ga.co.ke
Open in
urlscan Pro
185.61.154.207
Malicious Activity!
Public Scan
URL:
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/
Submission Tags: @ipnigh
Submission: On February 07 via api from GB
Submission Tags: @ipnigh
Submission: On February 07 via api from GB
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 33 HTTP transactions.
The main IP is 185.61.154.207, located in
United Kingdom and
belongs to NAMECHEAP-NET, US.
The main domain is ga.co.ke.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 14th 2019. Valid for: a year.
This is the only time ga.co.ke was scanned on urlscan.io!
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 14th 2019. Valid for: a year.
This is the only time ga.co.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Apple (Online)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 30 | 185.61.154.207 185.61.154.207 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:81c::200a | 15169 (GOOGLE) (GOOGLE) | |
| 33 | 3 |
30
185.61.154.207
(United Kingdom)
ASN22612 (NAMECHEAP-NET, US)
PTR: business48-1.web-hosting.com
ASN22612 (NAMECHEAP-NET, US)
PTR: business48-1.web-hosting.com
| ga.co.ke |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 30 |
ga.co.ke
1 redirects
ga.co.ke |
1 MB |
| 1 |
googleapis.com
ajax.googleapis.com Failed |
33 KB |
| 0 |
freegeoip.net
Failed
freegeoip.net Failed |
|
| 33 | 3 |
| Domain | Requested by | |
|---|---|---|
| 30 | ga.co.ke |
1 redirects
ga.co.ke
ajax.googleapis.com |
| 1 | ajax.googleapis.com |
ga.co.ke
|
| 0 | freegeoip.net Failed |
ajax.googleapis.com
ga.co.ke |
| 33 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.apple.com |
| support.apple.com |
| undefined |
| appleid.apple.com |
| iforgot.apple.com |
| locate.apple.com |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ga.co.ke Sectigo RSA Domain Validation Secure Server CA |
2019-10-14 - 2020-10-13 |
a year | crt.sh |
| *.storage.googleapis.com GTS CA 1O1 |
2020-01-21 - 2020-04-14 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/
Frame ID: 201A75B064D9C76683AD021695A117F7
Requests: 20 HTTP requests in this frame
Frame:
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/app/child.html
Frame ID: 313D4BC3FFA44650DE0E97AF51699D0B
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9
HTTP 301
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/ Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
22 Outgoing links
These are links going to different origins than the main page.
URL: https://www.apple.com/dk
Title: Apple
Title: Apple
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/shop/goto/bag
Title: Shoppingpose
Title: Shoppingpose
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/mac
Title: Mac
Title: Mac
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/ipad
Title: iPad
Title: iPad
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/iphone
Title: iPhone
Title: iPhone
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/watch
Title: Watch
Title: Watch
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/tv
Title: TV
Title: TV
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/music
Title: Music
Title: Music
Search URL Search Domain Scan URL
URL: https://support.apple.com/da-dk
Title: Support
Title: Support
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/search
Title: Søg apple.com
Title: Søg apple.com
Search URL Search Domain Scan URL
URL: https://undefined/
Title: Logg på
Title: Logg på
Search URL Search Domain Scan URL
URL: https://appleid.apple.com/account
Title: Opprett Apple‑ID
Title: Opprett Apple‑ID
Search URL Search Domain Scan URL
URL: https://appleid.apple.com/faq
Title: Vanlige spørsmål
Title: Vanlige spørsmål
Search URL Search Domain Scan URL
URL: https://iforgot.apple.com/password/verify/appleid
Title: Har du glemt Apple‑ID‑en eller passordet?
Title: Har du glemt Apple‑ID‑en eller passordet?
Search URL Search Domain Scan URL
URL: https://locate.apple.com/dk/da/
Title: find en forhandler
Title: find en forhandler
Search URL Search Domain Scan URL
URL: https://appleid.apple.com/choose-your-country
Title: Norge
Title: Norge
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/privacy/privacy-policy
Title: Anonymitetspolitik
Title: Anonymitetspolitik
Search URL Search Domain Scan URL
URL: https://www.apple.com/legal/privacy/dk/cookies
Title: Brug af cookies
Title: Brug af cookies
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/legal/terms/site.html
Title: Betingelser for brug
Title: Betingelser for brug
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/shop/goto/help/sales_refunds
Title: Salg og refundering
Title: Salg og refundering
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/legal
Title: Juridisk tekst
Title: Juridisk tekst
Search URL Search Domain Scan URL
URL: https://www.apple.com/dk/sitemap
Title: Oversigt
Title: Oversigt
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9
HTTP 301
https://ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
33 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
/
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/ Redirect Chain
|
12 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f932d54e1d0a255a4fe646be99c20d18.css
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/css/ |
128 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
9eafb112ef21c9dfd9a432047a4d0d44.png
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
child.html
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/app/ Frame 313D |
18 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
928ee1dde2680471e9069e8345a6055c.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
1 KB 954 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f15f90897c62316fc58bd3b50addc36e.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
1 KB 903 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bf50fe4b5348f8bd4113aad5a29f7df8.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
