web.northeastern.edu Open in urlscan Pro
155.33.17.138 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www-mock.gesedna.net/dvladlvldaslll1111.html
Effective URL:
https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS
Submission: On December 19 via manual (December 19th 2023, 10:48:59 pm UTC) from GB — Scanned from GB

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 12 HTTP transactions. The main IP is 155.33.17.138, located in United States and belongs to NORTHEASTERN-GW-AS, US. The main domain is web.northeastern.edu.
TLS certificate: Issued by InCommon RSA Server CA on June 20th 2023. Valid for: a year.

This is the only time web.northeastern.edu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UK Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	81.70.252.169 81.70.252.169	45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited)
9	155.33.17.138 155.33.17.138	156 (NORTHEAST...) (NORTHEASTERN-GW-AS)
1	2606:4700:20:... 2606:4700:20::ac43:4739	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::ac43:88d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	5

1 81.70.252.169 (China)

ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)

www-mock.gesedna.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 155.33.17.138 (United States)

ASN156 (NORTHEASTERN-GW-AS, US)
PTR: web.northeastern.edu

web.northeastern.edu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::ac43:4739 (United States)

ASN13335 (CLOUDFLARENET, US)

waust.at	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::ac43:88d (United States)

ASN13335 (CLOUDFLARENET, US)

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	northeastern.edu web.northeastern.edu	482 KB
1	amung.us whos.amung.us — Cisco Umbrella Rank: 17707	183 B
1	waust.at waust.at — Cisco Umbrella Rank: 43427	4 KB
1	gesedna.net www-mock.gesedna.net	344 B
12	4

	Domain	Requested by
9	web.northeastern.edu	web.northeastern.edu
1	whos.amung.us	waust.at
1	waust.at	web.northeastern.edu
1	www-mock.gesedna.net
12	4

This site contains no links.

Subject Issuer	Validity	Valid
*.gesedna.net TrustAsia RSA DV TLS CA G2	`2023-04-04` - `2024-05-03`	a year	crt.sh
web.northeastern.edu InCommon RSA Server CA	`2023-06-20` - `2024-06-19`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-06-04` - `2024-06-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS
Frame ID: EBD1D1F7CA5F4ECD1A08F118295D4AA0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Update DVLA - GOV.UK Verify - GOV.UK

Page URL History Show full URLs

https://www-mock.gesedna.net/dvladlvldaslll1111.html Page URL
https://web.northeastern.edu/nanoenergy/dl/ Page URL
https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwO... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

