tracking-emiratespost.dynip.online Open in urlscan Pro
217.18.63.179 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://s.id/1qCIC
Effective URL:
https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Submission: On November 30 via manual (November 30th 2022, 6:34:48 pm UTC) from AE — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 3 countries across 3 domains to perform 20 HTTP transactions. The main IP is 217.18.63.179, located in Moscow, Russian Federation and belongs to TIMEWEB-AS, RU. The main domain is tracking-emiratespost.dynip.online.
TLS certificate: Issued by R3 on November 29th 2022. Valid for: 3 months.

This is the only time tracking-emiratespost.dynip.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Emirates Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	45.126.58.78 45.126.58.78	132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia)
19	217.18.63.179 217.18.63.179	9123 (TIMEWEB-AS) (TIMEWEB-AS)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
20	2

1 45.126.58.78 (Indonesia) 1 redirects

ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)

s.id	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 217.18.63.179 (Moscow, Russian Federation)

ASN9123 (TIMEWEB-AS, RU)
PTR: 1121973-ce52187.tw1.ru

tracking-emiratespost.dynip.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
19	dynip.online tracking-emiratespost.dynip.online	198 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 107	1011 B
1	s.id 1 redirects s.id — Cisco Umbrella Rank: 121249	197 B
20	3

	Domain	Requested by
19	tracking-emiratespost.dynip.online	tracking-emiratespost.dynip.online
1	fonts.googleapis.com	tracking-emiratespost.dynip.online
1	s.id	1 redirects
20	3

This site contains no links.

Subject Issuer	Validity	Valid
tracking-emiratespost.dynip.online R3	`2022-11-29` - `2023-02-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-02` - `2023-01-25`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Frame ID: FF9E9382FBFC182B2605870A6BD5A0D3
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Emirates Post

Page URL History Show full URLs

https://s.id/1qCIC HTTP 301
https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

199 kB
Transfer

557 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://s.id/1qCIC HTTP 301
https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Redirect Chain

https://s.id/1qCIC
https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

10 KB
3 KB

196ms
57ms

Document
text/html

217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

689c92039510600677c54ae9126e19fa11eb0d01884a77e17599a06dba62c271

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 30 Nov 2022 18:34:41 GMT
etag: W/"63878a2f-299d"
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: Accept-Encoding

Redirect headers

cache-control: private, max-age=30
content-length: 116
content-type: text/html; charset=utf-8
date: Wed, 30 Nov 2022 18:34:43 GMT
location: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
strict-transport-security: max-age=15724800; includeSubDomains

GET
H2 200 index.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 3 KB
910 B 59ms
58ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/index.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

ab20d8ca042e3971cc9b47007fa9ca6d25cf6e96abde88b3b1766296628a14ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-ce9"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 UIComponents_UC.Header_Logo_2x.png
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/ 17 KB
17 KB 115ms
115ms Image
image/png 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/UIComponents_UC.Header_Logo_2x.png

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

2e6c37dce49aa29359da9f8213274dd675646341fb974561dcd467ad50d65beb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: "63878a2f-42c0"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 17088
expires: Fri, 30 Dec 2022 18:34:41 GMT

GET
H2 404 postkor.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/ 0
0 96ms
92ms Stylesheet
text/html 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/postkor.css
Requested by: Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS: 1121973-ce52187.tw1.ru
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 banrkolan.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/ 0
0 96ms
92ms Stylesheet
text/html 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/banrkolan.css
Requested by: Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS: 1121973-ce52187.tw1.ru
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 bbs.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/ 0
0 97ms
93ms Stylesheet
text/html 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/bbs.css
Requested by: Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS: 1121973-ce52187.tw1.ru
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 reset.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/ 0
0 97ms
93ms Stylesheet
text/html 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/reset.css
Requested by: Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS: 1121973-ce52187.tw1.ru
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 404 font.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/ 0
0 97ms
94ms Stylesheet
text/html 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/font.css
Requested by: Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),
Reverse DNS: 1121973-ce52187.tw1.ru
Software: nginx /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
server: nginx
content-length: 548
content-type: text/html

GET
H2 200 bootstrap.min.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 158 KB
28 KB 98ms
95ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/bootstrap.min.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

f8fe35612b4eeac21706418c7de85adeb3731c4e08302af357a983620e470016

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-2794c"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 validationEngine.jquery.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 3 KB
1 KB 152ms
149ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/validationEngine.jquery.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-d06"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 flaticon.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 1 KB
670 B 153ms
150ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/flaticon.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-4ba"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 fontawesome-all.min.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 36 KB
9 KB 153ms
151ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/fontawesome-all.min.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

cfac6241dd3aabb5f1552c17501790093015c006a8e13671823c1ff4872beaae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-8ef7"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 new-style-common-screen.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 70 KB
12 KB 153ms
151ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/new-style-common-screen.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

7a30c78d591040258f9f9d981f7495e9b3a175364fa06463647a441994f7e541

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-1198a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 common-dynamic.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 519 B
722 B 154ms
151ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/common-dynamic.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

fdcb0b24c450c291ff671a4796be86d9220675a2ef20b1ba9967cd93d6b3aa64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: "63878a2f-207"
content-type: text/css
cache-control: max-age=43200
accept-ranges: bytes
content-length: 519
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 visa.png
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/ 14 KB
14 KB 155ms
153ms Image
image/png 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/visa.png

