seancardovillis.co.ke
Open in
urlscan Pro
41.217.220.14
Malicious Activity!
Public Scan
Submitted URL: http://email.mg.societygal.co/c/eJwVTjEOgzAQew3ZGsGRkHTI0KVL5z7gkhyQ9gqIAFV_3yBZlm3JlqOznYl4JZEc1HBCAzQarKyVB0-RoCXbIOlK1Z9B5j...
Effective URL: https://seancardovillis.co.ke/wp-includes/js/plupload/UK/
Submission: On February 28 via manual from GB — Scanned from GB
Effective URL: https://seancardovillis.co.ke/wp-includes/js/plupload/UK/
Submission: On February 28 via manual from GB — Scanned from GB
Summary
This website contacted 3 IPs
in 3 countries
across 4 domains to perform 9 HTTP transactions.
The main IP is 41.217.220.14, located in
Nairobi, Kenya and
belongs to MyISP-AS, KE.
The main domain is seancardovillis.co.ke.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2022. Valid for: 3 months.
This is the only time seancardovillis.co.ke was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 12th 2022. Valid for: 3 months.
This is the only time seancardovillis.co.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Royal Mail (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 1 | 34.212.55.246 34.212.55.246 | 16509 (AMAZON-02) (AMAZON-02) | |
| 1 3 | 41.217.220.14 41.217.220.14 | 37109 (MyISP-AS) (MyISP-AS) | |
| 1 | 2.16.186.35 2.16.186.35 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 9 | 3 |
1
34.212.55.246
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-55-246.us-west-2.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-55-246.us-west-2.compute.amazonaws.com
| email.mg.societygal.co |
1
2.16.186.35
(Frankfurt am Main, Germany)
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-35.deploy.static.akamaitechnologies.com
ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-186-35.deploy.static.akamaitechnologies.com
| www.royalmail.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
seancardovillis.co.ke
1 redirects
seancardovillis.co.ke |
13 KB |
| 1 |
royalmail.com
www.royalmail.com — Cisco Umbrella Rank: 56042 |
13 KB |
| 1 |
societygal.co
1 redirects
email.mg.societygal.co |
250 B |
| 0 |
Failed
function sub() { [native code] }. Failed |
|
| 9 | 4 |
| Domain | Requested by | |
|---|---|---|
| 3 | seancardovillis.co.ke |
1 redirects
seancardovillis.co.ke
|
| 1 | www.royalmail.com |
seancardovillis.co.ke
|
| 1 | email.mg.societygal.co | 1 redirects |
| 0 | firebase Failed |
seancardovillis.co.ke
|
| 9 | 4 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| seancardovillis.co.ke cPanel, Inc. Certification Authority |
2022-02-12 - 2022-05-13 |
3 months | crt.sh |
| *.royalmail.com Entrust Certification Authority - L1K |
2021-08-03 - 2022-08-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://seancardovillis.co.ke/wp-includes/js/plupload/UK/
Frame ID: 20E0E4A78897F825BEC0F65808B39752
Requests: 9 HTTP requests in this frame
Screenshot
Page Title
Before we proceedPage URL History Show full URLs
-
http://email.mg.societygal.co/c/eJwVTjEOgzAQew3ZGsGRkHTI0KVL5z7gkhyQ9gqIAFV_3yBZlm3JlqOznYl4JZEc1HBCAzQarK...
HTTP 302
https://seancardovillis.co.ke/wp-includes/js/plupload/UK HTTP 301
https://seancardovillis.co.ke/wp-includes/js/plupload/UK/ Page URL
Detected technologies
WordPress
(CMS)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /wp-(?:content|includes)/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://email.mg.societygal.co/c/eJwVTjEOgzAQew3ZGsGRkHTI0KVL5z7gkhyQ9gqIAFV_3yBZlm3JlqOznYl4JZEc1HBCAzQarKyVB0-RoCXbIOlK1Z9B5jkk2n4DsgyzGJ01VnsVVCzNDsn0vTKevCFAEztEwW7ctiVX7a2Ce0EmnAKucT4Sc8plRb6p5N_lkqbAe6Rc3OukhfeFZ4xFPh9idRNuyIkkE5UzeKQDz_r-_gP_ZD6V
HTTP 302
https://seancardovillis.co.ke/wp-includes/js/plupload/UK HTTP 301
https://seancardovillis.co.ke/wp-includes/js/plupload/UK/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
seancardovillis.co.ke/wp-includes/js/plupload/UK/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
firebase-app.js
firebase/7.15.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
firebase-auth.js
firebase/7.15.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
firebase-database.js
firebase/7.15.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
firebase-messaging.js
firebase/7.15.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
firebase-storage.js
firebase/7.15.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
init.js
firebase/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo.png
www.royalmail.com/themes/custom/rmlcwr/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ch.jpg
seancardovillis.co.ke/wp-includes/js/plupload/UK/ |
8 KB 8 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- firebase
- URL
- https://firebase/7.15.1/firebase-app.js
- Domain
- firebase
- URL
- https://firebase/7.15.1/firebase-auth.js
- Domain
- firebase
- URL
- https://firebase/7.15.1/firebase-database.js
- Domain
- firebase
- URL
- https://firebase/7.15.1/firebase-messaging.js
- Domain
- firebase
- URL
- https://firebase/7.15.1/firebase-storage.js
- Domain
- firebase
- URL
- https://firebase/init.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Royal Mail (Government)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| structuredClone0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
7 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
email.mg.societygal.co
firebase
seancardovillis.co.ke
www.royalmail.com
firebase
2.16.186.35
34.212.55.246
41.217.220.14
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
ba69af4f7df7604785a0c803801febe6fc90eae1e230094428c29d0ebf423578
f96751802d2adacda66457bb5276a3ff3d4a8b0d47ba9541aae853498dd51cff