nakuruwater.co.ke Open in urlscan Pro
198.57.202.28  Malicious Activity! Public Scan

28 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request hphoz.htm Show response nakuruwater.co.ke/wp-admin/Alibab/	17 KB 18 KB	576ms 191ms	Document text/html	198.57.202.28 Unified Layer
General Check archive.org Show headers Download Go to Full URL https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 198.57.202.28 Provo, United States, ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US), Reverse DNS tra.transworldafrica.com Software Apache/2.4.33 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 / Resource Hash 6e7299e7c5f6a35b707102e41c1687b8697453a39fbdb8c024286967f76cbaae Request headers Host nakuruwater.co.ke Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 X-DevTools-Emulate-Network-Conditions-Client-Id 4065AF0BCA3F77DE95CA125D9ADB23AC Response headers Date Thu, 12 Jul 2018 17:51:58 GMT Server Apache/2.4.33 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 Last-Modified Sat, 28 Feb 2015 17:11:20 GMT ETag "44df-5102912e11e00" Accept-Ranges bytes Content-Length 17631 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	sorcing-signin.css login.alibaba.com/css/4v/	3 KB 1 KB	503ms 166ms	Stylesheet text/css	205.204.101.203 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Full URL https://login.alibaba.com/css/4v/sorcing-signin.css?version=20110104 Requested by Host: nakuruwater.co.ke URL: https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm Protocol HTTP/1.1 Server 205.204.101.203 Santa Clara, United States, ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN), Reverse DNS Software / Resource Hash d964bcb73b05d3296862b64ac3d2145d15c1309f39ffa12f10d6671152a3c16c Request headers Referer https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 12 Jul 2018 17:51:59 GMT Content-Encoding gzip Transfer-Encoding chunked Last-Modified Mon, 02 Jul 2018 09:06:46 GMT Connection keep-alive Vary Accept-Encoding Content-Type text/css
GET		sns.css style.alibaba.com/css/4v/myalibaba/	0 0
GET		common.css style.alibaba.com/css/4v/	0 0
GET		navigat.css style.alibaba.com/css/4v/	0 0
GET		navCGS.css style.alibaba.com/css/4v/	0 0
GET		relateJS.css style.alibaba.com/css/4v/	0 0
GET		myalibaba.css style.alibaba.com/css/4v/	0 0
GET		ae.js style.alibaba.com/js/	0 0
GET		myalibaba.js style.alibaba.com/js/	0 0
GET		en.js style.alibaba.com/js/language/	0 0
GET		beacon_en.js img.alibaba.com/js/	0 0
GET H/1.1	200 OK	forget_pwd_images.gif img.alibaba.com/images/eng/style/css_images/myalibaba/	3 KB 3 KB	232ms 228ms	Image image/gif	195.138.255.8 NETZBETRIEB-GMBH
General Check archive.org Show headers Download Go to Show image Full URL http://img.alibaba.com/images/eng/style/css_images/myalibaba/forget_pwd_images.gif Requested by Host: nakuruwater.co.ke URL: https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm Protocol HTTP/1.1 Server 195.138.255.8 , Germany, ASN201011 (NETZBETRIEB-GMBH, DE), Reverse DNS Software Tengine / Resource Hash 3652901d483e8a03d2a86ad2c30dfb80519559e5fd9251f237d72a6971ccd60b Request headers User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 12 Jul 2018 17:51:59 GMT Last-Modified Thu, 22 Jun 2017 09:37:46 GMT Server Tengine FW_IP 195.138.255.8 Content-Type image/gif Access-Control-Allow-Origin * Access-Control-Expose-Headers FW_IP Cache-Control max-age=172800 Connection keep-alive Accept-Ranges bytes Timing-Allow-Origin * Content-Length 2885 Expires Thu, 12 Jul 2018 11:26:28 GMT
GET H/1.1	200 OK	signin_head_bg.png login.alibaba.com/images/eng/style/css_images/	630 B 846 B	166ms 166ms	Image image/png	205.204.101.203 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL https://login.alibaba.com/images/eng/style/css_images/signin_head_bg.png Requested by Host: nakuruwater.co.ke URL: https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm Protocol HTTP/1.1 Server 205.204.101.203 Santa Clara, United States, ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN), Reverse DNS Software / Resource Hash c503a04975b22bed74b1fcca57e22de46147170280df9c321803ba4f2482dc58 Request headers Referer https://login.alibaba.com/css/4v/sorcing-signin.css?version=20110104 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 12 Jul 2018 17:51:59 GMT Last-Modified Mon, 02 Jul 2018 09:06:46 GMT Connection keep-alive Accept-Ranges bytes ETag "5b39eb26-276" Content-Length 630 Content-Type image/png
GET H/1.1	200 OK	alibaba_logo.png login.alibaba.com/images/eng/style/logo/	8 KB 8 KB	332ms 166ms	Image image/png	205.204.101.203 CNNIC-ALIBABA-CN-...
General Check archive.org Show headers Download Go to Show image Full URL https://login.alibaba.com/images/eng/style/logo/alibaba_logo.png Requested by Host: nakuruwater.co.ke URL: https://nakuruwater.co.ke/wp-admin/Alibab/hphoz.htm Protocol HTTP/1.1 Server 205.204.101.203 Santa Clara, United States, ASN45102 (CNNIC-ALIBABA-CN-NET-AP Alibaba (China) Technology Co., Ltd., CN), Reverse DNS Software / Resource Hash 0219efe34cf993a3703ef8d47a913b8532b7015ea4ce1689c93712253a31af6a Request headers Referer https://login.alibaba.com/css/4v/sorcing-signin.css?version=20110104 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Thu, 12 Jul 2018 17:51:59 GMT Last-Modified Mon, 02 Jul 2018 09:06:46 GMT Connection keep-alive Accept-Ranges bytes ETag "5b39eb26-2055" Content-Length 8277 Content-Type image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/myalibaba/sns.css?c=200810221400

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/common.css?c=201012162100

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/navigat.css?c=201009032100

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/navCGS.css?c=201009032100

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/relateJS.css?c=200810221400

Domain

style.alibaba.com

URL

http://style.alibaba.com/css/4v/myalibaba.css?c=20110530

Domain

style.alibaba.com

URL

http://style.alibaba.com/js/ae.js?c=200810221400

Domain

style.alibaba.com

URL

http://style.alibaba.com/js/myalibaba.js?c=200810221400

Domain

style.alibaba.com

URL

http://style.alibaba.com/js/language/en.js

Domain

img.alibaba.com

URL

http://img.alibaba.com/js/beacon_en.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Alibaba (Online)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| dmtrack_c string| dmtrack_pageid function| trackFavorite function| signin

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

img.alibaba.com
login.alibaba.com
nakuruwater.co.ke
style.alibaba.com
img.alibaba.com
style.alibaba.com
195.138.255.8
198.57.202.28
205.204.101.203
0219efe34cf993a3703ef8d47a913b8532b7015ea4ce1689c93712253a31af6a
3652901d483e8a03d2a86ad2c30dfb80519559e5fd9251f237d72a6971ccd60b
6e7299e7c5f6a35b707102e41c1687b8697453a39fbdb8c024286967f76cbaae
c503a04975b22bed74b1fcca57e22de46147170280df9c321803ba4f2482dc58
d964bcb73b05d3296862b64ac3d2145d15c1309f39ffa12f10d6671152a3c16c