l82053.hostde32.fornex.host
Open in
urlscan Pro
212.224.124.82
Malicious Activity!
Public Scan
Effective URL: http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Submission: On March 24 via api from US
Summary
This is the only time l82053.hostde32.fornex.host was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Post (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 205.144.171.167 205.144.171.167 | 7296 (ALCHEMYNET) (ALCHEMYNET) | |
15 | 212.224.124.82 212.224.124.82 | 44066 (DE-FIRSTC...) (DE-FIRSTCOLO www.first-colo.net) | |
7 | 185.12.164.222 185.12.164.222 | 60050 (SP-ASN) (SP-ASN) | |
23 | 3 |
ASN7296 (ALCHEMYNET, US)
PTR: 205-144-171-167.alchemy.net
lololhdamak-001-site1.itempurl.com |
ASN44066 (DE-FIRSTCOLO www.first-colo.net, DE)
PTR: hostde32.fornex.host
l82053.hostde32.fornex.host |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
fornex.host
l82053.hostde32.fornex.host |
265 KB |
7 |
sp.com.sa
my.sp.com.sa |
573 KB |
1 |
itempurl.com
lololhdamak-001-site1.itempurl.com |
552 B |
23 | 3 |
Domain | Requested by | |
---|---|---|
15 | l82053.hostde32.fornex.host |
l82053.hostde32.fornex.host
|
7 | my.sp.com.sa |
l82053.hostde32.fornex.host
|
1 | lololhdamak-001-site1.itempurl.com | |
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.facebook.com |
twitter.com |
www.youtube.com |
www.linkedin.com |
www.instagram.com |
itunes.apple.com |
play.google.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.splonline.com.sa DigiCert TLS RSA SHA256 2020 CA1 |
2021-03-06 - 2021-10-04 |
7 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation
Frame ID: CEEADD1CD37C7EDE10F1853E5A868A53
Requests: 23 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://lololhdamak-001-site1.itempurl.com/saudi2021.html Page URL
- http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
IIS (Web Servers) Expand
Detected patterns
- headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Modernizr (JavaScript Libraries) Expand
Detected patterns
- script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
7 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://lololhdamak-001-site1.itempurl.com/saudi2021.html Page URL
- http://l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/Confirmation Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
saudi2021.html
lololhdamak-001-site1.itempurl.com/ |
127 B 552 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
Confirmation
l82053.hostde32.fornex.host/SaudiPost-informs/saudipost2021/Account/ |
20 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-en.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/ |
169 KB 35 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/ |
30 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
modernizr.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/vendor/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
85 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/styles/ |
21 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
my.sp.com.sa/Assets/images/ |
81 KB 82 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apple.svg
my.sp.com.sa/Assets/images/ |
21 KB 22 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
googlePlay.svg
my.sp.com.sa/Assets/images/ |
14 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vendor.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/ |
130 KB 52 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
plugins.js
l82053.hostde32.fornex.host/SaudiPost-informs/Assets/scripts/ |
179 KB 65 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
23 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.unobtrusive.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.unobtrusive-ajax.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout-3.4.2.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
59 KB 25 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout.mapping-latest.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
knockout.validation.min.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/libs/ |
17 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main.js
l82053.hostde32.fornex.host/SaudiPost-informs/Scripts/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi.woff
my.sp.com.sa/Assets/fonts/ |
42 KB 42 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.svg
my.sp.com.sa/Assets/ |
346 KB 346 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi-Bold.woff
my.sp.com.sa/Assets/fonts/ |
42 KB 43 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidSans-webfont.woff
my.sp.com.sa/Assets/fonts/ |
22 KB 23 KB |
Font
font/x-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Post (Government)43 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr function| $ function| jQuery undefined| barNotificationTimeout function| showSuccessAlert function| showErrorAlert function| showWarnAlert function| showAlertMessage function| showPopup function| captchaReload object| EasyAutocomplete function| Popper function| _defineProperties function| _createClass function| _objectSpread function| _defineProperty function| _inheritsLoose object| Util function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| ScrollSpy function| Tab function| Tooltip function| Popover object| site object| ko string| CurrentPage function| getParameterByName function| validateForm function| session function| removeDuplicatesBy function| sortStringArrays function| formatBytes0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
l82053.hostde32.fornex.host
lololhdamak-001-site1.itempurl.com
my.sp.com.sa
185.12.164.222
205.144.171.167
212.224.124.82
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
1ae1faef91f5e19296b9568783f02c16bc99ed5be1c6107546bdce7b6005595e
1c00e718dd681090d6be68429997732a41c698eda1317d21309f75dee9254cf5
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
22e114691a04c263f1c4a5bd9d4f5a6edc7c59b596b66deedca067c0df44c962
241da8da1b8f879b6b2e27abc44c26b78085ed68f01777ed00bb9057474109ab
2506ccac5233ac4e796aa9e350bd0bd26c0e857c32255b9c12d4e0f63b68c27f
2d7d626015bf14076542821076b023a2aa06eae6359588757089553dee0eb59c
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f
5088c3b2df37174a6376844fdd9069ace24d5d15d6100bb19aaf56633b7494ae
52abc658f3a7f95805ffd2112f45e693a14dab9e8350e01828e82c8552910f78
61728a26ed31ee47c1921b17413c0b7ad8ea272771d1aea363b26bd1c8f0a0fb
67025a1128251d4947ad57417136dbcf08728349c3edef4775eae17ff6836b98
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
80645a0b5bc949bccc9ad77ba5622abdad9af93d0eacb860542488ab729e9d34
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
8881b27e1175a4b95992bbd7b5f6928793f1e9667e90c2e911ed7aa6250c1522
8d0ded9684cf686a85554d92e51c01703953e205fc217a85d0b737eed4d68cce
a25ef514af0de20eb5a64b64f1639853525da8538cc5b7cfaf9bbe41e2aeebba
c6da623993503a148a48eeef1ec47a69c22dc74783bd21876bd9158b90a39836
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f
e3395ef075ee4c9d243a2b3ba591a4ec4896f0cc6add2434cb416e19a291f4a4