cms3.co.za Open in urlscan Pro
196.220.60.200  Malicious Activity! Public Scan

4 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/	9 KB 3 KB	338ms 163ms	Document text/html	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash ee11023b067ec3e6e7eef45c227b5fc2d519e3721fffc80c27e150e0d8e843f0 Request headers Host cms3.co.za Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:55 GMT Content-Length 3061 Content-Type text/html Content-Encoding gzip Content-Location http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.html Last-Modified Thu, 14 Feb 2019 14:58:49 GMT Accept-Ranges bytes ETag "809a9bca75c4d41:19a021" Vary Accept-Encoding Server Microsoft-IIS/6.0 X-Powered-By ASP.NET
GET H/1.1	200 OK	index.css cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/	44 KB 45 KB	320ms 162ms	Stylesheet text/css	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash e315e56e12e6c35cb5632c7bec947212f912ee872299288aa07e4f5d2c945350 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cms3.co.za User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,*/*;q=0.1 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Connection keep-alive Cache-Control no-cache Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:55 GMT Last-Modified Thu, 14 Feb 2019 14:24:09 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "f6742f370c4d41:19a021" Content-Type text/css Accept-Ranges bytes Content-Length 45480
GET H/1.1	200 OK	d.js Show response waust.at/	12 KB 7 KB	28ms 8ms	Script application/x-javascript	185.225.208.133 UK2NET-AS
General Check archive.org Show headers Download Go to Full URL http://waust.at/d.js Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 185.225.208.133 -, , ASN13213 (UK2NET-AS, GB), Reverse DNS Software / Resource Hash bc0f28387fdc58b79c22fa82216bcd6a19412dbe541fee83c1314a8d39448d30 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:55 GMT Content-Encoding gzip Last-Modified Mon, 10 Dec 2018 18:29:40 GMT ETag W/"5c0eb094-2f33" Transfer-Encoding chunked Content-Type application/x-javascript Access-Control-Allow-Origin * Cache-Control max-age=86400, private Connection keep-alive Expires Sat, 16 Feb 2019 03:46:55 GMT
GET H/1.1	200 OK	header-leaf.jpg cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/	7 KB 7 KB	163ms 162ms	Image image/jpeg	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Show image Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/header-leaf.jpg Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 585defecffe2aae3c3daf15f7ce9c8b6482dab389bcbeb030d399f24232e6f64 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cms3.co.za User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css Connection keep-alive Cache-Control no-cache Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Last-Modified Thu, 14 Feb 2019 14:24:05 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "707cc5f070c4d41:19a021" Content-Type image/jpeg Accept-Ranges bytes Content-Length 6962
GET H/1.1	200 OK	header-bg.jpg cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/	15 KB 15 KB	163ms 163ms	Image image/jpeg	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Show image Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/header-bg.jpg Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 52e75f289c865f1608d23ef199d4ddcf6c35a9b1c6596d0b515df7b2ffd5dcb4 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cms3.co.za User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css Connection keep-alive Cache-Control no-cache Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Last-Modified Thu, 14 Feb 2019 14:24:02 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "4087c2ee70c4d41:19a021" Content-Type image/jpeg Accept-Ranges bytes Content-Length 15436
GET H/1.1	200 OK	sft-deco.gif cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/	80 B 331 B	644ms 161ms	Image image/gif	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Show image Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/sft-deco.gif Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash 372dbc2821a06ee701e74972f6783b83951fe88459a28913ba425613ff15b909 Request headers Pragma no-cache Accept-Encoding gzip, deflate Host cms3.co.za User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/*,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css Connection keep-alive Cache-Control no-cache Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/index.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Last-Modified Thu, 14 Feb 2019 14:24:27 GMT Server Microsoft-IIS/6.0 X-Powered-By ASP.NET ETag "93e51dfe70c4d41:19a021" Content-Type image/gif Accept-Ranges bytes Content-Length 80
