urlscan.io logo urlscan.io
SecurityTrails logo

c81007.hostch01.fornex.org Open in urlscan Pro
176.10.97.16  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://postisaudia-001-site1.gtempurl.com/service.html
Effective URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Submission: On March 07 via manual from SA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 23 HTTP transactions. The main IP is 176.10.97.16, located in Switzerland and belongs to AS-SOFTPLUS, CH. The main domain is c81007.hostch01.fornex.org.
This is the only time c81007.hostch01.fornex.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saudi Post (Government)

Domain & IP information

IP Address AS Autonomous System
1 205.144.171.169 7296 (ALCHEMYNET)
15 176.10.97.16 51395 (AS-SOFTPLUS)
7 185.12.164.222 60050 (SP-ASN)
23 3
Domain Requested by
15 c81007.hostch01.fornex.org c81007.hostch01.fornex.org
7 my.sp.com.sa c81007.hostch01.fornex.org
1 postisaudia-001-site1.gtempurl.com
23 3
Subject Issuer Validity Valid
*.sp.com.sa
DigiCert SHA2 Secure Server CA		 2020-06-25 -
2021-10-06		 a year crt.sh

This page contains 1 frames:

Primary Page: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Frame ID: 621D453B59A33FE72129F2286598F4FA
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://postisaudia-001-site1.gtempurl.com/service.html Page URL
  2. http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

23
Requests

30 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

839 kB
Transfer

1349 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://postisaudia-001-site1.gtempurl.com/service.html Page URL
  2. http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
service.html
postisaudia-001-site1.gtempurl.com/ 		119 B
548 B 		Document
General
Check archive.org
Download Go to
Full URL
http://postisaudia-001-site1.gtempurl.com/service.html
Protocol
HTTP/1.1
Server
205.144.171.169 , United States, ASN7296 (ALCHEMYNET, US),
Reverse DNS
205-144-171-169.alchemy.net
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
96f56ade9633d87709a122b127b8c593d4662b0f06160fc09d98d553fb430fa6

Request headers

Host
postisaudia-001-site1.gtempurl.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Cache-Control
max-age=31536000
Content-Type
text/html
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2021 15:14:57 GMT
Accept-Ranges
bytes
ETag
"73b5fbf83f10d71:0"
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Date
Sun, 07 Mar 2021 09:58:58 GMT
Content-Length
220
Primary Request Confirmation
c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/ 		20 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
a25ef514af0de20eb5a64b64f1639853525da8538cc5b7cfaf9bbe41e2aeebba
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
c81007.hostch01.fornex.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://postisaudia-001-site1.gtempurl.com/
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
http://postisaudia-001-site1.gtempurl.com/

Response headers

Server
nginx
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
X-Frame-Options
SAMEORIGIN
Content-Encoding
gzip
main-en.css
c81007.hostch01.fornex.org/post-saudi/Assets/styles/ 		169 KB
35 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/main-en.css
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
1ae1faef91f5e19296b9568783f02c16bc99ed5be1c6107546bdce7b6005595e

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2a323"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
font-awesome.min.css
c81007.hostch01.fornex.org/post-saudi/Assets/styles/ 		30 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/font-awesome.min.css
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
61728a26ed31ee47c1921b17413c0b7ad8ea272771d1aea363b26bd1c8f0a0fb

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-79ae"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
modernizr.js
c81007.hostch01.fornex.org/post-saudi/Assets/scripts/vendor/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/scripts/vendor/modernizr.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
1c00e718dd681090d6be68429997732a41c698eda1317d21309f75dee9254cf5

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2af0"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
jquery.min.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		85 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/jquery.min.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-1538f"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
style.css
c81007.hostch01.fornex.org/post-saudi/Assets/styles/ 		21 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/style.css
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
8d0ded9684cf686a85554d92e51c01703953e205fc217a85d0b737eed4d68cce

