mail.auca.ac.rw
Open in
urlscan Pro
197.243.16.118
Malicious Activity!
Public Scan
Submission: On February 15 via automatic, source openphish
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on January 25th 2020. Valid for: 3 months.
This is the only time mail.auca.ac.rw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 197.243.16.118 197.243.16.118 | 37228 (Olleh-Rwa...) (Olleh-Rwanda-Networks) | |
3 | 2a00:86c0:209... 2a00:86c0:2091::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
6 | 2a00:86c0:209... 2a00:86c0:2090::1 | 40027 (NETFLIX-ASN) (NETFLIX-ASN) | |
1 3 | 91.235.133.103 91.235.133.103 | 30286 (THM) (THM) | |
18 | 4 |
ASN37228 (Olleh-Rwanda-Networks, RW)
PTR: Rebero-WHM.idc.bsc.rw
mail.auca.ac.rw |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
nflxext.com
codex.nflxext.com assets.nflxext.com |
657 KB |
7 |
auca.ac.rw
mail.auca.ac.rw |
446 KB |
3 |
netflix.com
1 redirects
secured.netflix.com |
1 KB |
18 | 3 |
Domain | Requested by | |
---|---|---|
7 | mail.auca.ac.rw |
mail.auca.ac.rw
codex.nflxext.com |
6 | assets.nflxext.com |
mail.auca.ac.rw
|
3 | secured.netflix.com |
1 redirects
mail.auca.ac.rw
|
3 | codex.nflxext.com |
mail.auca.ac.rw
|
18 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
help.netflix.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mail.auca.ac.rw cPanel, Inc. Certification Authority |
2020-01-25 - 2020-04-24 |
3 months | crt.sh |
*.1.nflxso.net DigiCert SHA2 Secure Server CA |
2020-02-09 - 2020-03-12 |
a month | crt.sh |
secured.netflix.com DigiCert SHA2 Secure Server CA |
2020-01-27 - 2021-01-27 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://mail.auca.ac.rw/d1/
Frame ID: 32504A55479BC19827A8BCD2707B78E1
Requests: 18 HTTP requests in this frame
Screenshot
Detected technologies
OpenSSL (Web Server Extensions) ExpandDetected patterns
- headers server /OpenSSL(?:\/([\d.]+[a-z]?))?/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: FAQ
Search URL Search Domain Scan URL
Title: Help Center
Search URL Search Domain Scan URL
Title: Terms of Use
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Cookie Preferences
Search URL Search Domain Scan URL
Title: Corporate Information
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=c79f559c-3670-4797-a1aa-230db8d3601e&m=2 HTTP 302
- https://secured.netflix.com/fp/clear.png?org_id=lg9m47ph&session_id=c79f559c-3670-4797-a1aa-230db8d3601e&k=1
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
mail.auca.ac.rw/d1/ |
443 KB 444 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/bootstrap.js,common%7Cbootstrap.js/2/4M024l4k484m444u4L050n004N4p4e4w4n4G4a4v4i4y4c4b4F08014I12/bck/true/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-js-v83299c38/js/js/signup%7Csimplicity%7CsimpleSignupClient.js/2/4M024l4k484m444u4L050n004N4p4e4w4n4G4a4v4i4y4c4b4F08014I12/l/true/ |
1 MB 417 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
mail.auca.ac.rw/personalization/cl2/freeform/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
none
codex.nflxext.com/%5E3.0.0/truthBundle/webui/0.0.1-shakti-css-v83299c38/css/css/less%7Cpages%7Csignup%7Csimplicity%7Csimplicity.less/1/4zJBR6xAlmLcIPQ/none/true/ |
258 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
visa.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mastercard.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
8 KB 9 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
amex.svg
assets.nflxext.com//ffe/siteui/acquisition/payment/svg/ |
7 KB 8 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ Redirect Chain
|
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
WebsiteDetect
mail.auca.ac.rw/personalization/cl2/freeform/ |
12 B 486 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
clear.png
secured.netflix.com/fp/ |
81 B 474 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Rg.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
52 KB 52 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
NetflixSans_W_Md.woff2
assets.nflxext.com/ffe/siteui/fonts/netflix-sans/v3/ |
53 KB 53 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nf-icon-v1-93.woff
assets.nflxext.com/ffe/siteui/fonts/ |
72 KB 72 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
log
mail.auca.ac.rw/personalization/ |
12 B 487 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
mail.auca.ac.rw/personalization/ |
12 B 486 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
mail.auca.ac.rw/personalization/ |
12 B 486 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
cl2
mail.auca.ac.rw/personalization/ |
12 B 486 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate object| netflix object| Codex object| C object| global object| process object| util function| jQuery object| jQuery111100428741486471331261 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.mail.auca.ac.rw/ | Name: cL Value: 1581770594276%7C158177059480804675%7C158177059444566299%7C%7C4%7CZAVYCC7XRZHTHARE5JYDUBIJVI |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.nflxext.com
codex.nflxext.com
mail.auca.ac.rw
secured.netflix.com
197.243.16.118
2a00:86c0:2090::1
2a00:86c0:2091::1
91.235.133.103
3b28492467556c72e072a1c85f1f706d61e1a88686781724f97b86a20083df09
3c6bda948f396b0857aa4bd9ab4338611ab8508783735e3de9c39677250a2a44
725a68e152881043d0925fabbc0e5fcee2a0793d381d006265d6c00ef8307611
753c483f1dcfaa249946b5f1a07867ea634a60c13a91e056aadd47b2b177fb9d
8ba1ccdf3062f0b12b673c4f6822e315e813a057b2581036403ea24d3bc05506
95518cbec0d55a574a9c8ef72a2a7d62ac0d40a4de5dfe67a76a7d214dc8b743
98351a35f23312c149c5fd1431b3a8d6df7d5975f2fde233957918b2f7dc3abd
98713b53a74ebe7e326353080c5f1653e83af61d6363c0b3c4c67d6d24197b4d
9ac2bd03fcde501b3f30f47ab1fae62161f87808ea6411f38e8feaa4bbddc42e
c0bceb927c506dce9f6e6f5f570e641ad580b9554be06f61508a4aee32380167
cf4d9e1a0c7877bda20a2f86d6a0ff6916ec3738dfd4c28805d2936bb9ba07bd
d58ace4a499345d17fa2758de064ae44388f74e89f064b2a5794841e75b913f2