www.pacuniversity.ac.ke
Open in
urlscan Pro
41.204.161.224
Malicious Activity!
Public Scan
Effective URL: https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/
Submission: On September 20 via api from IE
Summary
TLS certificate: Issued by COMODO RSA Organization Validation Se... on September 2nd 2020. Valid for: a year.
This is the only time www.pacuniversity.ac.ke was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Netflix (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 2a00:1450:400... 2a00:1450:4001:820::2001 | 15169 (GOOGLE) (GOOGLE) | |
2 11 | 41.204.161.224 41.204.161.224 | 36914 (KENET-AS) (KENET-AS) | |
1 | 2606:4700:20:... 2606:4700:20::681a:82c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 3 |
ASN15169 (GOOGLE, US)
customer-care-infos.blogspot.be | |
customer-care-infos.blogspot.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
11 |
pacuniversity.ac.ke
2 redirects
www.pacuniversity.ac.ke |
535 KB |
1 |
ipapi.co
ipapi.co |
767 B |
1 |
blogspot.com
customer-care-infos.blogspot.com |
15 KB |
1 |
blogspot.be
1 redirects
customer-care-infos.blogspot.be |
435 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
11 | www.pacuniversity.ac.ke |
2 redirects
customer-care-infos.blogspot.com
www.pacuniversity.ac.ke |
1 | ipapi.co |
www.pacuniversity.ac.ke
|
1 | customer-care-infos.blogspot.com | |
1 | customer-care-infos.blogspot.be | 1 redirects |
11 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
misc-sni.blogspot.com GTS CA 1O1 |
2020-08-26 - 2020-11-18 |
3 months | crt.sh |
*.pacuniversity.ac.ke COMODO RSA Organization Validation Secure Server CA |
2020-09-02 - 2021-09-07 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-07-17 - 2021-07-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/
Frame ID: 8130AE54545E01A72868CE498F5799E3
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://customer-care-infos.blogspot.be/
HTTP 302
https://customer-care-infos.blogspot.com/ Page URL
- https://www.pacuniversity.ac.ke/administrator/components/com_banners/html/ Page URL
-
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/
HTTP 302
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224 HTTP 301
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/ Page URL
Detected technologies
Java (Programming Languages) ExpandDetected patterns
- headers server /GSE/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://customer-care-infos.blogspot.be/
HTTP 302
https://customer-care-infos.blogspot.com/ Page URL
- https://www.pacuniversity.ac.ke/administrator/components/com_banners/html/ Page URL
-
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/
HTTP 302
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224 HTTP 301
https://www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://customer-care-infos.blogspot.be/ HTTP 302
- https://customer-care-infos.blogspot.com/
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
customer-care-infos.blogspot.com/ Redirect Chain
|
69 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
www.pacuniversity.ac.ke/administrator/components/com_banners/html/ |
715 B 936 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Cookie set
/
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/css/ |
21 KB 21 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.css
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/js/ |
152 KB 153 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validet.js
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/js/ |
7 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg-login-large.jpg
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/img/ |
342 KB 342 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
FB-logo.png
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
glob.png
www.pacuniversity.ac.ke/administrator/components/com_banners/control/N_v1/Netflix224/img/ |
842 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
ipapi.co/json/ |
729 B 767 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Netflix (Online)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| trustedTypes function| $ function| jQuery function| ipLookUp1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.pacuniversity.ac.ke/ | Name: PHPSESSID Value: 0frss2spl11m6ool3r1h6i335j |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
customer-care-infos.blogspot.be
customer-care-infos.blogspot.com
ipapi.co
www.pacuniversity.ac.ke
2606:4700:20::681a:82c
2a00:1450:4001:820::2001
41.204.161.224
2f085a84cb00b9b35b5125231a1accae74aba455992b2b21c28380345ba52c53
3668352cee7c03431751e26e34aebf496fe874ae28a8b96c4481dc129b502822
3e49d9dc43267590184389ab3da0cb9f7308c9c848667dab109a0f7c73450ece
4f8072ca4cdc4412083462c38eebc18bb5a0b919fb4bb63ec98769f0b644306e
5efb393cf10db7ee157dcd3109179e7619633c7e8d17c5ab3eab1ea1278f6dd1
6234ae41030baef8a0d4152424e7c939d28ce579af66ddc2f2c5e6dee1c6a313
68a140f407da7acc8b00ae9eb2be5a09df4b046277a3bfe03881417a068da7e4
7aa387f2db11236e0a3d6e4124c33bbf9f588dff926a1454a92ce694fc84c620
ed6a667b843199174dd727f0d8f3dc690c504866128b47d440f071616555022f
fbcfc40856714577e2009cac74e8a73bd63e23fa713060769fbebb61e6822711