app-royalmail.com Open in urlscan Pro
101.99.94.239 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://app-royalmail.com/LOGIN/
Submission: On October 23 via automatic, source openphish (October 23rd 2021, 1:13:02 am UTC) — Scanned from DE

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 101.99.94.239, located in Malaysia and belongs to VERDINA, BZ. The main domain is app-royalmail.com.

This is the only time app-royalmail.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Royal Mail (Government)

Domain & IP information

	IP Address		AS Autonomous System
1 14	101.99.94.239 101.99.94.239		201133 (VERDINA) (VERDINA)
13	1

14 101.99.94.239 (Malaysia) 1 redirects

ASN201133 (VERDINA, BZ)
PTR: server1.kamon.la

app-royalmail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	app-royalmail.com 1 redirects app-royalmail.com	101 KB
13	1

	Domain	Requested by
14	app-royalmail.com	1 redirects app-royalmail.com
13	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 2 frames:

Primary Page: http://app-royalmail.com/LOGIN/
Frame ID: A11D24D9881A9D0388183F23F30759B8
Requests: 12 HTTP requests in this frame

Frame: http://app-royalmail.com/LOGIN/files/sm.htm
Frame ID: 8F9CDBD6CA18995390423BA61833AB82
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log in | Royal Mail Group Ltd