2 KB 993 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
77114031f843a3d9e0297effbcbde06d.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cc05bf16b9a101bdd10330a5634c60c1.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
148adb5c10e655e334600c78f50b2752.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
678 B 587 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
99446cd7cdf2f721814ef766a85f5cc2.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
eced81b2f5776a788359f03a4f9bc92f.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ad266ab139457064362ce19ce2bc7b4c.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
879 B 663 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
871650e051013c726c1092f497e5c02a.svg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
892 B 699 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3376a83412a293c61577c3a80dad36bf.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ |
68 KB 68 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
16b501f628752f7b48964e3743a55446.jpeg
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
724 KB 725 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ef291ef6afcec2a0a7f67f68a68fa99c.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ |
68 KB 68 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
84adb7f83a4093b7c82a6b979dee913e.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ |
62 KB 63 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4413b8759b408c72a33f706a3d52d737.png
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
109 KB 109 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
73d5e6b93f1e679b23384d348c1a5dde.png
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ |
320 B 432 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3f3c11f2d04ed6227688b947869bbfc6.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ |
9 KB 9 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
scripts.js
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/scripts/ Frame 313D |
71 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
a2b63a1dd1973697a89d0d011630ef38.css
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/css/ Frame 313D |
10 KB 973 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
39e62aa08d992b6a57320fac56c41b23.css
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/css/ Frame 313D |
67 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
917a87117af71304d7007e66c1986312.png
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/image/ Frame 313D |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ Frame 313D |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.3/ Frame 313D |
94 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
150889652c97dc0bbbb5d8f55619670b.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ Frame 313D |
68 KB 68 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
84adb7f83a4093b7c82a6b979dee913e.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ Frame 313D |
62 KB 63 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
25061076de6e48add44ac63f3ee66b5e.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ Frame 313D |
69 KB 69 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3f3c11f2d04ed6227688b947869bbfc6.woff
ga.co.ke/final/918317b57931b6b7a7d29490fe5ec9f9/Apple/font/ Frame 313D |
9 KB 9 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
freegeoip.net/json/ Frame 313D |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
shutdown
freegeoip.net/ Frame 313D |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.googleapis.com
- URL
- http://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
- Domain
- freegeoip.net
- URL
- https://freegeoip.net/json/?callback=jQuery11130949697448899391_1581035387625&_=1581035387626
- Domain
- freegeoip.net
- URL
- http://freegeoip.net/shutdown
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Apple (Online)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
freegeoip.net
ga.co.ke
ajax.googleapis.com
freegeoip.net
185.61.154.207
2a00:1450:4001:81c::200a
17666f8e4aedeebaa5ec5a48a830bc24573296b5014ae2f84336f227e8e5a856
2328f2a4a358a5e076d84ba3abcc13f5b2b956a635f4c05ac4fe066ab14bdf65
35de4ce8957e2e80e95d585cb5840df56d35d3f65cffaadb385212bd846fa636
44291cae38bbc3ea67d510d77a852a14d6cb54d7464f0f70724a711ab4e078f9
4966ac708edf6c16b6d6785f77ada4f1585c73fe03592a425d973ad3d77f5f77
4ed464a91ec1e49258a7aed4fb5efc82f09395ad1c237cc68ab310e0722b2e2a
4fed053f80d04caf73fb210e54597b09deca5ad03e42bd27cb32d5fb673feddd
50df47a18c8e561ab12280759861b8cadd0602e80d9dd45f779d8219ece94f8b
537d8417bd1290e8e79e471f4566c1224ab3cb892e4171d86b2c1e43fed36ede
544853f2277b0ecbfcb712c75236e1ef2a48bef7190c56dc7c71b57d17d2d45d
5805031eb702c45a28c5fadc4572953fffc5ab5909499b081caa4594ae3da635
5e9d9fd9767c4ce4952228c3175fe2ed179d0b6a733f5d7996eb52935f498afc
609bf89886fdd70f0ecada755970703d6326635829e8809a5f064a60c9b9f5b6
6a77e1ff069f7c7a5b6f7f6f3fe2bd6d5df2aa1d1db1459cb626177e177c88fa
6b808187a61de06a63f471e3a467b4c09177e0830e92eadc8abf6b2348a1a6b7
726e2d9ec8eb46638c40d5e231f3a12a3af81e8e1f87d45e7de8de42a3dabb5b
791ff1954bcb0307883cc4b2a966759f2fc209cc7acf47ecaede22834833398e
79a9e158088d0ee4b3442a5251904ab870b0fba335d814797a9b571b4c556e1f
7fb0b7722788fd7a711d24a560cb53013410b760e4c5faf3876f3e259ab9205c
893a70e6ec4582c41ec1d6909cc7880c19b7bf09f6cbc284055e730ae5b6da76
98a4bf15088ebd013ad18d1203f30762b1527875dcce67d2af51e78d86d8dc15
9d4b71cd0fdcb496b8af7894b4583a418ea9c37d5c20ac1be98508109c1942f1
a4dc7477df90a6e1a4ac5f1bb6a1b02762c4f3ddf6e24ef342748608168dc9ac
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
c1525a853cf4613ab69a7b725b546091468214fd417cc7c13ef047aafe70b362
c990dd5c6e6df935a7086e9b4cf856e73022dc7581665940953fd081e8114449
dec284e2a68ad330f0456e0a312135e730e1336b908539398c549c1b26d54335
f0a3425c0a3a99891daca86d515965b15bcbc29fa9acfdeb9a8eb83852cb9dbd