afournier.sysnove.net
Open in
urlscan Pro
163.172.195.216
Malicious Activity!
Public Scan
URL:
https://afournier.sysnove.net/wp-admin/login.htm
Submission Tags: @phish_report
Submission: On December 27 via api from FI — Scanned from FR
Submission Tags: @phish_report
Submission: On December 27 via api from FI — Scanned from FR
Summary
This website contacted 2 IPs
in 2 countries
across 2 domains to perform 9 HTTP transactions.
The main IP is 163.172.195.216, located in
France and
belongs to AS12876 SCALEWAY S.A.S., FR.
The main domain is afournier.sysnove.net.
TLS certificate: Issued by E6 on November 11th 2024. Valid for: 3 months.
This is the only time afournier.sysnove.net was scanned on urlscan.io!
TLS certificate: Issued by E6 on November 11th 2024. Valid for: 3 months.
This is the only time afournier.sysnove.net was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: German Universities (Education)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 7 | 163.172.195.216 163.172.195.216 | 12876 (AS12876 S...) (AS12876 SCALEWAY S.A.S.) | |
| 2 | 2001:638:508:... 2001:638:508:100::83ad:100d | 680 (DFN Verei...) (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V.) | |
| 9 | 2 |
7
163.172.195.216
(France)
ASN12876 (AS12876 SCALEWAY S.A.S., FR)
PTR: ayoti-fontanon01.sysnove.net
ASN12876 (AS12876 SCALEWAY S.A.S., FR)
PTR: ayoti-fontanon01.sysnove.net
| afournier.sysnove.net |
2
2001:638:508:100::83ad:100d
(Osnabrück, Germany)
ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE)
ASN680 (DFN Verein zur Foerderung eines Deutschen Forschungsnetzes e.V., DE)
| myuos.uni-osnabrueck.de |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 7 |
sysnove.net
afournier.sysnove.net |
12 KB |
| 2 |
uni-osnabrueck.de
myuos.uni-osnabrueck.de |
25 KB |
| 9 | 2 |
| Domain | Requested by | |
|---|---|---|
| 7 | afournier.sysnove.net |
afournier.sysnove.net
|
| 2 | myuos.uni-osnabrueck.de |
afournier.sysnove.net
|
| 9 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.uni-osnabrueck.de |
| cas.uni-osnabrueck.de |
| www.rz.uni-osnabrueck.de |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| afournier.sysnove.net E6 |
2024-11-11 - 2025-02-09 |
3 months | crt.sh |
| www.myuos.uni-osnabrueck.de Sectigo RSA Organization Validation Secure Server CA |
2024-11-14 - 2025-11-14 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://afournier.sysnove.net/wp-admin/login.htm
Frame ID: A14B1A0E1D0D298DC6C466F67293DD2D
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
myUOS Login - Universität OsnabrückPage Statistics
4 Outgoing links
These are links going to different origins than the main page.
URL: http://www.uni-osnabrueck.de/
Search URL Search Domain Scan URL
URL: https://cas.uni-osnabrueck.de/cas/login?service=https%3a%2f%2fmyuos.uni-osnabrueck.de%2f&locale=de
Search URL Search Domain Scan URL
URL: https://cas.uni-osnabrueck.de/cas/login?service=https%3a%2f%2fmyuos.uni-osnabrueck.de%2f&locale=en
Search URL Search Domain Scan URL
URL: http://www.rz.uni-osnabrueck.de/Ueber_Uns/Benutzerkonto/index.html
Title: Wie bekomme ich ein Benutzerkonto?
Title: Wie bekomme ich ein Benutzerkonto?
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
login.htm
afournier.sysnove.net/wp-admin/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
portal.css
afournier.sysnove.net/wp-admin/login_files/ |
3 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header_logo.gif
afournier.sysnove.net/wp-admin/login_files/ |
2 KB 2 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo_myUOS.png
afournier.sysnove.net/wp-admin/login_files/ |
2 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lang_de.gif
afournier.sysnove.net/wp-admin/login_files/ |
72 B 427 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
lang_en.gif
afournier.sysnove.net/wp-admin/login_files/ |
692 B 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
metaplus-roman-webfont.woff
myuos.uni-osnabrueck.de/fonts/ |
24 KB 24 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
icons_link.gif
afournier.sysnove.net/wp-admin/images/ |
153 B 153 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
favicon.ico
myuos.uni-osnabrueck.de/images/ |
318 B 675 B |
Other
image/vnd.microsoft.icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: German Universities (Education)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=63072000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
afournier.sysnove.net
myuos.uni-osnabrueck.de
163.172.195.216
2001:638:508:100::83ad:100d
488d10d245d94c6368644263e8d885a68252f645d7b8a0c98e03a613b0005684
533a1ca5d6595793725bca7641d9461a0f00dd1732dded3e4281196f5dd21736
6e3ec56ba3e812d4811c3fd04e903f9a656c8121d0caf8a8f590d6cd2733570d
7e461cfda6e2bf8d66b2de29e26beadc944dbb18b7c6b1305b7d47604b85d36e
9c3c24291c510f4bc5d04cd66c39be2e54e5c79748790a0a59e28feb50b4c83d
b80d541cd28e77f48c17c1a72fb167b39ccbf5ae237dc46119fc35831808aebf
c3bebfb922eb06310e48dd954dff67809a7db0df3a8fd6bb7e0178d553008f12
c92995602eea8e0463e4d034959cf1e82b34c26ae06ff207a75d1afe97bef65f
dbb14107db2f4bd4b56d857c2429d4b9ae7160683b6e302c8c640f23981556c6