GOV.UK Frontend (UI frameworks) Expand

Overall confidence: 80%
Detected patterns

<body[^>]+govuk-template__body

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

486 kB
Transfer

487 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www-mock.gesedna.net/dvladlvldaslll1111.html Page URL
https://web.northeastern.edu/nanoenergy/dl/ Page URL
https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	dvladlvldaslll1111.html Show response www-mock.gesedna.net/	107 B 344 B	1163ms 180ms	Document text/html	81.70.252.169 TENCENT-NET-AP Sh...
General Check archive.org Show headers Download Go to Full URL https://www-mock.gesedna.net/dvladlvldaslll1111.html Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 81.70.252.169 , China, ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN), Reverse DNS Software nginx/1.20.2 / Resource Hash `ad64bb388445381ff0790a4c9d43b06dd63bee9678e23c026858a4b895651677` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Accept-Ranges bytes Connection keep-alive Content-Length 107 Content-Type text/html Date Tue, 19 Dec 2023 22:48:54 GMT ETag "6581fe90-6b" Last-Modified Tue, 19 Dec 2023 20:35:28 GMT Server nginx/1.20.2
GET H/1.1	200 OK	/ web.northeastern.edu/nanoenergy/dl/	202 B 854 B	566ms 240ms	Document text/html	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Full URL https://web.northeastern.edu/nanoenergy/dl/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / PHP/5.6.40 Resource Hash Request headers Referer https://www-mock.gesedna.net/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 19 Dec 2023 22:48:56 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=15, max=500 Pragma no-cache Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 Transfer-Encoding chunked X-Powered-By PHP/5.6.40
GET H/1.1	200 OK	Primary Request rstontova.php Show response web.northeastern.edu/nanoenergy/dl/	12 KB 13 KB	146ms 145ms	Document text/html	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Full URL https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / PHP/5.6.40 Resource Hash `ffc2ac89e51616d60c0b0012efe35e63306b239cdb079e761142eabff66c7c73` Request headers Referer https://web.northeastern.edu/nanoenergy/dl/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers Access-Control-Allow-Origin * Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Tue, 19 Dec 2023 22:48:56 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Keep-Alive timeout=15, max=499 Pragma no-cache Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 Transfer-Encoding chunked X-Powered-By PHP/5.6.40
GET H/1.1	200 OK	main.css web.northeastern.edu/nanoenergy/dl/guess/	138 KB 138 KB	107ms 106ms	Stylesheet text/css	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Full URL https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:56 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "2260a-60cdb984cc4ef" Content-Type text/css Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=498 Content-Length 140810
GET H/1.1	200 OK	vertical.png web.northeastern.edu/nanoenergy/dl/guess/	245 KB 245 KB	305ms 109ms	Image image/png	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Show image Full URL https://web.northeastern.edu/nanoenergy/dl/guess/vertical.png Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:56 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "3d318-60cdb984e0d11" Content-Type image/png Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=500 Content-Length 250648
GET H/1.1	200 OK	horizontal.png web.northeastern.edu/nanoenergy/dl/guess/	5 KB 5 KB	303ms 107ms	Image image/png	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Show image Full URL https://web.northeastern.edu/nanoenergy/dl/guess/horizontal.png Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:56 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "12e0-60cdb984c9227" Content-Type image/png Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=500 Content-Length 4832
GET H/1.1	200 OK	black.png web.northeastern.edu/nanoenergy/dl/guess/	11 KB 12 KB	303ms 108ms	Image image/png	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Show image Full URL https://web.northeastern.edu/nanoenergy/dl/guess/black.png Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:56 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "2d5e-60cdb984c5f5e" Content-Type image/png Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=500 Content-Length 11614
GET H2	200	s.js Show response waust.at/	8 KB 4 KB	126ms 45ms	Script application/x-javascript	2606:4700:20::ac43:4739 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://waust.at/s.js Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::ac43:4739 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Tue, 19 Dec 2023 22:48:56 GMT content-encoding br cf-cache-status HIT last-modified Thu, 12 Jan 2023 17:19:44 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3181 etag W/"63c04130-2170" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxcWI2m7tOEn4IllwNzkaegpVp53hydhaykehaGZe%2FsFBEBAwpsd6Z27IudVtn003kM5qqxvUE6hzz7t2P%2F9j%2F4Ts3cFHNVgwFiCB8HAo25EdCOZDLmTC%2Br6NtFmEams9TrrGZRj"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript access-control-allow-origin * cache-control max-age=86400 cf-ray 8383322a78b5774f-LHR expires Wed, 20 Dec 2023 21:55:55 GMT
