www.mdn.gov.mz
Open in
urlscan Pro
196.3.96.205
Malicious Activity!
Public Scan
Submission: On July 27 via automatic, source openphish
Summary
This is the only time www.mdn.gov.mz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PayPal (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 196.3.96.205 196.3.96.205 | 31960 (EMUNET) (EMUNET) | |
9 | 181.88.192.201 181.88.192.201 | 7303 (Telecom A...) (Telecom Argentina S.A.) | |
3 | 92.123.92.235 92.123.92.235 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 66.235.148.144 66.235.148.144 | 15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.) | |
15 | 5 |
ASN7303 (Telecom Argentina S.A., AR)
PTR: host201.181-88-192.telecom.net.ar
genrugby.com |
ASN20940 (AKAMAI-ASN1, US)
PTR: a92-123-92-235.deploy.akamaitechnologies.com
www.paypalobjects.com |
ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.112.2O7.net
paypal.112.2o7.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
genrugby.com
genrugby.com Failed |
43 KB |
3 |
paypalobjects.com
www.paypalobjects.com |
|
1 |
2o7.net
paypal.112.2o7.net |
43 B |
1 |
mdn.gov.mz
www.mdn.gov.mz |
218 B |
15 | 4 |
Domain | Requested by | |
---|---|---|
9 | genrugby.com |
genrugby.com
|
3 | www.paypalobjects.com |
genrugby.com
|
1 | paypal.112.2o7.net |
genrugby.com
|
1 | www.mdn.gov.mz | |
15 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.paypal.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.paypalobjects.com Symantec Class 3 EV SSL CA - G3 |
2017-07-11 - 2019-09-02 |
2 years | crt.sh |
This page contains 2 frames:
Frame:
http://genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/
Frame ID: 26940.1
Requests: 2 HTTP requests in this frame
Frame:
http://genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/Connexion.php?cmd=_Connexion&dispatch=5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af4365
Frame ID: 26959.1
Requests: 13 HTTP requests in this frame
1 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request 0- http://genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801
- http://genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/
- http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s49849441174159?AQB=1&ndh=1&t=27/6/2017%206%3A33%3A26%204%200&ce=UTF-8&ns=paypal&pageName=p/gen/cnf/email-password%3A%3A_ece&g=http%3A//genrugby...
- http://paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/s49849441174159?AQB=1&pccr=true&vidn=2CBCC49B05311366-4000012900000891&&ndh=1&t=27/6/2017%206%3A33%3A26%204%200&ce=UTF-8&ns=paypal&pageName=p/ge...
15 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.mdn.gov.mz/components/com_contact/models/forms/ |
261 B 218 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
/
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/ Frame 2695 |
161 B 164 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Connexion.php
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/ Frame 2695 |
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.css
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
60 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
country.css
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
30 B 30 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
global.js
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
47 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
paypal_logo.gif
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
1 KB 1 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pp_naturalsearch.js
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pp_jscode_080706.js
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
29 KB 14 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.css
genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/files/ Frame 2695 |
4 KB 786 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
hdr_search_bg.gif
www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/ Frame 2695 |
373 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
btn_bg_sprite.gif
www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/ Frame 2695 |
373 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
nav_sprite.gif
www.paypalobjects.com/WEBSCR-620-20100330-1/en_US/i/pui/core/ Frame 2695 |
370 B 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
s49849441174159
paypal.112.2o7.net/b/ss/paypalglobal/1/H.19.3/ Frame 2695 Redirect Chain
|
43 B 43 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- genrugby.com
- URL
- http://genrugby.com/components/com_mailto/views/sent/tmpl/regional/5b1f719458b53646b23f0901d367c801/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PayPal (Financial)0 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.genrugby.com/ | Name: s_sess Value: %20s_cc%3Dtrue%3B%20s_refresh%3Dp/gen/cnf/email-password%253A%253A_ece%3B%20s_sq%3D%3B |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
genrugby.com
paypal.112.2o7.net
www.mdn.gov.mz
www.paypalobjects.com
genrugby.com
181.88.192.201
196.3.96.205
66.235.148.144
92.123.92.235
0acf873ad6cb29db53ee5dd4a182913681dd20d020ab21bb18621f063726e92a
29a42e7c3f386785287fa85997e47c00d5d67550097f7f82731d20dc8cf9548d
3a82ad3843ca77f937a1c61cb135a02bd7be6fc90626f9dd2652518dc55c9ebf
568397a8b27bd4417cf61d1491d43ddf5090cad4369d2a48a7379a94a1b9bfa9
6f7bcec3d62d2ecafd6c3dbf5473ca6627f38cf737f537c3639f97753a330b0b
7c18b4d749ec7d193df7be7f9054af4f09418dd2a140e06fe8a9b4902d8a109b
7d59f3b63ab445337909c76e9f89b039886bc873f48547760898fe8fd17b4571
87a2207c48e5927d03764ac10a3ebf6425f801e8a71856b36305431d3b41fe71
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
aca690bfab9822d805ff0da200f8ae2a2c4c50899cc9ad4d1117dbf9aa46d9a6
b14490b59c5123956875bf34e553d721bd43ae99e5b80a376eb15a9593710b48
ba7276139b4cd045b416105b0bb857b837c4eb7991a584251ddcb1f643af78c0
c36bef44937289a54acc239aac93f322ac2f1bf4e880e050d4ad80473a16ca4b
ccf27823816dd9c1674beca235d07d1c65a2dd95ac3e7ec1dbdde0256454bd0f