kenbright.co.ke
Open in
urlscan Pro
2606:4700:3034::681b:8ab0
Malicious Activity!
Public Scan
Effective URL: https://kenbright.co.ke/downloads/no/
Submission: On November 29 via manual from ES
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on July 30th 2020. Valid for: a year.
This is the only time kenbright.co.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Posten Norge (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 3.104.13.187 3.104.13.187 | 16509 (AMAZON-02) (AMAZON-02) | |
22 | 2606:4700:303... 2606:4700:3034::681b:8ab0 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 2 |
ASN16509 (AMAZON-02, US)
PTR: awcp069.server-cpanel.com
rotoruaseniornet.gen.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
22 |
kenbright.co.ke
kenbright.co.ke |
64 KB |
1 |
rotoruaseniornet.gen.nz
rotoruaseniornet.gen.nz |
449 B |
23 | 2 |
Domain | Requested by | |
---|---|---|
22 | kenbright.co.ke |
rotoruaseniornet.gen.nz
kenbright.co.ke |
1 | rotoruaseniornet.gen.nz | |
23 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
adressesok.posten.no |
www.postennorge.no |
www.bring.no |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-30 - 2021-07-30 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://kenbright.co.ke/downloads/no/
Frame ID: E88D406B7114949648B3B445C17D2C86
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://rotoruaseniornet.gen.nz/wp-antis.php Page URL
- https://kenbright.co.ke/downloads/no/ Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Adresser, postnummer og personer
Search URL Search Domain Scan URL
Title: Om Posten Norge
Search URL Search Domain Scan URL
Title: Jobb i Posten
Search URL Search Domain Scan URL
Title: For bedrifter
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://rotoruaseniornet.gen.nz/wp-antis.php Page URL
- https://kenbright.co.ke/downloads/no/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
wp-antis.php
rotoruaseniornet.gen.nz/ |
217 B 449 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
kenbright.co.ke/downloads/no/ |
121 KB 34 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fonts.css
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
2 KB 823 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
posten.css
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
211 KB 27 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postenstyle.css
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.a5ef78fe.chunk.css
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
1 KB 792 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hotjar-507531.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
modules.ccf3339b0b1130e2b4c5.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.min.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
_hedwig-commons.css
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Regular.woff2
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Medium.woff2
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Bold.woff2
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icons.min.js.t%C3%A9l%C3%A9chargement
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Regular.woff
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Medium.woff
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Bold.woff
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Regular.ttf
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Medium.ttf
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PostenSans-Bold.ttf
kenbright.co.ke/downloads/no/Digitalt%20frimerke%20og%20henting%20i%20postkassen_files/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Posten Norge (Transportation)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
kenbright.co.ke/ | Name: PHPSESSID Value: 959e29774a13046c7caa44ef30df7e4a |
|
.kenbright.co.ke/ | Name: __cfduid Value: d223528a1fced6210f6def929877b6e691606686943 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
kenbright.co.ke
rotoruaseniornet.gen.nz
2606:4700:3034::681b:8ab0
3.104.13.187
0b95259c3797907d8272f8c468f86c17ae6a74fa92afbad115f594130e25fbc0
1134256f242c62e0735e425560bd916d917fbcad487fb28dbf2ef48736e7ec10
15fe5eb8bea05d6d4b49245b36c4b56c382d4309ef8bd83117a8766a68581e19
304a57945a1b44c2f502ddb3d2b2f315f7baa57c4c3f1f47c00f499f71ef38c2
84f943c5a27c6f32d37a38626421e6594460b6d31337472c63bd30f9c36486fa
8debce8697d49bc2224e61e79e9ad8ee564d5b78cd8ac7913af61a072ea04368