![](/screenshots/2794cdd3-57f6-468e-8e42-7f29206552d7.png)
soinafricasafaris.com
Open in
urlscan Pro
78.142.47.55
Malicious Activity!
Public Scan
Effective URL: https://soinafricasafaris.com/POSTAG/LoginServices/
Submission: On November 30 via manual from AT — Scanned from AT
Summary
TLS certificate: Issued by R3 on October 21st 2023. Valid for: 3 months.
This is the only time soinafricasafaris.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Österreichische Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 143.204.98.40 143.204.98.40 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 172.217.16.200 172.217.16.200 | 15169 (GOOGLE) (GOOGLE) | |
1 | 157.240.251.9 157.240.251.9 | 32934 (FACEBOOK) (FACEBOOK) | |
1 4 | 78.142.47.55 78.142.47.55 | 31083 (TELEPOINT) (TELEPOINT) | |
1 | 216.58.206.34 216.58.206.34 | 15169 (GOOGLE) (GOOGLE) | |
1 | 142.250.186.132 142.250.186.132 | 15169 (GOOGLE) (GOOGLE) | |
1 | 172.217.16.131 172.217.16.131 | 15169 (GOOGLE) (GOOGLE) | |
1 | 152.199.21.175 152.199.21.175 | 15133 (EDGECAST) (EDGECAST) | |
2 | 104.17.24.14 104.17.24.14 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
13 | 10 |
ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-40.fra50.r.cloudfront.net
qrcodes.pro |
ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f8.1e100.net
www.googletagmanager.com |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net
connect.facebook.net |
ASN31083 (TELEPOINT, BG)
PTR: taurus.vivawebhost.com
soinafricasafaris.com |
ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f2.1e100.net
googleads.g.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net
www.google.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
soinafricasafaris.com
1 redirects
soinafricasafaris.com |
2 MB |
2 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 204 |
38 KB |
1 |
post.at
assets.post.at — Cisco Umbrella Rank: 448424 |
8 KB |
1 |
google.at
www.google.at — Cisco Umbrella Rank: 25017 |
455 B |
1 |
google.com
www.google.com — Cisco Umbrella Rank: 2 |
455 B |
1 |
doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 |
2 KB |
1 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 168 |
54 KB |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 36 |
71 KB |
1 |
qrcodes.pro
qrcodes.pro — Cisco Umbrella Rank: 390999 |
2 KB |
13 | 9 |
Domain | Requested by | |
---|---|---|
4 | soinafricasafaris.com |
1 redirects
qrcodes.pro
soinafricasafaris.com |
2 | cdnjs.cloudflare.com |
soinafricasafaris.com
|
1 | assets.post.at |
soinafricasafaris.com
|
1 | www.google.at | |
1 | www.google.com | |
1 | googleads.g.doubleclick.net |
www.googletagmanager.com
|
1 | connect.facebook.net |
qrcodes.pro
|
1 | www.googletagmanager.com |
qrcodes.pro
|
1 | qrcodes.pro | |
13 | 9 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
www.youtube.com |
www.linkedin.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
qr.tapnscan.me Amazon RSA 2048 M01 |
2023-07-09 - 2024-08-06 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-09-09 - 2023-12-08 |
3 months | crt.sh |
webmail.soinafricasafaris.com R3 |
2023-10-21 - 2024-01-19 |
3 months | crt.sh |
*.g.doubleclick.net GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
www.google.com GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
*.google.at GTS CA 1C3 |
2023-10-23 - 2024-01-15 |
3 months | crt.sh |
assets.post.at EuropeanSSL Server CA 2 |
2023-04-12 - 2024-05-12 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-07-03 - 2024-07-02 |
a year | crt.sh |
This page contains 1 frames:
Frame:
https://soinafricasafaris.com/POSTAG/LoginServices/main/umzug.php
Frame ID: B412EBBA237601DBF2FAD8CE30F496CC
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/2794cdd3-57f6-468e-8e42-7f29206552d7.png)
Page Title
Post AgUmzug - PostAGPage URL History Show full URLs
- https://qrcodes.pro/guj9CC Page URL
- https://soinafricasafaris.com/POSTAG/ Page URL
-
https://soinafricasafaris.com/POSTAG/LoginServices
HTTP 301
https://soinafricasafaris.com/POSTAG/LoginServices/ Page URL
Detected technologies
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
