web.northeastern.edu
Open in
urlscan Pro
155.33.17.138
Malicious Activity!
Public Scan
Effective URL: https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS
Submission: On December 19 via manual from GB — Scanned from GB
Summary
TLS certificate: Issued by InCommon RSA Server CA on June 20th 2023. Valid for: a year.
This is the only time web.northeastern.edu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 81.70.252.169 81.70.252.169 | 45090 (TENCENT-N...) (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited) | |
9 | 155.33.17.138 155.33.17.138 | 156 (NORTHEAST...) (NORTHEASTERN-GW-AS) | |
1 | 2606:4700:20:... 2606:4700:20::ac43:4739 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2606:4700:10:... 2606:4700:10::ac43:88d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
12 | 5 |
ASN45090 (TENCENT-NET-AP Shenzhen Tencent Computer Systems Company Limited, CN)
www-mock.gesedna.net |
ASN156 (NORTHEASTERN-GW-AS, US)
PTR: web.northeastern.edu
web.northeastern.edu |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
northeastern.edu
web.northeastern.edu |
482 KB |
1 |
amung.us
whos.amung.us — Cisco Umbrella Rank: 17707 |
183 B |
1 |
waust.at
waust.at — Cisco Umbrella Rank: 43427 |
4 KB |
1 |
gesedna.net
www-mock.gesedna.net |
344 B |
12 | 4 |
Domain | Requested by | |
---|---|---|
9 | web.northeastern.edu |
web.northeastern.edu
|
1 | whos.amung.us |
waust.at
|
1 | waust.at |
web.northeastern.edu
|
1 | www-mock.gesedna.net | |
12 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.gesedna.net TrustAsia RSA DV TLS CA G2 |
2023-04-04 - 2024-05-03 |
a year | crt.sh |
web.northeastern.edu InCommon RSA Server CA |
2023-06-20 - 2024-06-19 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-06-04 - 2024-06-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS
Frame ID: EBD1D1F7CA5F4ECD1A08F118295D4AA0
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Update DVLA - GOV.UK Verify - GOV.UKPage URL History Show full URLs
- https://www-mock.gesedna.net/dvladlvldaslll1111.html Page URL
- https://web.northeastern.edu/nanoenergy/dl/ Page URL
- https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwO... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
GOV.UK Frontend (UI frameworks) Expand
Detected patterns
- <body[^>]+govuk-template__body
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://www-mock.gesedna.net/dvladlvldaslll1111.html Page URL
- https://web.northeastern.edu/nanoenergy/dl/ Page URL
- https://web.northeastern.edu/nanoenergy/dl/rstontova.php?/srtvonsone/&action=QoSKErpHaxhHPQxbthJFcbposfwOWMcnAvyEmnMNluUAKS Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
dvladlvldaslll1111.html
www-mock.gesedna.net/ |
107 B 344 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
web.northeastern.edu/nanoenergy/dl/ |
202 B 854 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
rstontova.php
web.northeastern.edu/nanoenergy/dl/ |
12 KB 13 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.css
web.northeastern.edu/nanoenergy/dl/guess/ |
138 KB 138 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vertical.png
web.northeastern.edu/nanoenergy/dl/guess/ |
245 KB 245 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
horizontal.png
web.northeastern.edu/nanoenergy/dl/guess/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
black.png
web.northeastern.edu/nanoenergy/dl/guess/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
s.js
waust.at/ |
8 KB 4 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
light-v2.woff2
web.northeastern.edu/nanoenergy/dl/guess/ |
33 KB 33 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bold-v2.woff2
web.northeastern.edu/nanoenergy/dl/guess/ |
31 KB 31 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
whos.amung.us/pingjs/ |
29 B 183 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
govuk-crest.png
web.northeastern.edu/nanoenergy/dl/guess/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
439 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Government (Government)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| BjWGVxDS function| CYDLDTxyy function| MCZXqYKBj2 function| vWRftYArc3 function| EerIquco4 object| _wau object| WAU_ren function| WAU_small function| WAU_small_request function| WAU_r_s function| WAU_insert function| WAU_legacy_b function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_lrs function| WAU_cps function| docReady object| x string| x1 string| x22 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
web.northeastern.edu/ | Name: PHPSESSID Value: fq49diip8eljm0jmbi2t8akh91 |
|
web.northeastern.edu/ | Name: BIGipServerpool-nuweb50 Value: 4160827914.20480.0000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
waust.at
web.northeastern.edu
whos.amung.us
www-mock.gesedna.net
155.33.17.138
2606:4700:10::ac43:88d
2606:4700:20::ac43:4739
81.70.252.169
06eba01b1af0f4014b484c711771fef1db30becbf0edf481498da1e4958d3d47
2052a227c361a7e99ea70f5bdcf54cd9e6c6b493dd4d20b73b376d94ce0dc0d1
471fe7c33b2ac6fccc2200b7ecbf2db41349a7ae218afe24f204cb84fc5a550f
ad64bb388445381ff0790a4c9d43b06dd63bee9678e23c026858a4b895651677
b1d3d6097907be9c4730892b74c227e857dbaedd28c8480d52d51d17dbcb054c
bb9e22aff7881b895c2ceb41d9340804451c474b883f09fe1b4026e76456f44b
cc8feb7f1e5b0635f46f87bb2e54337ea245542d02ed7853d5347d273079cf73
d379630f9694c5d1b89c52020420a824457ef5fc0e3daae1dd101a226c61ec90
df8e91e89e60f25adb96a11a4d5b8a42da3fa2707da4da009947dc4d092ba3ab
eedfb3c2f7945caebd0b15522b59d6c7f01be17fecd6102fd76452ad4042f7b0
f6d82f567d08ec91a1b6ef0d4abf21be7a2d3dbc0a41c122584ea3536755b3ac
ffc2ac89e51616d60c0b0012efe35e63306b239cdb079e761142eabff66c7c73