urlscan.io logo urlscan.io
SecurityTrails logo

edouniversity.edu.ng Open in urlscan Pro
107.180.25.164  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp
Effective URL: https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp
Submission: On February 04 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 5 HTTP transactions. The main IP is 107.180.25.164, located in Ashburn, United States and belongs to AS-26496-GO-DADDY-COM-LLC, US. The main domain is edouniversity.edu.ng.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 28th 2021. Valid for: a year.
This is the only time edouniversity.edu.ng was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DHL (Transportation)

Domain & IP information

IP Address AS Autonomous System
3 107.180.25.164 26496 (AS-26496-...)
1 95.100.153.98 20940 (AKAMAI-ASN1)
1 23.79.143.47 16625 (AKAMAI-AS)
5 3
Apex Domain
Subdomains		 Transfer
3 edouniversity.edu.ng
edouniversity.edu.ng
6 KB
1 secureserver.net
img.secureserver.net — Cisco Umbrella Rank: 14276
379 B
1 wsimg.com
img1.wsimg.com — Cisco Umbrella Rank: 10341
5 KB
5 3
Domain Requested by
3 edouniversity.edu.ng edouniversity.edu.ng
1 img.secureserver.net
1 img1.wsimg.com edouniversity.edu.ng
5 3

This site contains no links.

Subject Issuer Validity Valid
edouniversity.edu.ng
Go Daddy Secure Certificate Authority - G2		 2021-08-28 -
2022-09-29		 a year crt.sh
*.wsimg.com
Starfield Secure Certificate Authority - G2		 2021-09-24 -
2022-10-26		 a year crt.sh
*.secureserver.net
Starfield Secure Certificate Authority - G2		 2021-09-16 -
2022-10-18		 a year crt.sh

This page contains 1 frames:

Primary Page: https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp
Frame ID: B0C257D8DDFD03AF51CC44D5214344FC
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp Page URL
  2. https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

11 kB
Transfer

26 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp Page URL
  2. https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.php
edouniversity.edu.ng/files/dhl_top/source/content/ 		546 B
491 B 		Document
General
Check archive.org
Download Go to
Full URL
https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.25.164 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-25-164.ip.secureserver.net
Software
Apache / PHP/5.6.40
Resource Hash
3b25f42e7c5a61a72e9b7eacecfbdea358debdc8d5d5477ac4f3b62727f33852

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

x-powered-by
PHP/5.6.40
vary
Accept-Encoding
content-encoding
gzip
content-length
374
content-type
text/html; charset=UTF-8
date
Fri, 04 Feb 2022 13:00:52 GMT
server
Apache
tcc_l.combined.1.0.6.min.js
img1.wsimg.com/tcc/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Requested by
Host: edouniversity.edu.ng
URL: https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.100.153.98 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-100-153-98.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aa5c1ec4d2ea00eb517eadeb3b65e55b577b7a5ed42d7c2611d15d9050c18350

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://edouniversity.edu.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:00:53 GMT
content-encoding
gzip
last-modified
Fri, 31 Mar 2017 16:26:41 GMT
etag
"52ef5c943baad21:0"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
content-length
4564
expires
Sat, 04 Feb 2023 13:00:53 GMT
event
img.secureserver.net/t/1/tl/ 		43 B
379 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.secureserver.net/t/1/tl/event?cts=1643979653300&tce=1643979652919&tcs=1643979652719&tdc=1643979653100&tdclee=1643979653100&tdcles=1643979653100&tdi=1643979653100&tdl=1643979653048&tdle=1643979652719&tdls=1643979652700&tfs=1643979652700&tns=1643979652699&trqs=1643979652919&tre=1643979653045&trps=1643979653044&tles=1643979653100&tlee=1643979653100&ht=perf&dh=edouniversity.edu.ng&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F97.0.4692.71%20Safari%2F537.36&vci=1922066559&cv=1.0.6&z=55543470&vg=26625985-3301-41bf-b3fe-02ecedf9d33d&vtg=26625985-3301-41bf-b3fe-02ecedf9d33d&ap=cpsh&trfd=%7B%22cts%22%3A1643979653099%2C%22tccl.baseHost%22%3A%22secureserver.net%22%2C%22ap%22%3A%22cpsh%22%2C%22server%22%3A%22a2plcpnl0666%22%7D&dp=%2Ffiles%2Fdhl_top%2Fsource%2Fcontent%2Findex.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.79.143.47 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-79-143-47.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://edouniversity.edu.ng/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Content-Type-Options
nosniff
Date
Fri, 04 Feb 2022 13:00:53 GMT
X-Frame-Options
DENY
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
X-Robots-Tag
noindex, nofollow
Content-Length
43
X-XSS-Protection
1; mode=block
Primary Request login.php
edouniversity.edu.ng/files/dhl_top/source/content/ 		10 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.25.164 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-25-164.ip.secureserver.net
Software
Apache / PHP/5.6.40
Resource Hash
95f96d6be1413c7cdbd7b67c915b0c95eafbf86626ab3e02859d2230610d7289

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://edouniversity.edu.ng/files/dhl_top/source/content/index.php?email=ozakit@rikkyo.ac.jp

Response headers

x-powered-by
PHP/5.6.40
vary
Accept-Encoding
content-encoding
gzip
content-length
1421
content-type
text/html; charset=UTF-8
date
Fri, 04 Feb 2022 13:00:57 GMT
server
Apache
logo.jpg
edouniversity.edu.ng/files/dhl_top/source/content/photos/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://edouniversity.edu.ng/files/dhl_top/source/content/photos/logo.jpg
Requested by
Host: edouniversity.edu.ng
URL: https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
107.180.25.164 Ashburn, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC, US),
Reverse DNS
ip-107-180-25-164.ip.secureserver.net
Software
Apache /
Resource Hash
26933abb67839e269d8fc9d49b5ff722a1f48646776a8bdfb25e572d10996b41

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://edouniversity.edu.ng/files/dhl_top/source/content/login.php?email=ozakit@rikkyo.ac.jp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Fri, 04 Feb 2022 13:00:57 GMT
last-modified
Fri, 17 Jan 2020 07:21:40 GMT
server
Apache
accept-ranges
bytes
etag
"3a40b4a-f3e-59c50caf62900"
content-length
3902
content-type
image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DHL (Transportation)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Domain/Path Name / Value
edouniversity.edu.ng/ Name: _tccl_visitor
Value: 26625985-3301-41bf-b3fe-02ecedf9d33d
edouniversity.edu.ng/ Name: _tccl_visit
Value: 26625985-3301-41bf-b3fe-02ecedf9d33d