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-55c3"
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
logo.svg
my.sp.com.sa/Assets/images/ 		81 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.sp.com.sa/Assets/images/logo.svg
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"a0d7784070ffd61:0"
X-OPNET-Transaction-Trace
a2_bd49e24a-8761-4afe-b205-f4416dc6709f-24436-475149
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:57 GMT
Accept-Ranges
bytes
Content-Length
82916
X-Xss-Protection
1; mode=block
apple.svg
my.sp.com.sa/Assets/images/ 		21 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.sp.com.sa/Assets/images/apple.svg
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"c0e2744070ffd61:0"
X-OPNET-Transaction-Trace
a2_a6a1cd5e-a4cb-4fa0-b67a-fdd012c8d4f3-11764-524897
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:58 GMT
Accept-Ranges
bytes
Content-Length
21655
X-Xss-Protection
1; mode=block
googlePlay.svg
my.sp.com.sa/Assets/images/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.sp.com.sa/Assets/images/googlePlay.svg
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"9f57754070ffd61:0"
X-OPNET-Transaction-Trace
a2_bd49e24a-8761-4afe-b205-f4416dc6709f-24436-475150
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:57 GMT
Accept-Ranges
bytes
Content-Length
14633
X-Xss-Protection
1; mode=block
vendor.js
c81007.hostch01.fornex.org/post-saudi/Assets/scripts/ 		130 KB
52 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/scripts/vendor.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
2d7d626015bf14076542821076b023a2aa06eae6359588757089553dee0eb59c

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2097e"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
plugins.js
c81007.hostch01.fornex.org/post-saudi/Assets/scripts/ 		179 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Assets/scripts/plugins.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
241da8da1b8f879b6b2e27abc44c26b78085ed68f01777ed00bb9057474109ab

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:22 GMT
Server
nginx
ETag
W/"5f3a1666-2cd48"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
jquery.validate.min.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		23 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/jquery.validate.min.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:32 GMT
Server
nginx
ETag
W/"5f3a1670-5add"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
jquery.validate.unobtrusive.min.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/jquery.validate.unobtrusive.min.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-1684"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
jquery.unobtrusive-ajax.min.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/jquery.unobtrusive-ajax.min.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
c6da623993503a148a48eeef1ec47a69c22dc74783bd21876bd9158b90a39836

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-f0c"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
knockout-3.4.2.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/knockout-3.4.2.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:32 GMT
Server
nginx
ETag
W/"5f3a1670-ec3e"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
knockout.mapping-latest.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/knockout.mapping-latest.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
2506ccac5233ac4e796aa9e350bd0bd26c0e857c32255b9c12d4e0f63b68c27f

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-254a"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
knockout.validation.min.js
c81007.hostch01.fornex.org/post-saudi/Scripts/libs/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/libs/knockout.validation.min.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
8881b27e1175a4b95992bbd7b5f6928793f1e9667e90c2e911ed7aa6250c1522

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-45c3"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
main.js
c81007.hostch01.fornex.org/post-saudi/Scripts/ 		16 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://c81007.hostch01.fornex.org/post-saudi/Scripts/main.js
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
Protocol
HTTP/1.1
Server
176.10.97.16 , Switzerland, ASN51395 (AS-SOFTPLUS, CH),
Reverse DNS
hostch01-1.fornex.org
Software
nginx /
Resource Hash
52abc658f3a7f95805ffd2112f45e693a14dab9e8350e01828e82c8552910f78

Request headers

Referer
http://c81007.hostch01.fornex.org/post-saudi/saudipost2021/Account/Confirmation
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
public
Date
Sun, 07 Mar 2021 09:58:59 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Aug 2020 05:32:30 GMT
Server
nginx
ETag
W/"5f3a166e-41f8"
Transfer-Encoding
chunked
Content-Type
application/javascript
Cache-Control
max-age=2592000, public, must-revalidate, proxy-revalidate
Connection
keep-alive
Expires
Tue, 06 Apr 2021 09:58:59 GMT
DroidArabicKufi.woff
my.sp.com.sa/Assets/fonts/ 		42 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.sp.com.sa/Assets/fonts/DroidArabicKufi.woff
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
80645a0b5bc949bccc9ad77ba5622abdad9af93d0eacb860542488ab729e9d34
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://c81007.hostch01.fornex.org
Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"352b694070ffd61:0"
X-OPNET-Transaction-Trace
a2_a6a1cd5e-a4cb-4fa0-b67a-fdd012c8d4f3-11764-524898
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:58 GMT
Accept-Ranges
bytes
Content-Length
42584
X-Xss-Protection
1; mode=block
icons.svg
my.sp.com.sa/Assets/ 		346 KB
346 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.sp.com.sa/Assets/icons.svg
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
5088c3b2df37174a6376844fdd9069ace24d5d15d6100bb19aaf56633b7494ae
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"899a6b4070ffd61:0"
X-OPNET-Transaction-Trace
a2_bd49e24a-8761-4afe-b205-f4416dc6709f-24436-475151
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:57 GMT
Accept-Ranges
bytes
Content-Length
354047
X-Xss-Protection
1; mode=block
DroidArabicKufi-Bold.woff
my.sp.com.sa/Assets/fonts/ 		42 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.sp.com.sa/Assets/fonts/DroidArabicKufi-Bold.woff
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/main-en.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
67025a1128251d4947ad57417136dbcf08728349c3edef4775eae17ff6836b98
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://c81007.hostch01.fornex.org
Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"352b694070ffd61:0"
X-OPNET-Transaction-Trace
a2_d7629761-bf27-4477-82c1-d591600aa66e-8440-515348
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:57 GMT
Accept-Ranges
bytes
Content-Length
42928
X-Xss-Protection
1; mode=block
DroidSans-webfont.woff
my.sp.com.sa/Assets/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.sp.com.sa/Assets/fonts/DroidSans-webfont.woff
Requested by
Host: c81007.hostch01.fornex.org
URL: http://c81007.hostch01.fornex.org/post-saudi/Assets/styles/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.12.164.222 , Saudi Arabia, ASN60050 (SP-ASN, SA),
Reverse DNS
my.sp.com.sa
Software
/
Resource Hash
e3395ef075ee4c9d243a2b3ba591a4ec4896f0cc6add2434cb416e19a291f4a4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
http://c81007.hostch01.fornex.org
Referer
http://c81007.hostch01.fornex.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=16070400; includeSubDomains
Last-Modified
Wed, 10 Feb 2021 05:47:43 GMT
ETag
"43b66f4070ffd61:0"
X-OPNET-Transaction-Trace
a2_d7629761-bf27-4477-82c1-d591600aa66e-8440-515352
X-Frame-Options
SAMEORIGIN
Content-Type
font/x-woff
Access-Control-Allow-Origin
*
Date
Sun, 07 Mar 2021 09:58:57 GMT
Accept-Ranges
bytes
Content-Length
22792
X-Xss-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saudi Post (Government)

