saudipost.tezkhabar.com
Open in
urlscan Pro
103.195.186.84
Malicious Activity!
Public Scan
Submitted URL: http://saudipost.tezkhabar.com/SA/
Effective URL: http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/
Submission: On December 20 via manual from SA
Effective URL: http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/
Submission: On December 20 via manual from SA
Summary
This website contacted 8 IPs
in 5 countries
across 7 domains to perform 23 HTTP transactions.
The main IP is 103.195.186.84, located in
India and
belongs to PUBLIC-DOMAIN-REGISTRY, US.
The main domain is saudipost.tezkhabar.com.
This is the only time saudipost.tezkhabar.com was scanned on urlscan.io!
This is the only time saudipost.tezkhabar.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Post (Government)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 2 12 | 103.195.186.84 103.195.186.84 | 394695 (PUBLIC-DO...) (PUBLIC-DOMAIN-REGISTRY) | |
| 2 | 2a04:4e42:1b:... 2a04:4e42:1b::621 | 54113 (FASTLY) (FASTLY) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:824::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700::68... 2606:4700::6812:1734 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
| 1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 1 | 52.218.197.24 52.218.197.24 | 16509 (AMAZON-02) (AMAZON-02) | |
| 6 | 2606:4700:e6:... 2606:4700:e6::ac40:cb1c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 23 | 8 |
1
52.218.197.24
(Boardman, United States)
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2.amazonaws.com
| s3-us-west-2.amazonaws.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
tezkhabar.com
2 redirects
saudipost.tezkhabar.com |
187 KB |
| 7 |
fontawesome.com
kit.fontawesome.com ka-f.fontawesome.com |
22 KB |
| 2 |
jsdelivr.net
cdn.jsdelivr.net |
45 KB |
| 1 |
amazonaws.com
s3-us-west-2.amazonaws.com |
173 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com |
27 KB |
| 1 |
jquery.com
code.jquery.com |
24 KB |
| 1 |
googleapis.com
ajax.googleapis.com |
31 KB |
| 23 | 7 |
| Domain | Requested by | |
|---|---|---|
| 12 | saudipost.tezkhabar.com |
2 redirects
saudipost.tezkhabar.com
|
| 6 | ka-f.fontawesome.com |
kit.fontawesome.com
|
| 2 | cdn.jsdelivr.net |
saudipost.tezkhabar.com
|
| 1 | s3-us-west-2.amazonaws.com |
saudipost.tezkhabar.com
|
| 1 | cdnjs.cloudflare.com |
saudipost.tezkhabar.com
|
| 1 | code.jquery.com |
saudipost.tezkhabar.com
|
| 1 | kit.fontawesome.com |
saudipost.tezkhabar.com
|
| 1 | ajax.googleapis.com |
saudipost.tezkhabar.com
|
| 23 | 8 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2020-10-26 - 2021-04-17 |
6 months | crt.sh |
| *.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
| jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
| *.s3-us-west-2.amazonaws.com DigiCert Baltimore CA-2 G2 |
2020-07-30 - 2021-08-04 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/
Frame ID: F0CF51F867A87CB8274B771E1CCA5D27
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://saudipost.tezkhabar.com/SA/
HTTP 302
http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824 HTTP 301
http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/ Page URL
Detected technologies
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://saudipost.tezkhabar.com/SA/
HTTP 302
http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824 HTTP 301
http://saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 14- http://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js HTTP 307
- https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
/
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/ Redirect Chain
|
6 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.min.css
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/ |
157 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
main-001.css
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
00ce2dd051.js
kit.fontawesome.com/ |
10 KB 4 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
log-banner.png
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
13 KB 14 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
loader-1.svg
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
logo.svg
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
81 KB 81 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
na.svg
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
27 KB 28 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
120452320n.jpg
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
39 KB 39 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-3.5.1.slim.min.js
code.jquery.com/ |
71 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/ |
82 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
group22.png
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
6 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
group21.png
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/img/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
saudi_billingio.js
saudipost.tezkhabar.com/SA/4sYTzenD9uKG824/sourceApp/js/ |
4 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/ Redirect Chain
|
85 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.inputmask.bundle.js
s3-us-west-2.amazonaws.com/s.cdpn.io/3/ |
172 KB 173 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
OPTIONS H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
0 0 |
Other
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
59 KB 13 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-shims.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
26 KB 4 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
free-v4-font-face.min.css
ka-f.fontawesome.com/releases/v5.15.1/css/ |
3 KB 1 KB |
Fetch
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Post (Government)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| FontAwesomeKitConfig object| bootstrap function| validateForm function| myFunction function| Inputmask0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn.jsdelivr.net
cdnjs.cloudflare.com
code.jquery.com
ka-f.fontawesome.com
kit.fontawesome.com
s3-us-west-2.amazonaws.com
saudipost.tezkhabar.com
103.195.186.84
2001:4de0:ac19::1:b:2b
2606:4700::6810:135e
2606:4700::6812:1734
2606:4700:e6::ac40:cb1c
2a00:1450:4001:824::200a
2a04:4e42:1b::621
52.218.197.24
150b30cd159d5f5f4f8c7e5ce0beec22bc886fa212b520e14bc769023cbc1afc
1cbfd3959406f3f878e6f64133e4d7baece38558bbbcee1a11a0a2d8ee1b8352
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
22177d12f326704caf689bb169407e8d3cdc58213912095d84e39b1ecc2cf977
31ac0c9e8c86d88eed81d27f40bab2e8293e277a60609076d516bd2e4b45374f
4f02bd6f018d6f08c37c39f2d114101beac342c2c065046635e5ed0c42853590
58a88c11d19f6095a041e81397d83682a52aa3c703d2a7fbdc7469ad0728d2ed
5a2bd0d65ff8ee4bdac3d16b43b04b118e65d0279fb1b214160e72ff50db6943
63c61b2ac462632c0ba2b0f07e171fb63d6eec7cc281432d2d9d34598a1b9ab2
725e98ccb5acf406b28206982771bf2f5387353ad4854619d216826996368425
81e966be36e1b6a5707b829f232536b2aa4274438750dd3216348fc876890bab
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8d7089253dca29c9cd8d9deb7ec69b0a3d445f88f6a26478c719be1f90adcb01
96da1c19fe68711eef6bba7bf82cfc00e8390691cd60321d86fd4dd0275b9ef9
b581327920e94c6db70647af17178ddca6ecf0c6c0a4e7ccf1b676c5a8a9163b
cfff9ea502195a7b96fe38deca9188a59b758deeecc2cd4e78aea7d911e638c6
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db
f708ad894d421f32ed297a914632db6bc1577841d1c210b34f1a0821ea0aaa4b
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d