urlscan.io logo urlscan.io
SecurityTrails logo

arampost.wpengine.com Open in urlscan Pro
34.71.231.198  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.linkedin.com/slink?code=evcJ6qHC?evcJ6qHCevcJ6qHC7147486999435071474869994350MAXAMXAas%22%3E%3Cimg%20src=%22h...
Effective URL: http://arampost.wpengine.com/mrs/naramex/
Submission: On November 04 via manual from SA — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 6 domains to perform 9 HTTP transactions. The main IP is 34.71.231.198, located in Council Bluffs, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is arampost.wpengine.com.
This is the only time arampost.wpengine.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Aramex (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 3 34.71.231.198 396982 (GOOGLE-CL...)
2 94.185.237.70 8190 (MDNX)
1 2001:4de0:ac1... 20446 (STACKPATH...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
9 6
1    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.linkedin.com
3    34.71.231.198 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 198.231.71.34.bc.googleusercontent.com
arampost.wpengine.com
2    94.185.237.70 (United Kingdom)

ASN8190 (MDNX, US)
www.aramex.com
1    2001:4de0:ac18::1:a:1b (Netherlands)

ASN20446 (STACKPATH-CDN, US)
code.jquery.com
2    2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
3 wpengine.com
arampost.wpengine.com
148 KB
2 gstatic.com
fonts.gstatic.com
115 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 118
1 KB
2 aramex.com
www.aramex.com — Cisco Umbrella Rank: 53086
13 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 959
83 KB
1 linkedin.com
www.linkedin.com — Cisco Umbrella Rank: 745
2 KB
9 6
Domain Requested by
3 arampost.wpengine.com 1 redirects arampost.wpengine.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com arampost.wpengine.com
2 www.aramex.com arampost.wpengine.com
1 code.jquery.com arampost.wpengine.com
1 www.linkedin.com 1 redirects
9 6
Subject Issuer Validity Valid
*.aramex.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-02 -
2023-02-25		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-10-17 -
2023-01-09		 3 months crt.sh

This page contains 1 frames:

Primary Page: http://arampost.wpengine.com/mrs/naramex/
Frame ID: 2D7767A2AF37689187E85C12E7B78731
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

خدمة تتبع الشحنات الدولية - أرامكس

Page URL History Show full URLs

  1. https://www.linkedin.com/slink?code=evcJ6qHC?evcJ6qHCevcJ6qHC7147486999435071474869994350MAXAMXAas%22... HTTP 301
    https://arampost.wpengine.com/mrs/naramex HTTP 301
    http://arampost.wpengine.com/mrs/naramex/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

78 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

6
IPs

4
Countries

398 kB
Transfer

1200 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.linkedin.com/slink?code=evcJ6qHC?evcJ6qHCevcJ6qHC7147486999435071474869994350MAXAMXAas%22%3E%3Cimg%20src=%22https://media.licdn.com/dms/image/C4E22AQFKa8npCnq4jQ/feedshare-shrink_800/0/1667490672604?e=1670457600&v=beta&t=-HrXik34JTa4PYXW8d2GegNXw2C1Dc7y6SxDYPV-07w HTTP 301
    https://arampost.wpengine.com/mrs/naramex HTTP 301
    http://arampost.wpengine.com/mrs/naramex/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
arampost.wpengine.com/mrs/naramex/
Redirect Chain
  • https://www.linkedin.com/slink?code=evcJ6qHC?evcJ6qHCevcJ6qHC7147486999435071474869994350MAXAMXAas%22%3E%3Cimg%20src=%22https://media.licdn.com/dms/image/C4E22AQFKa8npCnq4jQ/feedshare-shrink_800/0/...
  • https://arampost.wpengine.com/mrs/naramex
  • http://arampost.wpengine.com/mrs/naramex/
89 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://arampost.wpengine.com/mrs/naramex/
Protocol
HTTP/1.1
Server
34.71.231.198 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.231.71.34.bc.googleusercontent.com
Software
nginx / WP Engine
Resource Hash
80c7685660c603bff6e11cef150abb136940de4201a8e6adc65a3bc14251d467

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
max-age=600, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 04 Nov 2022 12:45:03 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=20
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding Accept-Encoding Accept-Encoding,Cookie
X-Cache
HIT: 2
X-Cache-Group
normal
X-Cacheable
SHORT
X-Powered-By
WP Engine

