my-royalmail.com Open in urlscan Pro
103.163.208.93 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://my-royalmail.com/
Effective URL:
https://my-royalmail.com/update
Submission: On March 01 via api (March 1st 2024, 2:17:32 pm UTC) from US — Scanned from US

Summary HTTP 19 Redirects Links 59 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 19 HTTP transactions. The main IP is 103.163.208.93, located in Hong Kong and belongs to STARBOWLTD-AS-AP Starbow Ltd., JP. The main domain is my-royalmail.com.
TLS certificate: Issued by R3 on February 29th 2024. Valid for: 3 months.

This is the only time my-royalmail.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Royal Mail (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 19	103.163.208.93 103.163.208.93	140683 (STARBOWLT...) (STARBOWLTD-AS-AP Starbow Ltd.)
1	2606:4700:303... 2606:4700:3032::6815:29e9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	3

19 103.163.208.93 (Hong Kong) 1 redirects

ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP)

my-royalmail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3032::6815:29e9 (United States)

ASN13335 (CLOUDFLARENET, US)

antal.buzz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	my-royalmail.com 1 redirects my-royalmail.com	967 KB
1	antal.buzz antal.buzz	572 B
19	2

	Domain	Requested by
19	my-royalmail.com	1 redirects my-royalmail.com
1	antal.buzz	my-royalmail.com
19	2

This site contains links to these domains. Also see Links.

Domain
www.royalmail.com
send.royalmail.com
shop.royalmail.com
personal.help.royalmail.com
parcel.royalmail.com
www.parcelforce.com
www.bhf.org.uk
www.keepmeposteduk.com
www.instagram.com
www.linkedin.com
www.facebook.com
www.twitter.com
jobs.royalmailgroup.com
www.internationaldistributionsservices.com
www.royalmailgroup.com

Subject Issuer	Validity	Valid
my-royalmail.com R3	`2024-02-29` - `2024-05-29`	3 months	crt.sh
antal.buzz GTS CA 1P5	`2024-01-16` - `2024-04-15`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://my-royalmail.com/update
Frame ID: 3CB1F83EBD5C23852B4E360924E18FC9
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

2D569042-6990-413A-805A-A46371AB1EFDIcon - CollectIcon - LocationIcon - Send item

Page URL History Show full URLs

https://my-royalmail.com/ HTTP 302
https://my-royalmail.com/update Page URL

Page Statistics

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

967 kB
Transfer

3157 kB
Size

1
Cookies

59 Outgoing links

These are links going to different origins than the main page.

URL: https://www.royalmail.com/services-near-you
Title: Services near you

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/login?destination=/track-your-item
Title: Log in

Search URL Search Domain Scan URL

URL: https://send.royalmail.com/
Title: Click & Drop

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/postage-and-packaging/first-and-second-class-stamps
Title: Shop for stamps

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/find-a-postcode
Title: Find a postcode

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/collection
Title: Parcel Collect

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/
Title: Stamps and supplies

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/postage-and-packaging/envelopes
Title: Envelopes

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/customer/account/login/
Title: Business mail supplies

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/postage-and-packaging
Title: All postage and packaging

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues/blackadder
Title: Blackadder

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues/his-majesty-king-charles-a-new-reign
Title: His Majesty King Charles III: A New Reign

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues/robin-hood
Title: The Legend of Robin Hood

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues/flowers
Title: Flowers

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues/definitives-his-majesty-king-charles
Title: HM King Charles III Definitives

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/special-stamp-issues
Title: All special stamps

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/collectibles-and-gifts/presentation-packs-and-sets
Title: Presentation packs

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/collectibles-and-gifts/framed-stamps-and-prints
Title: Framed stamps and prints

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/collectibles-and-gifts/first-day-covers
Title: First Day covers

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/catalog/category/view/s/coins-and-medals/id/52/
Title: Coins and medals

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/christmas/annual-collections
Title: Annual Collections

