB 29 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logon.css
allparts.jo.by/box/utah/index_files/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
owafont.css
allparts.jo.by/box/utah/index_files/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
flogon.js.download
allparts.jo.by/box/utah/index_files/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopl.gif
allparts.jo.by/box/utah/index_files/ |
9 KB 9 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopr.gif
allparts.jo.by/box/utah/index_files/ |
738 B 976 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnexlogo.gif
allparts.jo.by/box/utah/index_files/ |
6 KB 6 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotl.gif
allparts.jo.by/box/utah/index_files/ |
180 B 417 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotr.gif
allparts.jo.by/box/utah/index_files/ |
76 B 312 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
index.js
hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
page-bg.gif
www.umail.utah.edu/owa/auth/2010resources/ |
47 B 532 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgntopm.gif
allparts.jo.by/owa/auth/2010resources/ |
0 180 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnleft.gif
allparts.jo.by/owa/auth/2010resources/ |
0 180 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lgnbotm.gif
allparts.jo.by/owa/auth/2010resources/ |
0 180 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
clm10
allparts.jo.by/ |
0 180 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- hhojmcideegachlhfgfdhailpfhgknjm
- URL
- chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: US Universities (Education)36 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| initLogon function| redir function| shw function| hd function| clkExp function| clkSec function| clkBsc function| clkLgn function| clkRtry function| clkReLgn function| gbid function| IsOwaPremiumBrowser function| hres function| LogoffMime function| addPerfMarker function| secureCookie function| isHttps function| clkSecExp function| kdSecExp function| checkSubmit number| a_fRC number| g_fFcs number| a_fLOff number| a_fCAC number| a_fEnbSMm function| IsMimeCtlInst function| RndMimeCtl function| RndMimeCtlHlpr number| NS_CSM_td number| NS_CSM_pd string| NS_CSM_u string| NS_CSM_an function| sendTimingInfoInit function| sendTimingInfo1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
allparts.jo.by/box/utah | Name: cookieTest Value: 1 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
allparts.jo.by
hhojmcideegachlhfgfdhailpfhgknjm
www.umail.utah.edu
hhojmcideegachlhfgfdhailpfhgknjm
155.97.137.30
80.94.225.42
082ec41ad08138ac984a5b04a99595c8b08b727d5c5582cdf8dd8409bac9f4a1
215d250a6028db2afb14ba5028f23493f042cee6fdd59f59e4deb10fd63b1060
24cd119d64e5c7bdb4d08ab2464daeca89d270f0b27f3d13f30394e8322a8de5
3c11c3147a6748095b23c5c6919d43670137a99b36a2832d5a26ce3ffd02742e
5a8a50bbfec3340a13879de71a5dbe889eca252ac9cfb523c6cea94f05b7b673
68735edb4b81bf80b20746699995d801b7d98941ed3a6e9eebe931fea734a6a3
bab4372565d9faf99e6aec22c54a095d5ced7d47e7a946692e9ae3b5e6d83ce2
d43b54099a9b1b387857da97e98ec0e3fb06c1476e17cd1839f1e87da5da7f9f
d9a847e157c07d64faa94862f40d5800f57f20addd3cf0d9fbf28fb06ea285d1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6b41c8774f6be10407c96c65e786f45a71343591ecf6d73acb6011124490c02