myaccount.library.ualberta.rrnn.me

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. The main IP is 2606:4700:3034::681b:90c9, located in United States and belongs to CLOUDFLARENET, US. The main domain is myaccount.library.ualberta.rrnn.me.

This is the only time myaccount.library.ualberta.rrnn.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Canadian Universities (Education)

Domain & IP information

	IP Address		AS Autonomous System
1	2606:4700:303... 2606:4700:3034::681b:90c9		13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2

1 2606:4700:3034::681b:90c9 (United States)

ASN13335 (CLOUDFLARENET, US)

myaccount.library.ualberta.rrnn.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	rrnn.me myaccount.library.ualberta.rrnn.me	221 KB
1	1

	Domain	Requested by
1	myaccount.library.ualberta.rrnn.me
1	1

This site contains links to these domains. Also see Links.

Domain
webapps.srv.ualberta.ca
onecard.ualberta.ca
www.beartracks.ualberta.ca
www.campusmap.ualberta.ca
apps.ualberta.ca
eclass.srv.ualberta.ca
www.library.ualberta.ca
ualberta.ca
ist.ualberta.ca

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/
Frame ID: F6019BB24E5A8E389320562A92203816
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

1
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

439 kB
Transfer

713 kB
Size

1
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: http://webapps.srv.ualberta.ca/search/
Title: Find a Person

Search URL Search Domain Scan URL

URL: http://onecard.ualberta.ca/
Title: ONEcard

Search URL Search Domain Scan URL

URL: https://www.beartracks.ualberta.ca/
Title: Bear Tracks

Search URL Search Domain Scan URL

URL: http://www.campusmap.ualberta.ca/
Title: Maps

Search URL Search Domain Scan URL

URL: http://apps.ualberta.ca/
Title: Email & Apps

Search URL Search Domain Scan URL

URL: https://eclass.srv.ualberta.ca/portal/
Title: eClass

Search URL Search Domain Scan URL

URL: http://www.library.ualberta.ca/
Title: Libraries

Search URL Search Domain Scan URL

URL: https://ualberta.ca/
Title:

Search URL Search Domain Scan URL

URL: https://ist.ualberta.ca/content/reset-forgotten-password
Title: Forgot your password?

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request Cookie set / Show response myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/	476 KB 221 KB	129ms 55ms	Document text/html	2606:4700:3034::681b:90c9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/ Protocol HTTP/1.1 Server 2606:4700:3034::681b:90c9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11e82f2929e896bc35bce2b996bcac944376347f570079663e8a72b53ffe42ee` Request headers Host myaccount.library.ualberta.rrnn.me Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Mon, 13 Jul 2020 21:37:00 GMT Content-Type text/html Transfer-Encoding chunked Connection keep-alive Set-Cookie __cfduid=d2f38c51da347ef2298292ebea2816f0d1594676220; expires=Wed, 12-Aug-20 21:37:00 GMT; path=/; domain=.rrnn.me; HttpOnly; SameSite=Lax Last-Modified Sat, 14 Mar 2020 07:44:44 GMT Vary Accept-Encoding CF-Cache-Status DYNAMIC cf-request-id 03ebb52b750000dfcf75b7c200000001 Server cloudflare CF-RAY 5b26248bed76dfcf-FRA Content-Encoding gzip
GET DATA	200 OK	truncated /	13 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `504d4ce11ce7372b45e90f64333c8310fe3decba1d9ea09506c34c9f3bdbe66a` Request headers Referer http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	5 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `13557d8adf92c3f5b0af882fc76da11319a1ad4d86b93becbd5a59fe9238f661` Request headers Referer http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	108 KB 108 KB		Font font/otf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `a076ba1c715379378d6678bef2d726b5ef7850e6a680b0f55faa4c391311d550` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/ Origin http://myaccount.library.ualberta.rrnn.me Response headers Content-Type font/otf
GET DATA	200 OK	truncated /	111 KB 111 KB		Font font/otf
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `4133cc460a171be31a9d2f119965a7d8954f659e3f2135c3ff4735364d8d7c4b` Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer http://myaccount.library.ualberta.rrnn.me/login2idAAQkAWJmLWMyYTMZfg8aTU8DliNmU2TUDM0NwAQAFnOS04OIszkfS2kwqV1MTgtNDRi2ZmQ44NDg3LN823D/ Origin http://myaccount.library.ualberta.rrnn.me Response headers Content-Type font/otf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Universities (Education)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.rrnn.me/	1970-01-19 11:41:08	Name: __cfduid Value: d2f38c51da347ef2298292ebea2816f0d1594676220

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

myaccount.library.ualberta.rrnn.me
2606:4700:3034::681b:90c9
11e82f2929e896bc35bce2b996bcac944376347f570079663e8a72b53ffe42ee
13557d8adf92c3f5b0af882fc76da11319a1ad4d86b93becbd5a59fe9238f661
4133cc460a171be31a9d2f119965a7d8954f659e3f2135c3ff4735364d8d7c4b
504d4ce11ce7372b45e90f64333c8310fe3decba1d9ea09506c34c9f3bdbe66a
a076ba1c715379378d6678bef2d726b5ef7850e6a680b0f55faa4c391311d550

myaccount.library.ualberta.rrnn.me Open in urlscan Pro 2606:4700:3034::681b:90c9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

1 Requests

0 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

2 IPs

1 Countries

439 kBTransfer

713 kBSize

1 Cookies

9 Outgoing links

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

1 Cookies

Indicators

myaccount.library.ualberta.rrnn.me Open in urlscan Pro
2606:4700:3034::681b:90c9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

439 kB
Transfer

713 kB
Size

1
Cookies

1 HTTP transactions
4 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!