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/collectibles-and-gifts/bundles
Title: Bundles

Search URL Search Domain Scan URL

URL: https://shop.royalmail.com/collectibles-and-gifts
Title: All collectibles and gifts

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/health
Title: Health

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/
Title: Help

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/146
Title: How to collect a missed delivery

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/5293
Title: When we can't deliver

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/317/
Title: I think my mail is lost

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/89
Title: Letters and parcels size guide

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/248
Title: Redirection support

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/96
Title: Restrictions and prohibitions

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/106/
Title: Customs information

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/86
Title: Wrapping and packaging your mail

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/81
Title: How to address your mail

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/receiving/rubber-bands
Title: Rubber Bands

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/52
Title: Track your item help

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/62
Title: Tracking international items

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/756/
Title: What our tracking messages mean

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/5232
Title: My tracking message says it's been delivered but it hasn't been

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/service-update
Title: Latest service updates

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/325
Title: How to make a claim

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/contact
Title: Contact Royal Mail

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/business
Title: Business

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/track-your-item#/
Title: Track your item

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/price-finder
Title: Price finder

Search URL Search Domain Scan URL

URL: https://parcel.royalmail.com/
Title: Online postage

Search URL Search Domain Scan URL

URL: https://personal.help.royalmail.com/app/answers/detail/a_id/325/
Title: How to make a claim

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/sustainability
Title: Sustainability

Search URL Search Domain Scan URL

URL: https://www.royalmail.com/personal/receiving-mail/redirection
Title: Redirect your mail

Search URL Search Domain Scan URL

URL: https://www.parcelforce.com/
Title: Parcelforce WorldwideOpens in a new window

Search URL Search Domain Scan URL

URL: https://www.bhf.org.uk/
Title: British Heart Foundation

Search URL Search Domain Scan URL

URL: http://www.keepmeposteduk.com/
Title: Keep Me PostedOpens in a new window

Search URL Search Domain Scan URL

URL: https://www.instagram.com/royalmailofficial/
Title: Opens in a new window

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/5263?trk=tyah
Title: Opens in a new window

Search URL Search Domain Scan URL

URL: https://www.facebook.com/RoyalMail
Title: Opens in a new window

Search URL Search Domain Scan URL

URL: https://www.twitter.com/royalmail
Title: Opens in a new window

Search URL Search Domain Scan URL

URL: https://jobs.royalmailgroup.com/
Title: JobsOpens in a new window

Search URL Search Domain Scan URL

URL: https://www.internationaldistributionsservices.com/en
Title: International Distributions ServicesOpens in a new window

Search URL Search Domain Scan URL

URL: https://www.royalmailgroup.com/en/site/accessibility/
Title: AccessibilityOpens in a new window

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://my-royalmail.com/ HTTP 302
https://my-royalmail.com/update Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request update Show response
my-royalmail.com/
Redirect Chain

https://my-royalmail.com/
https://my-royalmail.com/update

124 KB
36 KB

430ms
430ms

Document
text/html

103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

5a55e53c5c4dc0f7812b398ddc206ee577a42e7fa217b0ee3d6fab7cf35d0f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Fri, 01 Mar 2024 14:17:19 GMT
etag: W/"65dde300-1f0ce"
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html; charset=UTF-8
date: Fri, 01 Mar 2024 14:17:19 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./update
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000

GET
H2 200 config.js Show response
my-royalmail.com/ 133 B
346 B 1709ms
1707ms Script
application/javascript 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/config.js

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

41b8c92a2754c62935f690e124fd724f56655bfa8770867a6a56ca0aeefb2da6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
last-modified: Fri, 01 Mar 2024 08:40:40 GMT
server: nginx
etag: "65e19488-85"
content-type: application/javascript
cache-control: max-age=43200
accept-ranges: bytes
content-length: 133
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 css_57lhjrfpj3ddu3r4_9mzrirai8mz8bmsz7byihi7ya8.css
my-royalmail.com/static/css/ 32 KB
8 KB 418ms
416ms Stylesheet
text/css 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/css/css_57lhjrfpj3ddu3r4_9mzrirai8mz8bmsz7byihi7ya8.css

