ease.ed.ac.unisr.me
Open in
urlscan Pro
194.87.23.7
Malicious Activity!
Public Scan
Submission: On May 22 via manual from DK — Scanned from DK
Summary
This is the only time ease.ed.ac.unisr.me was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UK Universities (Education)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 194.87.23.7 194.87.23.7 | 212607 (POTENTING-AS) (POTENTING-AS) | |
1 | 2 |
ASN212607 (POTENTING-AS, IR)
PTR: iran.irserverco.net
ease.ed.ac.unisr.me |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
unisr.me
ease.ed.ac.unisr.me |
129 KB |
1 | 1 |
Domain | Requested by | |
---|---|---|
1 | ease.ed.ac.unisr.me | |
1 | 1 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.ed.ac.uk |
www.ease.ed.ac.uk |
www.gov.uk |
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://ease.ed.ac.unisr.me/cosign.cgi/?cosign-eucs
Frame ID: A7B6768E38B2A7366DE331A9C1868FF6
Requests: 7 HTTP requests in this frame
10 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Your University Login
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Terms & conditions
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Title: Modern slavery
Search URL Search Domain Scan URL
Title: Website accessibility
Search URL Search Domain Scan URL
Title: Freedom of information publication scheme
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Recognised body
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
1 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
ease.ed.ac.unisr.me/cosign.cgi/ |
179 KB 129 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
38 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
14 KB 14 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
24 KB 24 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
15 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UK Universities (Education)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ease.ed.ac.unisr.me
194.87.23.7
0c781c684ae3e3069860347fe0022b9e8a68ae04a512e00492ef67b99e554f70
124c97e3de5d8f16f6320ef283dd90d0981edb88d380434f2302de9bfab50ae3
3229fa3fe3a029b32078b5acfd3918fb76a8796b7fd4cf646b8d5ef3348e51b3
59829654b33a114d10a390a846fa0e9fff402f8099ae6cddd30ca78622575f63
a769166be88381ff553dd898537609ee8a973c37bd5ba3890d6ea0bb7fc2a41c
cfa9603baa93612a1b37809e9b2eba09a87ec42ad81ba6c532d2eac56cde5b85
ebb470560e18c732cc916338a8a5c27d18bcd784e7c0acfbaf542fa878a3c524