l82053.hostde32.fornex.host Open in urlscan Pro
212.224.124.82  Malicious Activity! Public Scan

Submitted URL: http://lololhdamak-001-site1.itempurl.com/saudi2021.html
Effective URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Submission: On March 24 via api from US

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 23 HTTP transactions. The main IP is 212.224.124.82, located in Frankfurt am Main, Germany and belongs to DE-FIRSTCOLO www.first-colo.net, DE. The main domain is l82053.hostde32.fornex.host.
This is the only time l82053.hostde32.fornex.host was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saudi Post (Government)

Domain & IP information

IP Address AS Autonomous System
1 205.144.171.167 7296 (ALCHEMYNET)
15 212.224.124.82 44066 (DE-FIRSTC...)
7 185.12.164.222 60050 (SP-ASN)
23 3
Domain Requested by
15 l82053.hostde32.fornex.host l82053.hostde32.fornex.host
7 my.sp.com.sa l82053.hostde32.fornex.host
1 lololhdamak-001-site1.itempurl.com
23 3
Subject Issuer Validity Valid
*.splonline.com.sa
DigiCert TLS RSA SHA256 2020 CA1
2021-03-06 -
2021-10-04
7 months crt.sh

This page contains 1 frames:

Primary Page: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Frame ID: CEEADD1CD37C7EDE10F1853E5A868A53
Requests: 23 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://lololhdamak-001-site1.itempurl.com/saudi2021.html Page URL
  2. http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

30 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

839 kB
Transfer

1349 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://lololhdamak-001-site1.itempurl.com/saudi2021.html Page URL
  2. http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
saudi2021.html
lololhdamak-001-site1.itempurl.com/
127 B
552 B
Document
General
Full URL
http://lololhdamak-001-site1.itempurl.com/saudi2021.html
Protocol
HTTP/1.1
Server
205.144.171.167 , United States, ASN7296 (ALCHEMYNET, US),
Reverse DNS
205-144-171-167.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
22e114691a04c263f1c4a5bd9d4f5a6edc7c59b596b66deedca067c0df44c962

Request headers

Host
lololhdamak-001-site1.itempurl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control
max-age=31536000
Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Mon, 22 Mar 2021 10:51:32 GMT
Accept-Ranges
bytes
ETag
"856625291fd71:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Date
Wed, 24 Mar 2021 17:48:10 GMT
Content-Length
226
Primary Request Confirmation
l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/
20 KB
5 KB
Document
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
a25ef514af0de20eb5a64b64f1639853525da8538cc5b7cfaf9bbe41e2aeebba
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
l82053.hostde32.fornex.host
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://lololhdamak-001-site1.itempurl.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://lololhdamak-001-site1.itempurl.com/

Response headers

Server
nginx
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
main-en.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/
169 KB
35 KB
Stylesheet
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/main-en.css
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
1ae1faef91f5e19296b9568783f02c16bc99ed5be1c6107546bdce7b6005595e

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2a323"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
font-awesome.min.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/
30 KB
8 KB
Stylesheet
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/font-awesome.min.css
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
61728a26ed31ee47c1921b17413c0b7ad8ea272771d1aea363b26bd1c8f0a0fb

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-79ae"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
modernizr.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/vendor/
11 KB
5 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/vendor/modernizr.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
1c00e718dd681090d6be68429997732a41c698eda1317d21309f75dee9254cf5

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2af0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
jquery.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
85 KB
35 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/jquery.min.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-1538f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
style.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/
21 KB
6 KB
Stylesheet
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/style.css
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
8d0ded9684cf686a85554d92e51c01703953e205fc217a85d0b737eed4d68cce