GET H/1.1	404 Not Found	sig-en.svg Show response cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Frame 597D	2 KB 2 KB	306ms 162ms	Document text/html	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/sig-en.svg Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa Request headers Host cms3.co.za Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Content-Length 1635 Content-Type text/html Server Microsoft-IIS/6.0 X-Powered-By ASP.NET
GET H/1.1	404 Not Found	wmms.svg Show response cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Frame 4FB7	2 KB 2 KB	465ms 162ms	Document text/html	196.220.60.200 Gridhost
General Check archive.org Show headers Download Go to Full URL http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/wmms.svg Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 196.220.60.200 Cape Town, South Africa, ASN36943 (Gridhost, ZA), Reverse DNS win20.wadns.net Software Microsoft-IIS/6.0 / ASP.NET Resource Hash d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa Request headers Host cms3.co.za Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Content-Length 1635 Content-Type text/html Server Microsoft-IIS/6.0 X-Powered-By ASP.NET
GET H/1.1	200 OK	/ Show response t.dtscout.com/i/	4 KB 5 KB	349ms 168ms	Script application/javascript	107.182.233.217 WestHost
General Check archive.org Show headers Download Go to Full URL http://t.dtscout.com/i/?l=http%3A%2F%2Fcms3.co.za%2Faspnet_client%2Fsystem_web%2F4_0_30319%2Fcms-sgj.cra-arc.gc.ca%2F&j= Requested by Host: waust.at URL: http://waust.at/d.js Protocol HTTP/1.1 Server 107.182.233.217 Providence, United States, ASN29854 (WESTHOST - WestHost, Inc., US), Reverse DNS 6bb6e9d9.setaptr.net Software nginx/1.10.3 (Ubuntu) / Resource Hash 5b607b84b1e3957b8b8b19702d23cf9801c5c96c74f209d8a71369464fc9701e Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Server nginx/1.10.3 (Ubuntu) X-Z I Transfer-Encoding chunked Content-Type application/javascript X-DT 8.5E-5 Cache-Control no-cache Connection close Expires Fri, 15 Feb 2019 03:46:55 GMT
GET H/1.1	200 OK	/ Show response whos.amung.us/pingjs/	28 B 229 B	231ms 112ms	Script text/javascript	67.202.94.94 Steadfast
General Check archive.org Show headers Download Go to Full URL http://whos.amung.us/pingjs/?k=0mzzpkq335&t=Canada%20Revenue%20Agency%20-%20Validate%20your%20identity%3A%20social%20insurance%20number&c=d&y=&a=0&r=5240 Requested by Host: waust.at URL: http://waust.at/d.js Protocol HTTP/1.1 Server 67.202.94.94 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS amung.us Software / Resource Hash d73ffea7352e4e12363e0b8ef32989350e8675fa94f0bd8f1a69d927503aadb4 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Content-Encoding gzip Connection close Transfer-Encoding chunked Content-Type text/javascript;charset=UTF-8
GET H/1.1	200 OK	tc.js Show response cdn.tynt.com/	15 KB 7 KB	16ms 15ms	Script application/javascript	104.16.87.26 Cloudflare
General Check archive.org Show headers Download Go to Full URL http://cdn.tynt.com/tc.js Requested by Host: waust.at URL: http://waust.at/d.js Protocol HTTP/1.1 Server 104.16.87.26 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US), Reverse DNS Software cloudflare / Resource Hash 4f019b3e38098b74d98fb909e1add41a2c4208bfa59db027818fcbd0e187f763 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Content-Encoding gzip CF-Cache-Status HIT Last-Modified Mon, 10 Dec 2018 17:12:01 GMT Server cloudflare ETag W/"5c0e9e61-3ddc" Vary Accept-Encoding Content-Type application/javascript Cache-Control public, max-age=259200 Transfer-Encoding chunked Connection keep-alive CF-RAY 4a94ca4cdaed9bed-AMS Expires Mon, 18 Feb 2019 03:46:56 GMT
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d Request headers Response headers Content-Type image/png
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 316 B	244ms 119ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0&t=Canada%20Revenue%20Agency%20-%20Validate%20your%20identity%3A%20social%20insurance%20number Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	200 OK	/ t.dtscout.com/idg/ Frame 2C36	0 0	192ms 93ms	Document text/html	167.114.209.61 OVH
General Check archive.org Show headers Download Go to Full URL http://t.dtscout.com/idg/ Requested by Host: t.dtscout.com URL: http://t.dtscout.com/i/?l=http%3A%2F%2Fcms3.co.za%2Faspnet_client%2Fsystem_web%2F4_0_30319%2Fcms-sgj.cra-arc.gc.ca%2F&j= Protocol HTTP/1.1 Server 167.114.209.61 Montréal, Canada, ASN16276 (OVH, FR), Reverse DNS ns515688.ip-167-114-209.net Software nginx/1.10.3 (Ubuntu) / Resource Hash Request headers Host t.dtscout.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Accept-Encoding gzip, deflate Cookie m=1; b=1; ah=1; st=1; df=1550202416; l=a7bp2VxmNjCbTQL5v1RSAg== Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Response headers Server nginx/1.10.3 (Ubuntu) Date Fri, 15 Feb 2019 03:46:56 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection close Expires Fri, 15 Feb 2019 03:46:55 GMT Cache-Control no-cache Content-Encoding gzip