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

360657b0831aa856ab1921f0c0d2a0e89e92cf8ef79635e759d499c530264f1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: "63878a2f-37b8"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 14264
expires: Fri, 30 Dec 2022 18:34:41 GMT

GET
H2 200 mastercard.png
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/ 2 KB
2 KB 155ms
153ms Image
image/png 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/images/mastercard.png

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

a658a0009d7afb4439a08cdc445ab2412016d5bb4befb24797eedd7a63981ee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: "63878a2f-7f4"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 2036
expires: Fri, 30 Dec 2022 18:34:41 GMT

GET
H2 200 base-bc635a8066cae48fe4ae1e9584dae35a3c5aac5f287d88362b4e02cb3b3f8c5f.css
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 3 KB
2 KB 154ms
152ms Stylesheet
text/css 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/base-bc635a8066cae48fe4ae1e9584dae35a3c5aac5f287d88362b4e02cb3b3f8c5f.css

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

ed696db79e2cdac5db4ad2883e3ddb80fed59ef426cd565aee4c4edf385b188d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-aa3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 application-b183243468889ccac29f50cb91971600b27ab309c289600f0e29f9a77e11b2b4.js Show response
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 200 KB
70 KB 154ms
152ms Script
application/javascript 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/application-b183243468889ccac29f50cb91971600b27ab309c289600f0e29f9a77e11b2b4.js

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

b183243468889ccac29f50cb91971600b27ab309c289600f0e29f9a77e11b2b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
content-encoding: gzip
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: W/"63878a2f-31eb3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=43200
expires: Thu, 01 Dec 2022 06:34:41 GMT

GET
H2 200 js Show response
tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/ 37 KB
37 KB 155ms
153ms Script
application/octet-stream 217.18.63.179
TIMEWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/js

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

217.18.63.179 Moscow, Russian Federation, ASN9123 (TIMEWEB-AS, RU),

Reverse DNS

1121973-ce52187.tw1.ru

Software

nginx /

Resource Hash

c76ef5645e14cb6a36c7125a7a4bba9a44a61e6392a1e16f224db0e2d376d1e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

date: Wed, 30 Nov 2022 18:34:41 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 30 Nov 2022 16:51:59 GMT
server: nginx
etag: "63878a2f-945d"
content-type: application/octet-stream
accept-ranges: bytes
content-length: 37981

GET
H2 200 css
fonts.googleapis.com/ 2 KB
1011 B 38ms
17ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=PT+Sans:400,700

Requested by

Host: tracking-emiratespost.dynip.online
URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/css/new-style-common-screen.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e2464f998b38ae5f4a6f68dd19faea6939ccb6db5388ce17a0621c3fe186f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tracking-emiratespost.dynip.online/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.121 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 30 Nov 2022 18:34:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 30 Nov 2022 18:26:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 30 Nov 2022 18:34:44 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Emirates Post (Transportation)

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/postkor.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/banrkolan.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/bbs.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/reset.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tracking-emiratespost.dynip.online/S336358533/GlifWebSignIn/portal/2a850/9ach/font.css Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
s.id
tracking-emiratespost.dynip.online
217.18.63.179
2a00:1450:4001:811::200a
45.126.58.78
2650ffdcb2bf4147d062825fee353bd86e80c1f1c22c0b29ea856fdd3213e0a3
2e6c37dce49aa29359da9f8213274dd675646341fb974561dcd467ad50d65beb
360657b0831aa856ab1921f0c0d2a0e89e92cf8ef79635e759d499c530264f1d
689c92039510600677c54ae9126e19fa11eb0d01884a77e17599a06dba62c271
7a30c78d591040258f9f9d981f7495e9b3a175364fa06463647a441994f7e541
a658a0009d7afb4439a08cdc445ab2412016d5bb4befb24797eedd7a63981ee0
ab20d8ca042e3971cc9b47007fa9ca6d25cf6e96abde88b3b1766296628a14ca
b183243468889ccac29f50cb91971600b27ab309c289600f0e29f9a77e11b2b4
c76ef5645e14cb6a36c7125a7a4bba9a44a61e6392a1e16f224db0e2d376d1e8
cd363d0f8425d6b271c14ee5d6a8d693c3aa1323b64979b69c69d26661927303
cfac6241dd3aabb5f1552c17501790093015c006a8e13671823c1ff4872beaae
e2464f998b38ae5f4a6f68dd19faea6939ccb6db5388ce17a0621c3fe186f859
ed696db79e2cdac5db4ad2883e3ddb80fed59ef426cd565aee4c4edf385b188d
f8fe35612b4eeac21706418c7de85adeb3731c4e08302af357a983620e470016
fdcb0b24c450c291ff671a4796be86d9220675a2ef20b1ba9967cd93d6b3aa64

tracking-emiratespost.dynip.online Open in urlscan Pro 217.18.63.179 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

3 Countries

199 kBTransfer

557 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

61 JavaScript Global Variables

0 Cookies

5 Console Messages

Security Headers

Indicators

tracking-emiratespost.dynip.online Open in urlscan Pro
217.18.63.179 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

3
Countries

199 kB
Transfer

557 kB
Size

0
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!