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-55c3"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
logo.svg
my.sp.com.sa/Assets/images/
81 KB
82 KB
Image
General
Full URL
https://my.sp.com.sa/Assets/images/logo.svg
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"7cb233b59e15d71:0"
X-OPNET-Transaction-Trace
a2_5bcdc565-79b6-493f-ba79-5888807fe326-5576-488764
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:06 GMT
Accept-Ranges
bytes
Content-Length
82916
X-Xss-Protection
1; mode=block
apple.svg
my.sp.com.sa/Assets/images/
21 KB
22 KB
Image
General
Full URL
https://my.sp.com.sa/Assets/images/apple.svg
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"9f162cb59e15d71:0"
X-OPNET-Transaction-Trace
a2_5bcdc565-79b6-493f-ba79-5888807fe326-5576-488765
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:06 GMT
Accept-Ranges
bytes
Content-Length
21655
X-Xss-Protection
1; mode=block
googlePlay.svg
my.sp.com.sa/Assets/images/
14 KB
15 KB
Image
General
Full URL
https://my.sp.com.sa/Assets/images/googlePlay.svg
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"80642cb59e15d71:0"
X-OPNET-Transaction-Trace
a2_18fe337c-cef9-4368-89d7-2106dfa5b691-5800-488613
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:05 GMT
Accept-Ranges
bytes
Content-Length
14633
X-Xss-Protection
1; mode=block
vendor.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/
130 KB
52 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/vendor.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
2d7d626015bf14076542821076b023a2aa06eae6359588757089553dee0eb59c

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2097e"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
plugins.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/
179 KB
65 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/plugins.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
241da8da1b8f879b6b2e27abc44c26b78085ed68f01777ed00bb9057474109ab

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2cd48"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
jquery.validate.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
23 KB
9 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/jquery.validate.min.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:32 GMT
Server
nginx
ETag
W/"5f3a1670-5add"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
jquery.validate.unobtrusive.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
6 KB
3 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/jquery.validate.unobtrusive.min.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-1684"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
jquery.unobtrusive-ajax.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
4 KB
2 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/jquery.unobtrusive-ajax.min.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
c6da623993503a148a48eeef1ec47a69c22dc74783bd21876bd9158b90a39836

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-f0c"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
knockout-3.4.2.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
59 KB
25 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/knockout-3.4.2.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:32 GMT
Server
nginx
ETag
W/"5f3a1670-ec3e"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
knockout.mapping-latest.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
9 KB
4 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/knockout.mapping-latest.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
2506ccac5233ac4e796aa9e350bd0bd26c0e857c32255b9c12d4e0f63b68c27f

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-254a"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
knockout.validation.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/
17 KB
7 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/knockout.validation.min.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
8881b27e1175a4b95992bbd7b5f6928793f1e9667e90c2e911ed7aa6250c1522

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-45c3"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
main.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/
16 KB
4 KB
Script
General
Full URL
http://l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/main.js
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
212.224.124.82 Frankfurt am Main, Germany, ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE),
Reverse DNS
hostde32.fornex.host
Software
nginx /
Resource Hash
52abc658f3a7f95805ffd2112f45e693a14dab9e8350e01828e82c8552910f78

