biologia.uem.mz
Open in
urlscan Pro
196.3.96.21
Malicious Activity!
Public Scan
Submission: On March 06 via api from CA
Summary
This is the only time biologia.uem.mz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Swisscom (Telecommunication)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
5 | 196.3.96.21 196.3.96.21 | 31960 (EMUNET) (EMUNET) | |
3 | 195.186.196.30 195.186.196.30 | 3303 (SWISSCOM ...) (SWISSCOM Swisscom (Switzerland) Ltd) | |
14 | 3 |
ASN3303 (SWISSCOM Swisscom (Switzerland) Ltd, CH)
login.sso.bluewin.ch |
Apex Domain Subdomains |
Transfer | |
---|---|---|
5 |
uem.mz
biologia.uem.mz |
32 KB |
3 |
bluewin.ch
login.sso.bluewin.ch |
46 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
5 | biologia.uem.mz |
biologia.uem.mz
|
3 | login.sso.bluewin.ch |
biologia.uem.mz
|
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
login.sso.bluewin.ch SwissSign EV Gold CA 2014 - G22 |
2018-03-21 - 2020-03-21 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
http://biologia.uem.mz/modules/mod_custom/Bluewin/
Frame ID: 935969709D61ABAF2FA0A5A177C9A779
Requests: 14 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
biologia.uem.mz/modules/mod_custom/Bluewin/ |
2 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
sdx.min.css
login.sso.bluewin.ch/resources/sdx/css/ |
307 KB 39 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nwmain.css
login.sso.bluewin.ch/resources/styles/ |
10 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kaka.png
biologia.uem.mz/modules/mod_custom/Bluewin/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kaka4.png
biologia.uem.mz/modules/mod_custom/Bluewin/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kaka2.png
biologia.uem.mz/modules/mod_custom/Bluewin/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
kaka3.png
biologia.uem.mz/modules/mod_custom/Bluewin/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Logo_Lifeform.png
login.sso.bluewin.ch/resources/images/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.woff2
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.woff
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.woff
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_400_.ttf
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
TheSansB_300_.ttf
login.sso.bluewin.ch/resources/sdx/fonts/TheSans/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff2
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.woff
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_400_.ttf
- Domain
- login.sso.bluewin.ch
- URL
- https://login.sso.bluewin.ch/resources/sdx/fonts/TheSans/TheSansB_300_.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Swisscom (Telecommunication)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
biologia.uem.mz
login.sso.bluewin.ch
login.sso.bluewin.ch
195.186.196.30
196.3.96.21
226f4bafa46b030195aad4df1d6d95a49f4c306145eb8fecb7e1c25c8e431cac
24c9a2f52fdacd131ae55950bc22c9b37768f7d28c4a8bbe6884e133ed87840b
8a9a3456a962f8de2d5d06260a13bb10cb2420f1df9b974692f09244b5de3d53
8c236766f23c140010dd8da2f231017bdd9d46293b6b75cd10e584638d9a4319
98cb86db80a03e8cc05d04e82fa3d75fb13ed277c0d8942823fcc86a10ecab20
addc4380ec95ec19d925a4f869dde8436204caaafd10d8a20a90ef1b818ea46d
aea14de2f15479f33a2cdfab1cdf996596cd10de05d4c2f1f5137ad1f16a2d4c
e0bc3a627d23f2f2e1467bb520cf1a686a8b0e7ef12589e3e0aede4c350ad67e