seancardovillis.co.ke
Open in
urlscan Pro
41.217.220.14
Malicious Activity!
Public Scan
Submitted URL: https://email.replies.msgsndr.com/c/eJwVjctqwzAURL_G2lXo6uFICy-CSwot9LH1pti617aw_EBKKMnXV4GBgTnMjP8N2LRrNPB4fRvSYzl-uqW9iJbF3T-Z_c...
Effective URL: https://seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/cw.php
Submission: On March 12 via automatic, source openphish — Scanned from DE
Effective URL: https://seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/cw.php
Submission: On March 12 via automatic, source openphish — Scanned from DE
Summary
This website contacted 4 IPs
in 4 countries
across 5 domains to perform 21 HTTP transactions.
The main IP is 41.217.220.14, located in
Nairobi, Kenya and
belongs to MyISP-AS, KE.
The main domain is seancardovillis.co.ke.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2022. Valid for: 3 months.
This is the only time seancardovillis.co.ke was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2022. Valid for: 3 months.
This is the only time seancardovillis.co.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Royal Mail (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 52.42.254.21 52.42.254.21 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 1 | 45.126.58.78 45.126.58.78 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
| 17 | 41.217.220.14 41.217.220.14 | 37109 (MyISP-AS) (MyISP-AS) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
| 3 | 2a04:4e42:62:... 2a04:4e42:62::760 | 54113 (FASTLY) (FASTLY) | |
| 21 | 4 |
1
52.42.254.21
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-254-21.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-254-21.us-west-2.compute.amazonaws.com
| email.replies.msgsndr.com |
1
45.126.58.78
(Indonesia)
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
| s.id |
17
41.217.220.14
(Nairobi, Kenya)
ASN37109 (MyISP-AS, KE)
PTR: web.myisp.co.ke
ASN37109 (MyISP-AS, KE)
PTR: web.myisp.co.ke
| seancardovillis.co.ke |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 17 |
seancardovillis.co.ke
seancardovillis.co.ke |
3 MB |
| 3 |
scdn.co
encore.scdn.co — Cisco Umbrella Rank: 23236 |
182 KB |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35 |
1 KB |
| 1 |
s.id
1 redirects
s.id — Cisco Umbrella Rank: 137591 |
165 B |
| 1 |
msgsndr.com
1 redirects
email.replies.msgsndr.com |
104 B |
| 21 | 5 |
| Domain | Requested by | |
|---|---|---|
| 17 | seancardovillis.co.ke |
seancardovillis.co.ke
|
| 3 | encore.scdn.co |
seancardovillis.co.ke
|
| 1 | fonts.googleapis.com |
seancardovillis.co.ke
|
| 1 | s.id | 1 redirects |
| 1 | email.replies.msgsndr.com | 1 redirects |
| 21 | 5 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| seancardovillis.co.ke cPanel, Inc. Certification Authority |
2022-02-12 - 2022-05-13 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-02-17 - 2022-05-12 |
3 months | crt.sh |
| *.scdn.co DigiCert TLS RSA SHA256 2020 CA1 |
2021-08-06 - 2022-09-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/cw.php
Frame ID: B078DF0D852241FE1B7E8FFFC78E51E5
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Royal Mail | Royal Mail Group Ltd2D569042-6990-413A-805A-A46371AB1EFDPage URL History Show full URLs
-
https://email.replies.msgsndr.com/c/eJwVjctqwzAURL_G2lXo6uFICy-CSwot9LH1pti617aw_EBKKMnXV4GBgTnMjP8N2LRrNPB4fR...
