URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-...
Submission: On September 03 via manual from US

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 14 HTTP transactions. The main IP is 41.204.161.16, located in Kenya and belongs to KENET-AS, KE. The main domain is www.umma.ac.ke.
TLS certificate: Issued by Let's Encrypt Authority X3 on July 15th 2019. Valid for: 3 months.
This is the only time www.umma.ac.ke was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Target (Retail)

Domain & IP information

IP Address AS Autonomous System
6 41.204.161.16 36914 (KENET-AS)
6 156.55.203.146 18434 (FNIS)
1 151.101.1.195 54113 (FASTLY)
14 4
Apex Domain
Subdomains
Transfer
6 target.com
rcam.target.com
551 KB
6 umma.ac.ke
www.umma.ac.ke
325 KB
1 web.app
track-card.web.app
336 B
14 3
Domain Requested by
6 rcam.target.com www.umma.ac.ke
6 www.umma.ac.ke www.umma.ac.ke
1 track-card.web.app www.umma.ac.ke
14 3

This site contains links to these domains. Also see Links.

Domain
rcam.target.com
www.target.com
Subject Issuer Validity Valid
umma.ac.ke
Let's Encrypt Authority X3
2019-07-15 -
2019-10-13
3 months crt.sh
rcam.target.com
DigiCert SHA2 Secure Server CA
2018-09-24 -
2019-10-02
a year crt.sh
web.app
GTS CA 1O1
2019-02-19 -
2020-02-18
a year crt.sh

This page contains 2 frames:

Primary Page: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Frame ID: E358EB94F00C632349EEE1D451459FC6
Requests: 13 HTTP requests in this frame

Frame: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/saved_resource.html
Frame ID: 40C0D1AB8733D68B168043A8AC932352
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

14
Requests

93 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

876 kB
Transfer

2221 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.umma.ac.ke/wp-includes/activity/targetnew/index/
155 KB
156 KB
Document
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
307fb74a33b3022b70f2497f3191188d4f0aea7d70d29c2501a578c132704e04
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.umma.ac.ke
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Date
Tue, 03 Sep 2019 19:17:56 GMT
Server
Apache
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
0
Content-Length
159001
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
css
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/
0
0