GET H/1.1	200 OK	light-v2.woff2 web.northeastern.edu/nanoenergy/dl/guess/	33 KB 33 KB	105ms 104ms	Font application/octet-stream	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Full URL https://web.northeastern.edu/nanoenergy/dl/guess/light-v2.woff2 Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0` Request headers Referer https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Origin https://web.northeastern.edu accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:57 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "8266-60cdb984cb937" Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=497 Content-Length 33382
GET H/1.1	200 OK	bold-v2.woff2 web.northeastern.edu/nanoenergy/dl/guess/	31 KB 31 KB	202ms 202ms	Font application/octet-stream	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Full URL https://web.northeastern.edu/nanoenergy/dl/guess/bold-v2.woff2 Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47` Request headers Referer https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Origin https://web.northeastern.edu accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:57 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "7af8-60cdb984c76cf" Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=499 Content-Length 31480
GET H2	200	/ Show response whos.amung.us/pingjs/	29 B 183 B	302ms 215ms	Script text/javascript	2606:4700:10::ac43:88d CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://whos.amung.us/pingjs/?k=ilmgguie5t&t=Update%20DVLA%20-%20GOV.UK%20Verify%20-%20GOV.UK&c=s&x=https%3A%2F%2Fweb.northeastern.edu%2Fnanoenergy%2Fdl%2Frstontova.php%3F%2Fsrtvonsone%2F%26action%3DQoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS&y=https%3A%2F%2Fweb.northeastern.edu%2Fnanoenergy%2Fdl%2F&a=0&d=0.564&v=27&r=5439 Requested by Host: waust.at URL: https://waust.at/s.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::ac43:88d , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cc8feb7f1e5b0635f46f87bb2e54337ea245542d02ed7853d5347d273079cf73` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers date Tue, 19 Dec 2023 22:48:57 GMT content-encoding gzip cf-cache-status DYNAMIC server cloudflare cf-ray 8383322d1a3335da-LHR content-type text/javascript;charset=UTF-8
GET H/1.1	200 OK	govuk-crest.png web.northeastern.edu/nanoenergy/dl/guess/	4 KB 4 KB	104ms 104ms	Image image/png	155.33.17.138 NORTHEASTERN-GW-AS
General Check archive.org Show headers Download Go to Show image Full URL https://web.northeastern.edu/nanoenergy/dl/guess/govuk-crest.png Requested by Host: web.northeastern.edu URL: https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 155.33.17.138 , United States, ASN156 (NORTHEASTERN-GW-AS, US), Reverse DNS web.northeastern.edu Software Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 / Resource Hash `bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b` Request headers accept-language en-GB,en;q=0.9 Referer https://web.northeastern.edu/nanoenergy/dl/guess/main.css?GdVdTtoVdFQAWwtuwkWOpBGysBaguCbAfwezqTUTYlTuhMpd User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Date Tue, 19 Dec 2023 22:48:57 GMT Last-Modified Tue, 19 Dec 2023 11:59:12 GMT Server Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40 mod_wsgi/3.4 Python/2.7.5 ETag "e00-60cdb984c8a57" Content-Type image/png Access-Control-Allow-Origin * Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=15, max=499 Content-Length 3584
GET DATA	200 OK	truncated /	439 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac` Request headers accept-language en-GB,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36 Response headers Content-Type image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UK Government (Government)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			web.northeastern.edu/	1969-12-31 23:59:59	Name: PHPSESSID Value: fq49diip8eljm0jmbi2t8akh91
			web.northeastern.edu/	1969-12-31 23:59:59	Name: BIGipServerpool-nuweb50 Value: 4160827914.20480.0000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

waust.at
web.northeastern.edu
whos.amung.us
www-mock.gesedna.net
155.33.17.138
2606:4700:10::ac43:88d
2606:4700:20::ac43:4739
81.70.252.169
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f
ad64bb388445381ff0790a4c9d43b06dd63bee9678e23c026858a4b895651677
b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
cc8feb7f1e5b0635f46f87bb2e54337ea245542d02ed7853d5347d273079cf73
d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90
df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
ffc2ac89e51616d60c0b0012efe35e63306b239cdb079e761142eabff66c7c73

web.northeastern.edu Open in urlscan Pro 155.33.17.138 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

5 IPs

2 Countries

486 kBTransfer

487 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

22 JavaScript Global Variables

2 Cookies

Indicators

web.northeastern.edu Open in urlscan Pro
155.33.17.138 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

2
Countries

486 kB
Transfer

487 kB
Size

2
Cookies

12 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!