![](/vendor/wappa/icons/Google Tag Manager.png)
Detected patterns
- googletagmanager\.com/gtag/js
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Post auf facebook
Search URL Search Domain Scan URL
Title: Post auf YouTube
Search URL Search Domain Scan URL
Title: Post auf LinkedIn
Search URL Search Domain Scan URL
Title: Post auf Instagram
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://qrcodes.pro/guj9CC Page URL
- https://soinafricasafaris.com/POSTAG/ Page URL
-
https://soinafricasafaris.com/POSTAG/LoginServices
HTTP 301
https://soinafricasafaris.com/POSTAG/LoginServices/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
guj9CC
qrcodes.pro/ |
3 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
193 KB 71 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
202 KB 54 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
soinafricasafaris.com/POSTAG/ |
60 B 133 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/None/ |
3 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.com/pagead/1p-user-list/None/ |
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.google.at/pagead/1p-user-list/None/ |
42 B 455 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
soinafricasafaris.com/POSTAG/LoginServices/ Redirect Chain
|
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Post_Horn_Mini_positiv_RGB_Neu.png
assets.post.at/-/media/Bilder/Investor-Relations/Logos/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
box.png
soinafricasafaris.com/POSTAG/LoginServices/ |
452 KB 452 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.0/ |
84 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
imask.min.js
cdnjs.cloudflare.com/ajax/libs/imask/3.4.0/ |
45 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
534 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
108 KB 108 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
21 KB 21 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
umzug.php
soinafricasafaris.com/POSTAG/LoginServices/main/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- soinafricasafaris.com
- URL
- https://soinafricasafaris.com/POSTAG/LoginServices/main/umzug.php
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Österreichische Post (Transportation)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| date number| year number| month number| day function| $ function| jQuery object| __core-js_shared__ object| core function| IMask5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
qrcodes.pro/ | Name: visitor-id Value: 1701379931maoMVT |
|
qrcodes.pro/ | Name: mappable_id Value: 1701379931maoMVT_1701379931 |
|
qrcodes.pro/ | Name: access_token Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYXBwYWJsZUlEIjoiMTcwMTM3OTkzMW1hb01WVF8xNzAxMzc5OTMxIiwidGltZXN0YW1wIjoxNzAxMzc5OTMxNDE1LCJpYXQiOjE3MDEzNzk5MDEsImV4cCI6MTcwMTM4MDIzMX0.3ZdwRHrv4ukK0L2q3oBM3I3c-oB7TtrNYQRpQYupuEA |
|
.qrcodes.pro/ | Name: _gcl_au Value: 1.1.495534539.1701379933 |
|
.doubleclick.net/ | Name: test_cookie Value: CheckForPermission |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
assets.post.at
cdnjs.cloudflare.com
connect.facebook.net
googleads.g.doubleclick.net
qrcodes.pro
soinafricasafaris.com
www.google.at
www.google.com
www.googletagmanager.com
soinafricasafaris.com
104.17.24.14
142.250.186.132
143.204.98.40
152.199.21.175
157.240.251.9
172.217.16.131
172.217.16.200
216.58.206.34
78.142.47.55
032dc5bfa56b44c946b2c85427784bfa7142591036cbe9e359cfb0a0f4f80e86
281442cf45996ccfa2562eab455e17d37f070b15fad6faa1f90db74b6fa0ab5d
702b9e051e82b32038ffdb33a4f7eb5f7b38f4cf6f514e4182d8898f4eb0b7fb
83c1036474a804140d06a88fb47b00145f2b772ee6a732f2b1a169dcbadbf27e
8b76b3502583edddf22df0b9c6ee640053a2cdfeaa113ceff3ea9b61d1f6410d
92ccff15c08a6f16916e3ee6356f4a19e16451acbba3b364df2c34ba84670698
933bff0361186c08db1d4359090544c77cf38d9e6fde710c61d67bb2dbb6a832
a3b9b469d31790096180616fae0155d3af8088924ef1d724bfd085ff3d12f075
e1a6432e8aff5d2e64ebbcb411139e62ac9225ac7ea6a4cc904965c8ab83a4ed
fc2be9d87027a5c0867c401ade873566c9eaa85935978070fc2b4efc73b3020b