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

9770811a404364891c45240a4e73c586dd63aa5b0aa6335344b1b3e0c0206470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Mon, 15 May 2023 03:11:26 GMT
server: nginx
etag: W/"6461a2de-800c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css
my-royalmail.com/static/css/ 990 KB
146 KB 852ms
851ms Stylesheet
text/css 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

23412a473ff5249025a3f3a81fe3ba4af0ea5efa57d99c5773a3cb79945b8244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Mon, 15 May 2023 03:11:36 GMT
server: nginx
etag: W/"6461a2e8-f77d2"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 index.51b4ccb5.js Show response
my-royalmail.com/assets/ 309 KB
126 KB 1709ms
1707ms Script
application/javascript 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/index.51b4ccb5.js

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

387f872bb765a43e89b3b7e31921ab49ef81b8876beadce9b033c0715c94d5de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://my-royalmail.com/update
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: W/"65dde300-4d31b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 index.7d2c6415.css
my-royalmail.com/assets/ 11 KB
3 KB 1707ms
1706ms Stylesheet
text/css 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/index.7d2c6415.css

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

7d2c6415d1f4b260fe6e92098cf43da82c4c174b2df046e477e8e221e28d2201

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: W/"65dde300-2bce"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 logo.png
my-royalmail.com/static/picture/ 12 KB
13 KB 1709ms
1708ms Image
image/png 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my-royalmail.com/static/picture/logo.png

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13 May 2023 12:46:24 GMT
server: nginx
etag: "645f86a0-31ae"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 12718
expires: Sun, 31 Mar 2024 14:17:20 GMT

GET
H2 200 js_uy2dg2pqknulkouzwhuxcobe9yizgvdq7yewhfohqnq.js Show response
my-royalmail.com/static/js/ 122 KB
46 KB 1290ms
1290ms Script
application/javascript 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/js/js_uy2dg2pqknulkouzwhuxcobe9yizgvdq7yewhfohqnq.js

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

532d83836a6a90d50b928b99c07b97728044f582331af0eaed87b0845a21a8d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:20 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 13 May 2023 12:46:22 GMT
server: nginx
etag: W/"645f869e-1e70e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:20 GMT

GET
H2 200 js_terxot8vmmsfu-rvhjflvsqs0-ryvmjwqua-lk3j5r0.js Show response
my-royalmail.com/static/js/ 1 MB
427 KB 1033ms
1032ms Script
application/javascript 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/js/js_terxot8vmmsfu-rvhjflvsqs0-ryvmjwqua-lk3j5r0.js

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

e6e3ce6d79bea4b25debc4b3c1d026e49f02b1fcf06aae27f8bb353ddd289648

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Sat, 13 May 2023 12:56:12 GMT
server: nginx
etag: W/"645f88ec-151d63"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:23 GMT

GET
H2 200 pfdintextstd-bold-webfont.woff
my-royalmail.com/static/fonts/ 33 KB
33 KB 964ms
963ms Font
font/woff 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/fonts/pfdintextstd-bold-webfont.woff

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

3060f58cd766bb2fcaab5b176a99cc2d731086d6b895137554ceac63ee31db03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Mon, 15 May 2023 03:13:26 GMT
server: nginx
etag: "6461a356-8208"
content-type: font/woff
accept-ranges: bytes
content-length: 33288

GET
H2 200 chevinstd-bold.04a2b6dc.5febf201.woff2
my-royalmail.com/assets/ 27 KB
27 KB 965ms
964ms Font
font/woff2 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/chevinstd-bold.04a2b6dc.5febf201.woff2

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/assets/index.7d2c6415.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