Request headers

Referer
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Wed, 24 Mar 2021 17:48:11 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-41f8"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Fri, 23 Apr 2021 17:48:11 GMT
DroidArabicKufi.woff
my.sp.com.sa/Assets/fonts/
42 KB
42 KB
Font
General
Full URL
https://my.sp.com.sa/Assets/fonts/DroidArabicKufi.woff
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
80645a0b5bc949bccc9ad77ba5622abdad9af93d0eacb860542488ab729e9d34
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://l82053.hostde32.fornex.host
Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"8b6f28b59e15d71:0"
X-OPNET-Transaction-Trace
a2_212ec6f1-3d5e-41c2-812b-6e87db2ce054-17960-495362
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:09 GMT
Accept-Ranges
bytes
Content-Length
42584
X-Xss-Protection
1; mode=block
icons.svg
my.sp.com.sa/Assets/
346 KB
346 KB
Image
General
Full URL
https://my.sp.com.sa/Assets/icons.svg
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
5088c3b2df37174a6376844fdd9069ace24d5d15d6100bb19aaf56633b7494ae
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"b0a12bb59e15d71:0"
X-OPNET-Transaction-Trace
a2_c4f87701-f8bf-473a-aabf-0ecaeb337233-5952-495053
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:05 GMT
Accept-Ranges
bytes
Content-Length
354047
X-Xss-Protection
1; mode=block
DroidArabicKufi-Bold.woff
my.sp.com.sa/Assets/fonts/
42 KB
43 KB
Font
General
Full URL
https://my.sp.com.sa/Assets/fonts/DroidArabicKufi-Bold.woff
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
67025a1128251d4947ad57417136dbcf08728349c3edef4775eae17ff6836b98
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://l82053.hostde32.fornex.host
Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"aafa27b59e15d71:0"
X-OPNET-Transaction-Trace
a2_a772a29d-a718-4b8e-ad12-0d9cd100ed97-7864-500687
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:05 GMT
Accept-Ranges
bytes
Content-Length
42928
X-Xss-Protection
1; mode=block
DroidSans-webfont.woff
my.sp.com.sa/Assets/fonts/
22 KB
23 KB
Font
General
Full URL
https://my.sp.com.sa/Assets/fonts/DroidSans-webfont.woff
Requested by
Host: l82053.hostde32.fornex.host
URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
e3395ef075ee4c9d243a2b3ba591a4ec4896f0cc6add2434cb416e19a291f4a4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://l82053.hostde32.fornex.host
Referer
http://l82053.hostde32.fornex.host/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Mar 2021 11:15:41 GMT
ETag
"5d5929b59e15d71:0"
X-OPNET-Transaction-Trace
a2_a772a29d-a718-4b8e-ad12-0d9cd100ed97-7864-500694
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Wed, 24 Mar 2021 17:48:06 GMT
Accept-Ranges
bytes
Content-Length
22792
X-Xss-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saudi Post (Government)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr function| $ function| jQuery undefined| barNotificationTimeout function| showSuccessAlert function| showErrorAlert function| showWarnAlert function| showAlertMessage function| showPopup function| captchaReload object| EasyAutocomplete function| Popper function| _defineProperties function| _createClass function| _objectSpread function| _defineProperty function| _inheritsLoose object| Util function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| ScrollSpy function| Tab function| Tooltip function| Popover object| site object| ko string| CurrentPage function| getParameterByName function| validateForm function| session function| removeDuplicatesBy function| sortStringArrays function| formatBytes

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

l82053.hostde32.fornex.host
lololhdamak-001-site1.itempurl.com
my.sp.com.sa
185.12.164.222
205.144.171.167
212.224.124.82
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
1ae1faef91f5e19296b9568783f02c16bc99ed5be1c6107546bdce7b6005595e
1c00e718dd681090d6be68429997732a41c698eda1317d21309f75dee9254cf5
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
22e114691a04c263f1c4a5bd9d4f5a6edc7c59b596b66deedca067c0df44c962
241da8da1b8f879b6b2e27abc44c26b78085ed68f01777ed00bb9057474109ab
2506ccac5233ac4e796aa9e350bd0bd26c0e857c32255b9c12d4e0f63b68c27f
2d7d626015bf14076542821076b023a2aa06eae6359588757089553dee0eb59c
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f
5088c3b2df37174a6376844fdd9069ace24d5d15d6100bb19aaf56633b7494ae
52abc658f3a7f95805ffd2112f45e693a14dab9e8350e01828e82c8552910f78
61728a26ed31ee47c1921b17413c0b7ad8ea272771d1aea363b26bd1c8f0a0fb
67025a1128251d4947ad57417136dbcf08728349c3edef4775eae17ff6836b98
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
80645a0b5bc949bccc9ad77ba5622abdad9af93d0eacb860542488ab729e9d34
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
8881b27e1175a4b95992bbd7b5f6928793f1e9667e90c2e911ed7aa6250c1522
8d0ded9684cf686a85554d92e51c01703953e205fc217a85d0b737eed4d68cce
a25ef514af0de20eb5a64b64f1639853525da8538cc5b7cfaf9bbe41e2aeebba
c6da623993503a148a48eeef1ec47a69c22dc74783bd21876bd9158b90a39836
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f
e3395ef075ee4c9d243a2b3ba591a4ec4896f0cc6add2434cb416e19a291f4a4