css
rcam.target.com/bundles/
211 KB
42 KB
Stylesheet
General
Full URL
https://rcam.target.com/bundles/css?v=sIveZNzJp18_HLP7hMqMHtZ1HJYdVC8uO0R9I-6XO4Q1
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
da4f4edeee2842eee016a1a138fa5811ce3179cc1602752224854d8ec7a770ea
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
ntCoent-Length
216518
Transfer-Encoding
chunked
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2019 19:17:57 GMT
Server
eZCard
X-Frame-Options
SAMEORIGIN
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Machine-Name
WB01
Vary
User-Agent
Access-Control-Allow-Methods
GET, PUT, POST, OPTIONS, DELETE
Content-Type
text/css; charset=utf-8
Access-Control-Allow-Origin
rcam.target.com, null
Cache-Control
private
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Access-Control-Allow-Headers
null
Expires
Wed, 02 Sep 2020 19:17:57 GMT
modernizr
rcam.target.com/bundles/
11 KB
6 KB
Script
General
Full URL
https://rcam.target.com/bundles/modernizr?v=YW8jDg0T8iocvUwhCOjeAtql8F2f08tm10dlTXSymBk1
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
2536430b235aa738133ab5e89f4c02123b2b02b54884100930e5d6293c93d83f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
ntCoent-Length
11171
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length
4665
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
eZCard
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Machine-Name
WB10
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, PUT, POST, OPTIONS, DELETE
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
rcam.target.com, null
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Access-Control-Allow-Headers
null
Expires
-1
022239b7-6807-405c-a880-00674c4ed325
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/
63 KB
63 KB
Image
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/022239b7-6807-405c-a880-00674c4ed325
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
aaa0e36dd2faec5d0f7226089281d0c9faa8900ddbc53826db558e35568e51e2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Aug 2019 00:51:52 GMT
Server
Apache
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
64646
X-XSS-Protection
1; mode=block
Expires
0
1c458642-8677-4bb8-a03e-ebfdf9d7627d
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/
17 KB
18 KB
Image
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/1c458642-8677-4bb8-a03e-ebfdf9d7627d
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
8e53953f90ff52f3c55f7e7050af2e17fa6f1879694db4c1672e36bbbb2e9321
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Aug 2019 00:51:52 GMT
Server
Apache
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
17869
X-XSS-Protection
1; mode=block
Expires
0
8ef4f20e-8b91-406a-808c-3278f94b9021
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/
26 KB
26 KB
Image
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/8ef4f20e-8b91-406a-808c-3278f94b9021
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
c59e2ee2b0d32a173bd48a79729ea70024f843163a595473d23c18a1078816c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Sep 2019 19:17:58 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Aug 2019 00:51:52 GMT
Server
Apache
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
26134
X-XSS-Protection
1; mode=block
Expires
0
58c253b6-ee93-4521-8633-5b55ca418030
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/
56 KB
57 KB
Image
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/58c253b6-ee93-4521-8633-5b55ca418030
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
ca454202a9ab11a154de6b845a28d481cf1c11b727dab70a2df7a4dc3a22f540
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 03 Sep 2019 19:17:58 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 29 Aug 2019 00:51:52 GMT
Server
Apache
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
57795
X-XSS-Protection
1; mode=block
Expires
0
vendors
rcam.target.com/bundles/
1 MB
465 KB
Script
General
Full URL
https://rcam.target.com/bundles/vendors?v=4GlOgOZoNBMaP_coUXUwiGAwa-sPXXP5iPOAsY1KI1c1
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
e1e83dbd4efa1f0f489d9d18955ddea04796e1faffb9af3d090745f442c7e767
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
ntCoent-Length
1571433
Transfer-Encoding
chunked
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
eZCard
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Machine-Name
WB12
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, PUT, POST, OPTIONS, DELETE
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
rcam.target.com, null
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Access-Control-Allow-Headers
null
Expires
-1
angular-locale_en-US.js
rcam.target.com/Scripts/i18n/
3 KB
2 KB
Script
General
Full URL
https://rcam.target.com/Scripts/i18n/angular-locale_en-US.js
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
be1a99b11acde26fa93149b45583b86994c7d7e388ffd24b0b4da17eb7d33f4b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary
Accept-Encoding
Content-Length
964
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 17 Jun 2019 15:45:36 GMT
Server
eZCard
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
null
Access-Control-Allow-Credentials
true
ETag
"01085b42325d51:0"
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Accept-Ranges
bytes
Access-Control-Allow-Headers
null
login
rcam.target.com/bundles/
1 KB
2 KB
Script
General
Full URL
https://rcam.target.com/bundles/login?v=N-zpb67vi3rJeAvoIQ_Y6COz3-pTTvGHrQlv8vTcLb01
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
7a4bebd26512743d657d52bcab9d211c67a6f1b223c2ed156114695fc88470d0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
ntCoent-Length
1196
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Content-Length
626
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
eZCard
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Machine-Name
WB12
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, PUT, POST, OPTIONS, DELETE
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
rcam.target.com, null
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Access-Control-Allow-Headers
null
Expires
-1
login-dependencies
rcam.target.com/bundles/
137 KB
34 KB
Script
General
Full URL
https://rcam.target.com/bundles/login-dependencies?v=9sFN9xzVvzpkPDnKZ7M_6mxvrUlQD6xTLVu57dPMLQk1
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
156.55.203.146 , United States, ASN18434 (FNIS - Fidelity National Information Services, Inc., US),
Reverse DNS
aka6042-rcam.fisglobal.com
Software
eZCard / ASP.NET
Resource Hash
f311cd841c85de6a019c1c6f8080b04f4325d40badbdbf4a12dd982744171554
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
ntCoent-Length
140230
Transfer-Encoding
chunked
P3P
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
X-XSS-Protection
1; mode=block
Pragma
no-cache
Server
eZCard
Date
Tue, 03 Sep 2019 19:17:57 GMT
X-Machine-Name
WB12
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, PUT, POST, OPTIONS, DELETE
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
rcam.target.com, null
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Content-Security-Policy
default-src 'self'; connect-src 'self'; font-src fonts.gstatic.com 'self' data:; img-src 'self' csi.gstatic.com data:; media-src 'self'; object-src 'self'; script-src 'unsafe-inline' 'self'; style-src fonts.googleapis.com 'unsafe-inline' 'self';
Access-Control-Allow-Headers
null
Expires
-1
track
track-card.web.app/
35 B
336 B
Image
General
Full URL
https://track-card.web.app/track
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.195 , United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Google Frontend / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 03 Sep 2019 19:17:59 GMT
server
Google Frontend
x-timer
S1567538279.790747,VS0,VE641
x-powered-by
Express
x-served-by
cache-fra19150-FRA
vary
cookie,need-authorization, x-fh-requested-host, accept-encoding
x-cache
MISS
content-type
image/gif
status
200
x-cloud-trace-context
67ab3d0c5d5722ebcb302a964854c186;o=1
cache-control
private
function-execution-id
yrkgesgbdvcx
accept-ranges
bytes, bytes
content-length
35
x-cache-hits
0
saved_resource.html
www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/ Frame 40C0
5 KB
5 KB
Document
General
Full URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/saved_resource.html
Requested by
Host: www.umma.ac.ke
URL: https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
41.204.161.16 , Kenya, ASN36914 (KENET-AS, KE),
Reverse DNS
cp-uon.kenet.or.ke
Software
Apache /
Resource Hash
069c30b8be95c95254ef2e863008030974e321738e3123ca59bcc672c117ba58
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
www.umma.ac.ke
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
same-origin
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
nested-navigate
Referer
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/?7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65-7777772e756d6d612e61632e6b65

Response headers

Date
Tue, 03 Sep 2019 19:17:58 GMT
Server
Apache
Last-Modified
Thu, 29 Aug 2019 00:51:52 GMT
Accept-Ranges
bytes
Content-Length
5230
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
0
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Content-Type
text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.umma.ac.ke
URL
https://www.umma.ac.ke/wp-includes/activity/targetnew/index/Login_files/css

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Target (Retail)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| OqGXLMP function| YeKGDvQ object| less object| html5 object| Modernizr undefined| msViewportStyle undefined| mq function| CODE39 function| appendText object| deployJava object| ngFileUpload function| $ function| jQuery function| JsBarcode function| _ function| introJs object| angular object| angulartics object| breeze function| Mousetrap object| toastr function| moment function| numeral function| Spinner

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block