5febf201204bf57a1560ecd3a705ed4766f1afa1280b900ac44f428d21df74c8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://my-royalmail.com/assets/index.7d2c6415.css
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: "65dde300-6c54"
content-type: font/woff2
accept-ranges: bytes
content-length: 27732

GET
H2 200 chevinstd-medium.79f5c13c.d78b4314.woff2
my-royalmail.com/assets/ 26 KB
26 KB 965ms
964ms Font
font/woff2 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/chevinstd-medium.79f5c13c.d78b4314.woff2

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/assets/index.7d2c6415.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

d78b43147db5b2635d9d509de7db47bb8dafb206426172a70dc754a2819c8542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://my-royalmail.com/assets/index.7d2c6415.css
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: "65dde300-6884"
content-type: font/woff2
accept-ranges: bytes
content-length: 26756

GET
H2 200 chevin-medium.woff
my-royalmail.com/static/fonts/ 34 KB
34 KB 964ms
964ms Font
font/woff 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/static/fonts/chevin-medium.woff

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

59b1b91d85d2c035f814c3bf2022b2b45cff6f816dfb9e918e1820d4e527d451

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13 May 2023 12:46:24 GMT
server: nginx
etag: "645f86a0-8706"
content-type: font/woff
accept-ranges: bytes
content-length: 34566

GET
DATA 200
OK truncated
/ 10 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab0d37e28146cdcbaed1152d246a8bede90c4bb6c116e076622daf055b858c9f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 scam-guidance.png
my-royalmail.com/static/images/ 5 KB
5 KB 939ms
938ms Image
image/png 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my-royalmail.com/static/images/scam-guidance.png

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

5e001149ad167758a03acb66388cc23c2aba60bbe811da33bb2ea44c59157eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13 May 2023 12:46:22 GMT
server: nginx
etag: "645f869e-12c3"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 4803
expires: Sun, 31 Mar 2024 14:17:23 GMT

GET
H2 200 keep-me-posted.png
my-royalmail.com/static/images/ 11 KB
11 KB 938ms
937ms Image
image/png 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my-royalmail.com/static/images/keep-me-posted.png

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

9314ec2d98780f916a6357eaee875203f4fb04438313c111fafa9a36ba579997

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/static/css/css_wjj-gv0lg6-h5v896dmzgsnac1loy_vttuhtkmyxllg.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13 May 2023 12:45:50 GMT
server: nginx
etag: "645f867e-2a91"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 10897
expires: Sun, 31 Mar 2024 14:17:23 GMT

GET
H2 200 safespace-logo.png
my-royalmail.com/static/picture/ 6 KB
7 KB 929ms
928ms Image
image/png 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://my-royalmail.com/static/picture/safespace-logo.png

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/update

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:23 GMT
strict-transport-security: max-age=31536000
last-modified: Sat, 13 May 2023 12:46:32 GMT
server: nginx
etag: "645f86a8-19bc"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 6588
expires: Sun, 31 Mar 2024 14:17:23 GMT

GET
H2 200 Index.ab7ad509.js Show response
my-royalmail.com/assets/ 44 KB
17 KB 215ms
214ms Script
application/javascript 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/Index.ab7ad509.js

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/assets/index.51b4ccb5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

1b7356ed9d20479a4fe185a3aeb04e6413c57a8a134e399ef6d66d2ca83428df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
Origin: https://my-royalmail.com
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: W/"65dde300-b19d"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:27 GMT

GET
H2 200 Index.dec93025.css
my-royalmail.com/assets/ 9 KB
3 KB 213ms
213ms Stylesheet
text/css 103.163.208.93
STARBOWLTD-AS-AP ...