HTTP 302
https://s.id/-ZOl6 HTTP 301
https://seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/cw.php Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
Modernizr
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- ([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://email.replies.msgsndr.com/c/eJwVjctqwzAURL_G2lXo6uFICy-CSwot9LH1pti617aw_EBKKMnXV4GBgTnMjP8N2LRrNPB4fRvSYzl-uqW9iJbF3T-Z_cTuWyyTndUYNvX-cXc1K_Fo-0Gz0EghpVAAwunaADek-hrAoSOtrZeVFomOGCjzNU95w8T9vrK5AUPeSVuqJE94MgS9tYSD00CIHlhs5uv1yJU6V_JSlHnAYi_dV6xZaiaf-r9xT1gehnij-74hPcf5bfkHMgBByw
HTTP 302
https://s.id/-ZOl6 HTTP 301
https://seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/cw.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
cw.php
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/ Redirect Chain
|
115 KB 116 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css_SYR0Qq8YwmESAAIOEGtOfDOA9tIp-ctfHW94R06ZhhY.css
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/css/ |
36 KB 36 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css_QlabOo4VNpAebmUmvOxhFqxUG4LxWABx_DkIKD-Ifgs.css
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/css/ |
658 KB 658 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pci.75aa2049cb.css
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/css/ |
94 KB 94 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
style.css
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/css/ |
15 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.png
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/img/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
SafeSpace-logo467e.png
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
js_N_KI8fthkjX7PMyEOVoTHk1Nru3hwZCDrPmp_fDKE3I.js
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/js/ |
112 KB 113 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
js_QThlIBonszlDw-hJxT2OLanJkLgFOxp8JROF-JavXVs.js
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/js/ |
2 MB 2 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
modernizr.minacee.js
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/js/ |
5 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
op.js
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/js/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
16 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
search-white.svg
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/icons_fill/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
549 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rml-textured-background.png
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/img/ |
12 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keep-me-posted.png
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
CircularSpotify-UI-Latin-OS2v3-Book.woff2
encore.scdn.co/1.2.3/ |
59 KB 59 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
pfdintextstd-bold-webfont.woff
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/fonts/pf-din-text-std/pf-din-text-std-bold/ |
33 KB 33 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
CircularSpotify-UI-Latin-OS2v3-Bold.woff2
encore.scdn.co/1.2.3/ |
63 KB 63 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chevin-medium.woff
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/fonts/chevin/chevin-medium/ |
34 KB 34 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
chevin-bold.woff
seancardovillis.co.ke/wp-content/plugins/sl33per/royal/Play/src/fonts/chevin/chevin-bold/ |
35 KB 35 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
CircularSpotify-UI-Latin-OS2v3-Medium.woff2
encore.scdn.co/1.2.3/ |
60 KB 61 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Royal Mail (Government)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone object| oncontextlost object| oncontextrestored undefined| $ function| jQuery object| drupalSettings object| Drupal object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ function| moment object| Cookies object| Modernizr function| cc_format function| formatString1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| seancardovillis.co.ke/ | Name: PHPSESSID Value: 5de5fcc04ed9f98b2f1b0e14013e26d4 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
email.replies.msgsndr.com
encore.scdn.co
fonts.googleapis.com
s.id
seancardovillis.co.ke
2a00:1450:4001:82b::200a
2a04:4e42:62::760
41.217.220.14
45.126.58.78
52.42.254.21
1e06b3b8ed8d91022c8192923eb0d0a913596d088312b8bdc0c3b6dd2361627a
29940bce3f5bb33da6d5b9c69ffc487ce30e1fe3c458f35d5cef3794e341e042
3060f58cd766bb2fcaab5b176a99cc2d731086d6b895137554ceac63ee31db03
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
37f288f1fb619235fb3ccc84395a131e4d4daeede1c19083acf9a9fdf0ca1372
413865201a27b33943c3e849c53d8e2da9c990b8053b1a7c251385f896af5d5b
54576498d5d389761af7c4250534c39ed4e43a2954d1767d6232942b26244d80
593a1c1e44825358cf2a99039d073f1f3c0a5b3a7b1074aeccbe6fb4bbaa732a
5971cfe896e50bd4214a8a265ea7a1bd2c214595552d93d39bf75a4de7384b10
59b1b91d85d2c035f814c3bf2022b2b45cff6f816dfb9e918e1820d4e527d451
5a1dde4172791377be893c93e052712b4892671a18f087b2d78c6e8d40ede9a5
5fcf3a0db07e0fa9d02c101fd13ff09b0a03da4976e0400c9fcd73327b054946
5fe0f1f2b6468439e4776211f33569c98798cc42fe05c2ec73ad82d41bc84333
8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7
8f45d48ef843bb0dabdefcc2b9e4fd70229b7628123b5f62ab7ccaab6e7e1d53
9314ec2d98780f916a6357eaee875203f4fb04438313c111fafa9a36ba579997
a854de841069d929300d86d54d12108d3c36cb499a7c2061cbe3e7a495cf9a77
a8c3bcb00ae3ee45dc394906c4e5e23e88a905234d8343ed43c9069618a2d69e
a91d3b10a85e0155e31d1039eb793af5e69e1bb424e0c18d515af8798428663e
b2e7fe28c950d9fd7cddc89e6768983a84e7ff8e9fa1d245322626d0a4e302bb
e091f8208d06085dfc8914c2366e85bcab07a026735a5294abd29d95d38cb4cc
f42c8dd681e34871c999c52386e5e04c0fd48a7c94835d8e1ded0188b40a05dc
faad3530bbb4c6f078f530a878e3a52295bcd8f7e424c97e24774dbe86375c2a