brightpointenterprises.co.ke Open in urlscan Pro
197.211.1.26 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://brightpointenterprises.co.ke:8080/?em=ke.service@sc.com&key=brightpointenterprises.co.ke
Submission: On October 26 via automatic, source openphish (October 26th 2021, 1:24:52 pm UTC) — Scanned from DE

Summary HTTP 2 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 197.211.1.26, located in Kenya and belongs to WANANCHI-, KE. The main domain is brightpointenterprises.co.ke.

This is the only time brightpointenterprises.co.ke was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1	197.211.1.26 197.211.1.26	15399 (WANANCHI-) (WANANCHI-)
1	104.111.228.123 104.111.228.123	16625 (AKAMAI-AS) (AKAMAI-AS)
2	3

1 197.211.1.26 (Kenya)

ASN15399 (WANANCHI-, KE)
PTR: webhost.simbanet.co.ke

brightpointenterprises.co.ke	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.111.228.123 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-228-123.deploy.static.akamaitechnologies.com

www.paypalobjects.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
1	paypalobjects.com www.paypalobjects.com	49 KB
1	brightpointenterprises.co.ke brightpointenterprises.co.ke	1 MB
2	2

	Domain	Requested by
1	www.paypalobjects.com	brightpointenterprises.co.ke
1	brightpointenterprises.co.ke
2	2

This site contains links to these domains. Also see Links.

Domain
www.paypal.com

Subject Issuer	Validity	Valid
www.paypal.com DigiCert SHA2 Extended Validation Server CA	`2021-09-28` - `2022-01-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://brightpointenterprises.co.ke:8080/?em=ke.service@sc.com&key=brightpointenterprises.co.ke
Frame ID: 9DA90BB6B4CE9225A96A9E3EA37FCE1A
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Loggen Sie sich bei PayPal ein

Detected technologies

PayPal (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

paypalobjects\.com

Page Statistics

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1339 kB
Transfer

1343 kB
Size

1
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://www.paypal.com/authflow/password-recovery/?redirectUri=%252Fsignin%253FreturnUri%253Dhttps%25253A%25252F%25252Fwww.paypal.com%25252Fmyaccount%25252Fsummary%2526state%253D%25253Fcountry.x%25253DDE%252526locale.x%25253Dde_DE&country.x=DE&locale.x=de_DE
Title: Passwort vergessen?

Search URL Search Domain Scan URL

URL: https://www.paypal.com/signin?returnUri=https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Fsummary&state=%3Fcountry.x%3DDE%26locale.x%3Dde_DE&country.x=DE&locale.x=de_DE&langTgl=de
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.paypal.com/%7BcoBrand%7D/cgi-bin/helpscr?cmd=_help
Title: Wir sind für Sie da

Search URL Search Domain Scan URL

URL: https://www.paypal.com/de/smarthelp/contact-us
Title: Kontakt

Search URL Search Domain Scan URL

URL: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
Title: Datenschutz

Search URL Search Domain Scan URL

URL: https://www.paypal.com/de/webapps/mpp/ua/legalhub-full
Title: AGB

Search URL Search Domain Scan URL

URL: https://www.paypal.com/de/webapps/mpp/country-worldwide
Title: Weltweit

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set / Show response
brightpointenterprises.co.ke/ 1 MB
1 MB 1677ms
1432ms Document
text/html 197.211.1.26
WANANCHI-

General

Check archive.org

Show headers Download Go to

Full URL

http://brightpointenterprises.co.ke:8080/?em=ke.service@sc.com&key=brightpointenterprises.co.ke