General

Check archive.org

Show headers Download Go to

Full URL

https://my-royalmail.com/assets/Index.dec93025.css

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/assets/index.51b4ccb5.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

103.163.208.93 , Hong Kong, ASN140683 (STARBOWLTD-AS-AP Starbow Ltd., JP),

Reverse DNS

Software

nginx /

Resource Hash

dec930257b0383e3eb933f651b832a058ebede732a06430ff8190a8a8a52842f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://my-royalmail.com/update
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 14:17:27 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Tue, 27 Feb 2024 13:26:24 GMT
server: nginx
etag: W/"65dde300-2440"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Sat, 02 Mar 2024 02:17:27 GMT

POST
H2 200 check.php Show response
antal.buzz/php/app/index/ 129 B
572 B 1346ms
1127ms XHR
text/html 2606:4700:3032::6815:29e9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://antal.buzz/php/app/index/check.php

Requested by

Host: my-royalmail.com
URL: https://my-royalmail.com/assets/index.51b4ccb5.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3032::6815:29e9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46ba27578bc05033e4df4baf40c81cf1dd3a949172efb518f58b9bf61073fffe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json, text/plain, */*
Referer: https://my-royalmail.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Fri, 01 Mar 2024 14:17:28 GMT
strict-transport-security: max-age=31536000
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HeXfEvbj1wZ27HDPadutX4tV8HSDv61Gcg9jSZy%2Be05zxuwcI21flz6s9ULEdkh%2BPVYOGZxtx6xnXKgTUkk2Xk9iBEJVj9g68YmanB0%2F4W3V10Ihp5wF3VPxk1VvG1c51JTSgx1xgq2I"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-ray: 85d9c54d3fe88ce0-EWR
alt-svc: h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Royal Mail (Government)

24 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			my-royalmail.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 75fpl429tm4rpkork6qmeb5ljl

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

antal.buzz
my-royalmail.com
103.163.208.93
2606:4700:3032::6815:29e9
1b7356ed9d20479a4fe185a3aeb04e6413c57a8a134e399ef6d66d2ca83428df
23412a473ff5249025a3f3a81fe3ba4af0ea5efa57d99c5773a3cb79945b8244
3060f58cd766bb2fcaab5b176a99cc2d731086d6b895137554ceac63ee31db03
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
387f872bb765a43e89b3b7e31921ab49ef81b8876beadce9b033c0715c94d5de
41b8c92a2754c62935f690e124fd724f56655bfa8770867a6a56ca0aeefb2da6
46ba27578bc05033e4df4baf40c81cf1dd3a949172efb518f58b9bf61073fffe
532d83836a6a90d50b928b99c07b97728044f582331af0eaed87b0845a21a8d4
59b1b91d85d2c035f814c3bf2022b2b45cff6f816dfb9e918e1820d4e527d451
5a55e53c5c4dc0f7812b398ddc206ee577a42e7fa217b0ee3d6fab7cf35d0f59
5e001149ad167758a03acb66388cc23c2aba60bbe811da33bb2ea44c59157eb7
5febf201204bf57a1560ecd3a705ed4766f1afa1280b900ac44f428d21df74c8
7d2c6415d1f4b260fe6e92098cf43da82c4c174b2df046e477e8e221e28d2201
8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7
9314ec2d98780f916a6357eaee875203f4fb04438313c111fafa9a36ba579997
9770811a404364891c45240a4e73c586dd63aa5b0aa6335344b1b3e0c0206470
ab0d37e28146cdcbaed1152d246a8bede90c4bb6c116e076622daf055b858c9f
d78b43147db5b2635d9d509de7db47bb8dafb206426172a70dc754a2819c8542
dec930257b0383e3eb933f651b832a058ebede732a06430ff8190a8a8a52842f
e6e3ce6d79bea4b25debc4b3c1d026e49f02b1fcf06aae27f8bb353ddd289648

my-royalmail.com Open in urlscan Pro 103.163.208.93 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

19 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

3 IPs

2 Countries

967 kBTransfer

3157 kBSize

1 Cookies

59 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

24 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

my-royalmail.com Open in urlscan Pro
103.163.208.93 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

967 kB
Transfer

3157 kB
Size

1
Cookies

19 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!