![](/screenshots/ab71aafc-7ba0-4411-bf55-bbf495de2995.png)
he22dzuh.dreamwp.com
Open in
urlscan Pro
122.201.127.230
Malicious Activity!
Public Scan
Effective URL: https://he22dzuh.dreamwp.com/ar/ar/
Submission: On November 06 via manual from FR — Scanned from AU
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 4th 2023. Valid for: a year.
This is the only time he22dzuh.dreamwp.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Aramex (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 203.170.87.121 203.170.87.121 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
15 | 122.201.127.230 122.201.127.230 | 38719 (DREAMSCAP...) (DREAMSCAPE-AS-AP Dreamscape Networks Limited) | |
1 | 172.217.167.74 172.217.167.74 | 15169 (GOOGLE) (GOOGLE) | |
3 | 142.251.221.67 142.251.221.67 | 15169 (GOOGLE) (GOOGLE) | |
20 | 4 |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: ipcbaa5779.ipv4.syd02.ds.network
acaciadining.com.au |
ASN38719 (DREAMSCAPE-AS-AP Dreamscape Networks Limited, AU)
PTR: ip7ac97fe6.ipv4.syd02.ds.network
he22dzuh.dreamwp.com |
ASN15169 (GOOGLE, US)
PTR: syd15s06-in-f10.1e100.net
fonts.googleapis.com |
ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f3.1e100.net
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
dreamwp.com
he22dzuh.dreamwp.com |
148 KB |
3 |
gstatic.com
fonts.gstatic.com |
36 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 31 |
904 B |
1 |
acaciadining.com.au
acaciadining.com.au |
358 B |
20 | 4 |
Domain | Requested by | |
---|---|---|
15 | he22dzuh.dreamwp.com |
he22dzuh.dreamwp.com
|
3 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | fonts.googleapis.com |
client
|
1 | acaciadining.com.au | |
20 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.dreamwp.com Sectigo RSA Domain Validation Secure Server CA |
2023-01-04 - 2024-01-15 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-10-16 - 2024-01-08 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-10-16 - 2024-01-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://he22dzuh.dreamwp.com/ar/ar/
Frame ID: BD2EF4DFEED69BCEB7CD5F92622DA682
Requests: 20 HTTP requests in this frame
Screenshot
![](/screenshots/ab71aafc-7ba0-4411-bf55-bbf495de2995.png)
Page Title
| AramexPage URL History Show full URLs
- http://acaciadining.com.au/ar/ Page URL
- https://he22dzuh.dreamwp.com/ar/ar/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://acaciadining.com.au/ar/ Page URL
- https://he22dzuh.dreamwp.com/ar/ar/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
acaciadining.com.au/ar/ |
92 B 358 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
he22dzuh.dreamwp.com/ar/ar/ |
634 B 481 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
197 KB 66 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
4 KB 904 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
755.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
88 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
373.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.json
he22dzuh.dreamwp.com/ar/ar/includes/ |
2 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ar.json
he22dzuh.dreamwp.com/ar/ar/includes/lang/ |
38 KB 11 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/ |
12 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
en.json
he22dzuh.dreamwp.com/ar/ar/includes/lang/ |
2 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
390.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
62.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
59 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
673.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
825.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
17 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
789.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
352.main.min.js
he22dzuh.dreamwp.com/ar/ar/app-assets/js/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
schedule_pickup.svg
he22dzuh.dreamwp.com/ar/ar/app-assets/image/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Logo.svg
he22dzuh.dreamwp.com/ar/ar/app-assets/image/ |
7 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NaPDcZTIAOhVxoMyOr9n_E7ffBzCGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/ |
12 KB 12 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Aramex (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| webpackChunkpostal0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
acaciadining.com.au
fonts.googleapis.com
fonts.gstatic.com
he22dzuh.dreamwp.com
122.201.127.230
142.251.221.67
172.217.167.74
203.170.87.121
089ff2b8a32512d26c49f3ff17ed6afeba40de9eea3e532bb946759dfcb27684
0fffff6cb43b14abdcae68d2cc56ebfeefa2428da9acf9ee81f563a8e9c4997a
2a5e1fdc8e264327be71c3063cc6bf1dd8a618576310a5d26dc31ba8d6f83616
36eca8c152234c9df98fb97c9abae4e3d44f6fcc6e00147a94d250ae4e55f378
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
6670db93276fd9cad301be3295d57e478da3b19a7746d86c167b369f0cadf52b
685310e8af07d887161079d7059804cca2422c82c8e755f8d164f18c3dc2c6a5
6be58f750389ffc8ab515ff2ab02b4f4bddc1cde0a09613fa123b86353df2dfc
8041d8259f8406dec8916bf08ff0ec0d601e187f0d15a4e315415fa758e1654c
820e9beb3ec6f407de6212dd800cba8046d583b2894705d3aeb2af3320d51a84
88a4c6d8b40cc7ad1dedecffd7083e4926bc1f9dadefc7c60bfad7425b4dc77f
97800bd73acdc5559e315389590d3ca69bbe021c70692ef11ac556c68e8682ac
a299d125fd86893e8b4c547db5f9431518d45594e5596583a4f3f37fba69f39d
ac0f714c47fd74bf6d790035e2fd96911311e0c1609502c600640569a438170e
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
dd870101ad4e95d687a2eb734707b0dd7c20808f76d7be77a71a5d13cf99401c
de6a55092cba78e1d149ad8c5859cba2d9fabefa2df040fbe495ae47e9f0515e
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773
ee1aecfa9469f4bd2eb39f877fcc31e52ef73b7ba4e387042ef0075a58b3b931