Page URL History Show full URLs

http://app-royalmail.com/LOGIN HTTP 301
http://app-royalmail.com/LOGIN/ Page URL

Page Statistics

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

101 kB
Transfer

681 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app-royalmail.com/LOGIN HTTP 301
http://app-royalmail.com/LOGIN/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response app-royalmail.com/LOGIN/ Redirect Chain http://app-royalmail.com/LOGIN http://app-royalmail.com/LOGIN/	21 KB 4 KB	36ms 36ms	Document text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/LOGIN/ Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `2b705efd6d2aae82c61db4b68cc95601cf230df364442485229d0612ad141810` Request headers Host app-royalmail.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Server Apache Vary Accept-Encoding Content-Encoding gzip Content-Length 3661 Keep-Alive timeout=5, max=99 Connection Keep-Alive Content-Type text/html; charset=UTF-8 Redirect headers Date Sat, 23 Oct 2021 01:12:57 GMT Server Apache Location http://app-royalmail.com/LOGIN/ Content-Length 239 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	200 OK	css_RSAZIuEdDd7aQm_IqOTjx9-cKGbPOhL8S80f_HoLW-M.css app-royalmail.com/LOGIN/files/	32 KB 7 KB	35ms 35ms	Stylesheet text/css	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/LOGIN/files/css_RSAZIuEdDd7aQm_IqOTjx9-cKGbPOhL8S80f_HoLW-M.css Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/ Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `45201922e11d0ddeda426fc8a8e4e3c7df9c2866cf3a12fc4bcd1ffc7a0b5be3` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept text/css,/;q=0.1 Referer http://app-royalmail.com/LOGIN/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Content-Encoding gzip Last-Modified Fri, 22 Oct 2021 01:40:32 GMT Server Apache ETag "8136-5cee718c6c400-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 6775
GET H/1.1	200 OK	css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css app-royalmail.com/LOGIN/files/	615 KB 77 KB	117ms 87ms	Stylesheet text/css	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/ Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `dddf00a3e90f28d805fac7ef4d7dc8b3db39929b2fc3617087910381e5cff849` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept text/css,/;q=0.1 Referer http://app-royalmail.com/LOGIN/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Content-Encoding gzip Last-Modified Fri, 22 Oct 2021 01:52:14 GMT Server Apache ETag "99d04-5cee7429e6f80-gzip" Vary Accept-Encoding Content-Type text/css Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100
GET H/1.1	200 OK	logo.png app-royalmail.com/LOGIN/files/	12 KB 13 KB	95ms 62ms	Image image/png	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL http://app-royalmail.com/LOGIN/files/logo.png Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/ Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://app-royalmail.com/LOGIN/ Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Last-Modified Fri, 22 Oct 2021 01:40:32 GMT Server Apache ETag "31ae-5cee718c6c400" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 12718
GET H/1.1	404 Not Found	sm.htm Show response app-royalmail.com/LOGIN/files/ Frame 8F9C	196 B 397 B	90ms 62ms	Document text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/LOGIN/files/sm.htm Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/ Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Host app-royalmail.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Referer http://app-royalmail.com/LOGIN/ Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/ Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Server Apache Content-Length 196 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	chevin-medium.woff app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-medium/	0 0	32ms 32ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-medium/chevin-medium.woff Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	search-white.svg app-royalmail.com/themes/custom/rmlcwr/icons_fill/	196 B 196 B	32ms 32ms	Image text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL http://app-royalmail.com/themes/custom/rmlcwr/icons_fill/search-white.svg Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:57 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	rml-textured-background.png app-royalmail.com/themes/custom/rmlcwr/textures/	196 B 196 B	31ms 31ms	Image text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Show image Full URL http://app-royalmail.com/themes/custom/rmlcwr/textures/rml-textured-background.png Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash `80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept image/avif,image/webp,image/apng,image/svg+xml,image/,/;q=0.8 Referer* http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Cache-Control no-cache Accept-Language de-DE,de;q=0.9 Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	pfdintextstd-bold-webfont.woff app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/	0 0	31ms 31ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.woff Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	chevin-bold.woff app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/	0 0	56ms 31ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.woff Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	chevin-medium.ttf app-royalmail.com/themes/custom/rmlcwr/fonts/chevin-medium/	0 0	32ms 31ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin-medium/chevin-medium.ttf Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=98 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	pfdintextstd-bold-webfont.ttf app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/	0 0	32ms 32ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.ttf Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=96 Content-Length 196 Content-Type text/html; charset=iso-8859-1
GET H/1.1	404 Not Found	chevin-bold.ttf app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/	0 0	31ms 31ms	Font text/html	101.99.94.239 VERDINA
General Check archive.org Show headers Download Go to Full URL http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.ttf Requested by Host: app-royalmail.com URL: http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Protocol HTTP/1.1 Server 101.99.94.239 , Malaysia, ASN201133 (VERDINA, BZ), Reverse DNS server1.kamon.la Software Apache / Resource Hash Request headers Pragma no-cache Origin http://app-royalmail.com Accept-Encoding gzip, deflate Host app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Accept / Cache-Control no-cache Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Connection keep-alive Referer http://app-royalmail.com/LOGIN/files/css_8C-Jf8ZRrm9oRj6aBGmwdG-PYA0fjAa6HPuk7pW5XXA.css Origin http://app-royalmail.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36 Response headers Date Sat, 23 Oct 2021 01:12:58 GMT Server Apache Connection Keep-Alive Keep-Alive timeout=5, max=97 Content-Length 196 Content-Type text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Royal Mail (Government)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect boolean| originAgentCluster

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://app-royalmail.com/LOGIN/files/sm.htm Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-medium/chevin-medium.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/icons_fill/search-white.svg Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/textures/rml-textured-background.png Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.woff Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin-medium/chevin-medium.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: http://app-royalmail.com/themes/custom/rmlcwr/fonts/chevin/chevin-bold/chevin-bold.ttf Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app-royalmail.com
101.99.94.239
2b705efd6d2aae82c61db4b68cc95601cf230df364442485229d0612ad141810
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
45201922e11d0ddeda426fc8a8e4e3c7df9c2866cf3a12fc4bcd1ffc7a0b5be3
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880
dddf00a3e90f28d805fac7ef4d7dc8b3db39929b2fc3617087910381e5cff849

app-royalmail.com Open in urlscan Pro 101.99.94.239 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

13 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

101 kBTransfer

681 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

9 Console Messages

Indicators

app-royalmail.com Open in urlscan Pro
101.99.94.239 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

101 kB
Transfer

681 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!