ogpleague.com.ng Open in urlscan Pro
67.220.188.162  Malicious Activity! Public Scan

Submitted URL: http://fvgbhbn.fast-page.org/
Effective URL: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%o...
Submission: On May 23 via manual from US

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 67.220.188.162, located in Los Angeles, United States and belongs to 24SHELLS - 24 SHELLS, US. The main domain is ogpleague.com.ng.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 14th 2019. Valid for: 3 months.
This is the only time ogpleague.com.ng was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Sharepoint (Online)

Domain & IP information

IP Address AS Autonomous System
1 3 185.27.134.201 34119 (WILDCARD-...)
1 7 67.220.188.162 55081 (24SHELLS)
9 3
Apex Domain
Subdomains
Transfer
7 ogpleague.com.ng
ogpleague.com.ng
www.ogpleague.com.ng Failed
36 KB
3 fast-page.org
fvgbhbn.fast-page.org
32 KB
9 2
Domain Requested by
7 ogpleague.com.ng 1 redirects fvgbhbn.fast-page.org
ogpleague.com.ng
3 fvgbhbn.fast-page.org 1 redirects fvgbhbn.fast-page.org
0 www.ogpleague.com.ng Failed ogpleague.com.ng
9 3

This site contains no links.

Subject Issuer Validity Valid
ogpleague.com.ng
cPanel, Inc. Certification Authority
2019-03-14 -
2019-06-12
3 months crt.sh

This page contains 1 frames:

Primary Page: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Frame ID: EA188DC3FE72A358675AB631F1E537D0
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://fvgbhbn.fast-page.org/ Page URL
  2. http://fvgbhbn.fast-page.org/?i=1 HTTP 301
    https://ogpleague.com.ng/1?i=1 HTTP 301
    https://ogpleague.com.ng/1/?i=1 Page URL
  3. https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

67 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

68 kB
Transfer

67 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://fvgbhbn.fast-page.org/ Page URL
  2. http://fvgbhbn.fast-page.org/?i=1 HTTP 301
    https://ogpleague.com.ng/1?i=1 HTTP 301
    https://ogpleague.com.ng/1/?i=1 Page URL
  3. https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • http://fvgbhbn.fast-page.org/?i=1 HTTP 301
  • https://ogpleague.com.ng/1?i=1 HTTP 301
  • https://ogpleague.com.ng/1/?i=1
Request Chain 8
  • https://ogpleague.com.ng/1/owa/auth/css/fonts/segoeui-regular.ttf HTTP 301
  • https://www.ogpleague.com.ng/1/owa/auth/css/fonts/segoeui-regular.ttf

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
fvgbhbn.fast-page.org/
832 B
830 B
Document
General
Full URL
http://fvgbhbn.fast-page.org/
Protocol
HTTP/1.1
Server
185.27.134.201 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
20113427185.ifastnet.org
Software
nginx /
Resource Hash
9c3145b7a4bb77badb48a52bfdf583ba07b9e5e0ea9c4f9a4f32f03a0871a1c6

Request headers

Host
fvgbhbn.fast-page.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
nginx
Date
Thu, 23 May 2019 18:48:08 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Connection
keep-alive
Vary
Accept-Encoding
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control
no-cache
Content-Encoding
gzip
aes.js
fvgbhbn.fast-page.org/
30 KB
31 KB
Script
General
Full URL
http://fvgbhbn.fast-page.org/aes.js
Requested by
Host: fvgbhbn.fast-page.org
URL: http://fvgbhbn.fast-page.org/
Protocol
HTTP/1.1
Server
185.27.134.201 , United Kingdom, ASN34119 (WILDCARD-AS Wildcard UK Limited, GB),
Reverse DNS
20113427185.ifastnet.org
Software
nginx /
Resource Hash
d2701c86a2a31a641520e72121749dbbabeed4b1a59aece20bbf14f9c9de82bc

Request headers

Referer
http://fvgbhbn.fast-page.org/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 23 May 2019 18:48:08 GMT
Last-Modified
Sat, 08 Aug 2015 08:12:26 GMT
Server
nginx
ETag
"55c5b9ea-79e6"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31206
Cookie set /
ogpleague.com.ng/1/
Redirect Chain
  • http://fvgbhbn.fast-page.org/?i=1
  • https://ogpleague.com.ng/1?i=1
  • https://ogpleague.com.ng/1/?i=1
256 B
626 B
Document
General
Full URL
https://ogpleague.com.ng/1/?i=1
Requested by
Host: fvgbhbn.fast-page.org
URL: http://fvgbhbn.fast-page.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
4d1b7f1d0e902ebe002773bb4f2af7415ef23c6ab900b42e75234b6af6c80a54

