www.umma.ac.ke
Open in
urlscan Pro
41.204.161.16
Malicious Activity!
Public Scan
Submission: On September 03 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on July 15th 2019. Valid for: 3 months.
This is the only time www.umma.ac.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Target (Retail)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
6 | 41.204.161.16 41.204.161.16 | 36914 (KENET-AS) (KENET-AS) | |
6 | 156.55.203.146 156.55.203.146 | 18434 (FNIS) (FNIS - Fidelity National Information Services) | |
1 | 151.101.1.195 151.101.1.195 | 54113 (FASTLY) (FASTLY - Fastly) | |
14 | 4 |
ASN18434 (FNIS - Fidelity National Information Services, Inc., US)
PTR: aka6042-rcam.fisglobal.com
rcam.target.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
target.com
rcam.target.com |
551 KB |
6 |
umma.ac.ke
www.umma.ac.ke |
325 KB |
1 |
web.app
track-card.web.app |
336 B |
14 | 3 |
Domain | Requested by | |
---|---|---|
6 | rcam.target.com |
www.umma.ac.ke
|
6 | www.umma.ac.ke |
www.umma.ac.ke
|
1 | track-card.web.app |
www.umma.ac.ke
|
14 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
rcam.target.com |
www.target.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
umma.ac.ke Let's Encrypt Authority X3 |
2019-07-15 - 2019-10-13 |
3 months | crt.sh |
rcam.target.com DigiCert SHA2 Secure Server CA |
2018-09-24 - 2019-10-02 |
a year | crt.sh |
web.app GTS CA 1O1 |
2019-02-19 - 2020-02-18 |
a year | crt.sh |
This page contains 2 frames:
Primary Page:
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Frame ID: E358EB94F00C632349EEE1D451459FC6
Requests: 13 HTTP requests in this frame
Frame:
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/saved_resource.html
Frame ID: 40C0D1AB8733D68B168043A8AC932352
Requests: 1 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
Title: Skip to Main Content
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title: Sign Up
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
www.umma.ac.ke/wp-includes/activity/targetnew/index/ |
155 KB 156 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
rcam.target.com/bundles/ |
211 KB 42 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr
rcam.target.com/bundles/ |
11 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
022239b7-6807-405c-a880-00674c4ed325
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ |
63 KB 63 KB |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
1c458642-8677-4bb8-a03e-ebfdf9d7627d
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ |
17 KB 18 KB |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
8ef4f20e-8b91-406a-808c-3278f94b9021
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ |
26 KB 26 KB |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
58c253b6-ee93-4521-8633-5b55ca418030
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ |
56 KB 57 KB |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendors
rcam.target.com/bundles/ |
1 MB 465 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
angular-locale_en-US.js
rcam.target.com/Scripts/i18n/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login
rcam.target.com/bundles/ |
1 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
login-dependencies
rcam.target.com/bundles/ |
137 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
track
track-card.web.app/ |
35 B 336 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
saved_resource.html
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ Frame 40C0 |
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.umma.ac.ke
- URL
- https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/css
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Target (Retail)24 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| OqGXLMP function| YeKGDvQ object| less object| html5 object| Modernizr undefined| msViewportStyle undefined| mq function| CODE39 function| appendText object| deployJava object| ngFileUpload function| $ function| jQuery function| JsBarcode function| _ function| introJs object| angular object| angulartics object| breeze function| Mousetrap object| toastr function| moment function| numeral function| Spinner0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
rcam.target.com
track-card.web.app
www.umma.ac.ke
www.umma.ac.ke
151.101.1.195
156.55.203.146
41.204.161.16
069c30b8be95c95254ef2e863008030974e321738e3123ca59bcc672c117ba58
2536430b235aa738133ab5e89f4c02123b2b02b54884100930e5d6293c93d83f
307fb74a33b3022b70f2497f3191188d4f0aea7d70d29c2501a578c132704e04
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
7a4bebd26512743d657d52bcab9d211c67a6f1b223c2ed156114695fc88470d0
8e53953f90ff52f3c55f7e7050af2e17fa6f1879694db4c1672e36bbbb2e9321
aaa0e36dd2faec5d0f7226089281d0c9faa8900ddbc53826db558e35568e51e2
be1a99b11acde26fa93149b45583b86994c7d7e388ffd24b0b4da17eb7d33f4b
c59e2ee2b0d32a173bd48a79729ea70024f843163a595473d23c18a1078816c8
ca454202a9ab11a154de6b845a28d481cf1c11b727dab70a2df7a4dc3a22f540
da4f4edeee2842eee016a1a138fa5811ce3179cc1602752224854d8ec7a770ea
e1e83dbd4efa1f0f489d9d18955ddea04796e1faffb9af3d090745f442c7e767
f311cd841c85de6a019c1c6f8080b04f4325d40badbdbf4a12dd982744171554