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	112ms 112ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0&t=Canada%20Revenue%20Agency%20-%20Validate%20your%20identity%3A%20social%20insurance%20number Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	200	v2 Show response de.tynt.com/deb/	4 B 250 B	232ms 109ms	Script application/javascript	208.100.17.182 Steadfast
General Check archive.org Show headers Download Go to Full URL http://de.tynt.com/deb/v2?id=w!0mzzpkq335&dn=TC&cc=1&r= Requested by Host: cdn.tynt.com URL: http://cdn.tynt.com/tc.js Protocol HTTP/1.1 Server 208.100.17.182 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip182.208-100-17.static.steadfastdns.net Software / Resource Hash d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT Cache-Control max-age=86400 Expires Sat, 16 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Content-Length 4 Content-Type application/javascript
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	114ms 114ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0&t=Canada%20Revenue%20Agency%20-%20Validate%20your%20identity%3A%20social%20insurance%20number Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	112ms 112ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0 Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	117ms 116ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0 Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	114ms 113ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0 Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:56 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0
GET H/1.1	204 No Content	p ic.tynt.com/b/	0 151 B	116ms 116ms	Image text/plain	208.100.17.190 Steadfast
General Check archive.org Show headers Download Go to Show image Full URL http://ic.tynt.com/b/p?id=w!0mzzpkq335&lm=0&ts=1550202416148&dn=TC&iso=0 Requested by Host: cms3.co.za URL: http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ Protocol HTTP/1.1 Server 208.100.17.190 Chicago, United States, ASN32748 (STEADFAST - Steadfast, US), Reverse DNS ip190.208-100-17.static.steadfastdns.net Software nginx/1.14.0 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer http://cms3.co.za/aspnet_client/system_web/4_0_30319/cms-sgj.cra-arc.gc.ca/ User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Fri, 15 Feb 2019 03:46:57 GMT P3P CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA Server nginx/1.14.0

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Canadian Government (Government)

22 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onselectstart object| onselectionchange function| queueMicrotask object| _wau string| wau_w_col string| wau_w_siz object| WAU_ren function| WAU_dynamic function| WAU_r_d function| WAU_insert function| WAU_la function| WAU_addCommas function| WAU_lrd function| WAU_cps function| docReady object| x string| x1 string| x2 object| Tynt object| _33Across object| a object| cv

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.dtscout.com/	1970-01-19 16:07:54	Name: df Value: 1550202416
			.dtscout.com/	1970-01-25 20:05:16	Name: l Value: a7bp2VxmNjCbTQL5v1RSAg==
			.dtscout.com/	1970-01-18 22:38:08	Name: ah Value: 1
			.dtscout.com/	1970-01-18 22:37:11	Name: b Value: 1
			.dtscout.com/	1970-01-18 22:38:08	Name: st Value: 1
			.dtscout.com/	1970-01-18 22:36:47	Name: m Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.tynt.com
cms3.co.za
de.tynt.com
ic.tynt.com
t.dtscout.com
waust.at
whos.amung.us
104.16.87.26
107.182.233.217
167.114.209.61
185.225.208.133
196.220.60.200
208.100.17.182
208.100.17.190
67.202.94.94
372dbc2821a06ee701e74972f6783b83951fe88459a28913ba425613ff15b909
4f019b3e38098b74d98fb909e1add41a2c4208bfa59db027818fcbd0e187f763
52e75f289c865f1608d23ef199d4ddcf6c35a9b1c6596d0b515df7b2ffd5dcb4
585defecffe2aae3c3daf15f7ce9c8b6482dab389bcbeb030d399f24232e6f64
5b607b84b1e3957b8b8b19702d23cf9801c5c96c74f209d8a71369464fc9701e
6f4587fb64cd2e7ce26ba21941c80f3ab8d28c257b73d04a87c949b32e4cde2d
bc0f28387fdc58b79c22fa82216bcd6a19412dbe541fee83c1314a8d39448d30
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d5b10953ba949844a4ce4501f3f2cb079daa5f5eb8323b9580aef1f7eac899aa
d73ffea7352e4e12363e0b8ef32989350e8675fa94f0bd8f1a69d927503aadb4
e315e56e12e6c35cb5632c7bec947212f912ee872299288aa07e4f5d2c945350
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ee11023b067ec3e6e7eef45c227b5fc2d519e3721fffc80c27e150e0d8e843f0