Request headers

Host
ogpleague.com.ng
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
http://fvgbhbn.fast-page.org/
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://fvgbhbn.fast-page.org/

Response headers

Date
Thu, 23 May 2019 18:48:14 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=7558k6vr79rdg8ipq6lc168b94; path=/
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Thu, 23 May 2019 18:48:14 GMT
Server
Apache
Location
https://ogpleague.com.ng/1/?i=1
Content-Length
239
Connection
close
Content-Type
text/html; charset=iso-8859-1
Primary Request /
ogpleague.com.ng/1/owa/auth/
5 KB
6 KB
Document
General
Full URL
https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Requested by
Host: ogpleague.com.ng
URL: https://ogpleague.com.ng/1/?i=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
53951cd879593f7c1fd75e7b63917d8251f2900fa229bfeb2cf5f6a6a94dc8d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
ogpleague.com.ng
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer
https://ogpleague.com.ng/1/?i=1
Accept-Encoding
gzip, deflate, br
Cookie
PHPSESSID=7558k6vr79rdg8ipq6lc168b94
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://ogpleague.com.ng/1/?i=1

Response headers

Date
Thu, 23 May 2019 18:48:15 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Connection
close
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
enkr1p.js
ogpleague.com.ng/1/owa/auth/
8 KB
9 KB
Script
General
Full URL
https://ogpleague.com.ng/1/owa/auth/enkr1p.js
Requested by
Host: ogpleague.com.ng
URL: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
6369118b817a8a0549092cce8b77d77ac7ec88cc76a66d3ed9e32e9c4f6fb23f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 23 May 2019 18:48:15 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 02 Jan 2016 08:46:10 GMT
Server
Apache
Content-Type
application/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
8505
X-XSS-Protection
1; mode=block
sp.css
ogpleague.com.ng/1/owa/auth/css/
10 KB
10 KB
Stylesheet
General
Full URL
https://ogpleague.com.ng/1/owa/auth/css/sp.css
Requested by
Host: ogpleague.com.ng
URL: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
402e22f38fb4a09ad692231f93a3abdbbb2f6d9ef8735ceffe8d40b27e66c815
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 23 May 2019 18:48:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 02 Apr 2019 13:10:06 GMT
Server
Apache
Content-Type
text/css
Connection
close
Accept-Ranges
bytes
Content-Length
10274
X-XSS-Protection
1; mode=block
01.png
ogpleague.com.ng/1/owa/auth/images/
5 KB
5 KB
Image
General
Full URL
https://ogpleague.com.ng/1/owa/auth/images/01.png
Requested by
Host: ogpleague.com.ng
URL: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
bc305eefe3a03f90b27474051b3cd173bf347cdcf23acc6d57410e80f1a060c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 23 May 2019 18:48:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 02 Apr 2019 16:20:24 GMT
Server
Apache
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
4969
X-XSS-Protection
1; mode=block
shp.png
ogpleague.com.ng/1/owa/auth/images/
6 KB
6 KB
Image
General
Full URL
https://ogpleague.com.ng/1/owa/auth/images/shp.png
Requested by
Host: ogpleague.com.ng
URL: https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.220.188.162 Los Angeles, United States, ASN55081 (24SHELLS - 24 SHELLS, US),
Reverse DNS
host1.smartwebng.com
Software
Apache /
Resource Hash
956d9990b5d625b6418f429f765545c6dc305063bb838c007c7f3d819088904c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ogpleague.com.ng/1/owa/auth/?owa2=SharePointOnline&replaceCurrent=1&reason=2&url=https%3a%2f%2&appidKeyProducts%off%ice365=fcd00c0656cc4903655f8dde2439698c2aa39477
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Thu, 23 May 2019 18:48:16 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Apr 2019 05:48:20 GMT
Server
Apache
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
6018
X-XSS-Protection
1; mode=block
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6710ee6e22d5e3e82f70554804806c37aac5789b110d944383ea393d93eb627a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Content-Type
image/png
segoeui-regular.ttf
www.ogpleague.com.ng/1/owa/auth/css/fonts/
Redirect Chain
  • https://ogpleague.com.ng/1/owa/auth/css/fonts/segoeui-regular.ttf
  • https://www.ogpleague.com.ng/1/owa/auth/css/fonts/segoeui-regular.ttf
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.ogpleague.com.ng
URL
https://www.ogpleague.com.ng/1/owa/auth/css/fonts/segoeui-regular.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Sharepoint (Online)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| Aes object| Base64 object| Utf8 string| gentot string| udud string| keluaran string| ctrTxt

0 Cookies