Protocol

HTTP/1.1

Server

197.211.1.26 , Kenya, ASN15399 (WANANCHI-, KE),

Reverse DNS

webhost.simbanet.co.ke

Software

WSGIServer/0.2 CPython/3.6.6 /

Resource Hash

b84b438605502b5b620598562d875acfbe5f1e2ef6b089daf884f5c23022ad62

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Host: brightpointenterprises.co.ke:8080
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Date: Tue, 26 Oct 2021 13:24:44 GMT
Server: WSGIServer/0.2 CPython/3.6.6
Content-Type: text/html; charset=utf-8
X-Frame-Options: DENY
Vary: Cookie
Content-Length: 1172787
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Set-Cookie: csrftoken=lBXb7OskjzigVgHCPfbsOlbK1zTpctCjRL0liA1cWrvkgfZig6Xg3wWHika3HjPh; expires=Tue, 25 Oct 2022 13:24:44 GMT; Max-Age=31449600; Path=/; SameSite=Lax

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://brightpointenterprises.co.ke:8080/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 49 KB
49 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47

Request headers

Referer: http://brightpointenterprises.co.ke:8080/
Origin: http://brightpointenterprises.co.ke:8080
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 46 KB
46 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8

Request headers

Referer: http://brightpointenterprises.co.ke:8080/
Origin: http://brightpointenterprises.co.ke:8080
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 50 KB
50 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43

Request headers

Referer: http://brightpointenterprises.co.ke:8080/
Origin: http://brightpointenterprises.co.ke:8080
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: font/woff

GET
H2 200 sprite_countries_flag4.png
www.paypalobjects.com/webstatic/mktg/icons/ 48 KB
49 KB 51ms
10ms Image
image/webp 104.111.228.123
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.paypalobjects.com/webstatic/mktg/icons/sprite_countries_flag4.png

Requested by

Host: brightpointenterprises.co.ke
URL: http://brightpointenterprises.co.ke:8080/?em=ke.service@sc.com&key=brightpointenterprises.co.ke

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.111.228.123 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-228-123.deploy.static.akamaitechnologies.com

Software

Akamai Image Manager /

Resource Hash

9a96bec193d9cab5e4d01108de857530a2775363c08273c320b8cfb03bffa358

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://brightpointenterprises.co.ke:8080/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

date: Tue, 26 Oct 2021 13:24:46 GMT
x-content-type-options: nosniff
x-check-cacheable: YES
x-serial: 1245
etag: "XyrhkHZDOkR7RmyrX11SqXi9LE9tzruVrgkvFWDhG7A"
strict-transport-security: max-age=31536000
content-type: image/webp
cache-control: private, no-transform, max-age=43200
last-modified: Fri, 21 May 2021 02:31:12 GMT
content-length: 49586
server: Akamai Image Manager
expires: Wed, 27 Oct 2021 01:24:46 GMT

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Content-Type: image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			brightpointenterprises.co.ke/	1970-01-20 06:58:24	Name: csrftoken Value: lBXb7OskjzigVgHCPfbsOlbK1zTpctCjRL0liA1cWrvkgfZig6Xg3wWHika3HjPh

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

brightpointenterprises.co.ke
www.paypalobjects.com
104.111.228.123
197.211.1.26
4b16c98214d45bedb1513b7fd53a02ce204f6a2091a920c3122fb213168c3139
4d5c29e41277f543455e865a69634f17a2846fd001553890d5801379df3a7c47
9a96bec193d9cab5e4d01108de857530a2775363c08273c320b8cfb03bffa358
ae79dcc3eb016922caa1d095cfd936446bc65a46bb3364b242dfc556f7e3c6a8
b3f1bf1d5e25838bcad8535a2b700486644f4ea888e46c77d3e82783cb9da1b4
b84b438605502b5b620598562d875acfbe5f1e2ef6b089daf884f5c23022ad62
ba20c92df54a4333cc16983eb8c0043e0ea8781319e03edcf6d5093cd109cf43
d2847bea03b68a100caf41aca4d972b58368b4ee956ab13dde15963d905d7c24

brightpointenterprises.co.ke Open in urlscan Pro 197.211.1.26 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

2 Requests

50 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

1339 kBTransfer

1343 kBSize

1 Cookies

8 Outgoing links

Redirected requests

2 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

brightpointenterprises.co.ke Open in urlscan Pro
197.211.1.26 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

2
Requests

50 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1339 kB
Transfer

1343 kB
Size

1
Cookies

2 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!