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| trustedTypes boolean| crossOriginIsolated object| html5 object| Modernizr function| $ function| jQuery undefined| barNotificationTimeout function| showSuccessAlert function| showErrorAlert function| showWarnAlert function| showAlertMessage function| showPopup function| captchaReload object| EasyAutocomplete function| Popper function| _defineProperties function| _createClass function| _objectSpread function| _defineProperty function| _inheritsLoose object| Util function| Alert function| Button function| Carousel function| Collapse function| Dropdown function| Modal function| ScrollSpy function| Tab function| Tooltip function| Popover object| site object| ko string| CurrentPage function| getParameterByName function| validateForm function| session function| removeDuplicatesBy function| sortStringArrays function| formatBytes

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c81007.hostch01.fornex.org
my.sp.com.sa
postisaudia-001-site1.gtempurl.com
176.10.97.16
185.12.164.222
205.144.171.169
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
17a879e50c3ab3078afaded288e257fb66e94806b76ff7e796b54226f9848f50
1ae1faef91f5e19296b9568783f02c16bc99ed5be1c6107546bdce7b6005595e
1c00e718dd681090d6be68429997732a41c698eda1317d21309f75dee9254cf5
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
241da8da1b8f879b6b2e27abc44c26b78085ed68f01777ed00bb9057474109ab
2506ccac5233ac4e796aa9e350bd0bd26c0e857c32255b9c12d4e0f63b68c27f
2d7d626015bf14076542821076b023a2aa06eae6359588757089553dee0eb59c
494f0ab6f89e6fb8d0f3a4395207a7f06408c972cadaea17f82155dba012555f
5088c3b2df37174a6376844fdd9069ace24d5d15d6100bb19aaf56633b7494ae
52abc658f3a7f95805ffd2112f45e693a14dab9e8350e01828e82c8552910f78
61728a26ed31ee47c1921b17413c0b7ad8ea272771d1aea363b26bd1c8f0a0fb
67025a1128251d4947ad57417136dbcf08728349c3edef4775eae17ff6836b98
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
80645a0b5bc949bccc9ad77ba5622abdad9af93d0eacb860542488ab729e9d34
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
8881b27e1175a4b95992bbd7b5f6928793f1e9667e90c2e911ed7aa6250c1522
8d0ded9684cf686a85554d92e51c01703953e205fc217a85d0b737eed4d68cce
96f56ade9633d87709a122b127b8c593d4662b0f06160fc09d98d553fb430fa6
a25ef514af0de20eb5a64b64f1639853525da8538cc5b7cfaf9bbe41e2aeebba
c6da623993503a148a48eeef1ec47a69c22dc74783bd21876bd9158b90a39836
ce4545c430810342be165e906434690f41be190f937ee1afef15e420033af61f
e3395ef075ee4c9d243a2b3ba591a4ec4896f0cc6add2434cb416e19a291f4a4