Redirect headers

cache-control
max-age=600, must-revalidate
content-length
249
content-type
text/html; charset=iso-8859-1
date
Fri, 04 Nov 2022 12:45:03 GMT
location
http://arampost.wpengine.com/mrs/naramex/
server
nginx
x-cache
HIT: 2
x-cache-group
normal
x-cacheable
non200
project-arabic.css
arampost.wpengine.com/mrs/naramex/assets/ 		624 KB
136 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://arampost.wpengine.com/mrs/naramex/assets/project-arabic.css
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/
Protocol
HTTP/1.1
Server
34.71.231.198 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
198.231.71.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
d205680787dbe1b78c79721c7b8c4a21e96909ede63003010907bee1bc78be5d

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/mrs/naramex/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Fri, 04 Nov 2022 12:45:03 GMT
Content-Encoding
gzip
Last-Modified
Mon, 03 Oct 2022 22:34:54 GMT
Server
nginx
ETag
W/"633b638e-9c1a5"
Transfer-Encoding
chunked
Vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=31536000
Connection
keep-alive
Keep-Alive
timeout=20
saudi-arabias-contactus.svg
www.aramex.com/Sitefinity/WebsiteTemplates/aramex/App_Themes/aramex/Images/svg/ 		18 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aramex.com/Sitefinity/WebsiteTemplates/aramex/App_Themes/aramex/Images/svg/saudi-arabias-contactus.svg
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.185.237.70 , United Kingdom, ASN8190 (MDNX, US),
Reverse DNS
Software
/
Resource Hash
d237f4128b2589d9ece69a734db38a0d40918971670ea6be77117eb565d1b7e1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Cteonnt-Length
18729
Date
Fri, 04 Nov 2022 12:44:56 GMT
Content-Encoding
gzip
Last-Modified
Wed, 05 Oct 2022 11:14:10 GMT
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
public
Content-Length
8444
Expires
Fri, 18 Nov 2022 12:44:57 GMT
aramex-logo.svg
www.aramex.com/docs/default-source/site-assets/ 		7 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.aramex.com/docs/default-source/site-assets/aramex-logo.svg
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
94.185.237.70 , United Kingdom, ASN8190 (MDNX, US),
Reverse DNS
Software
/
Resource Hash
e0447aa04943d0d047baf922ce6f286da4e50d62113aa19505f75705a9a46773
Security Headers
Name Value
Content-Security-Policy default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src www.youtube.com https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://connect.facebook.net/ https://snap.licdn.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ http://cdn.pardot.com/ https://info.aramex.com/ https://pi.pardot.com/ aramex.api.sociaplus.com https://npmcdn.com https://app.powerbi.com https://v1.addthisedge.com https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline';img-src * blob: data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action www.facebook.com 'self' 'unsafe-inline'https://tpay1.digitsecure.com/; frame-src dotcomaramexprod.blob.core.windows.net consentcdn.cookiebot.com www.facebook.com 'self' https://app.powerbi.com https://consentcdn.cookiebot.com/ charts3.equitystory.com irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Expires
-1
Pragma
no-cache
Content-Security-Policy
default-src 'self' dotcomaramexprod.blob.core.windows.net ;script-src www.youtube.com https://consentcdn.cookiebot.com/ https://consent.cookiebot.com https://connect.facebook.net/ https://snap.licdn.com/ https://googleads.g.doubleclick.net https://www.googleadservices.com/ http://cdn.pardot.com/ https://info.aramex.com/ https://pi.pardot.com/ aramex.api.sociaplus.com https://npmcdn.com https://app.powerbi.com https://v1.addthisedge.com https://reverse.geocoder.cit.api.here.com dotcomaramexdev.blob.core.windows.net tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval' https://m.addthisedge.com http://js.api.here.com https://code.jquery.com *.facebook.com *.addthis.com www.googletagmanager.com api.sociaplus.com js.cit.api.here.com www.google-analytics.com cdnjs.cloudflare.com tools.euroland.com aramex.api.sociaplus.com 1.pano.maps.cit.api.here.com locationv2.api.sociaplus.com 1.base.maps.cit.api.here.com 1.aerial.maps.cit.api.here.com 1.traffic.maps.cit.api.here.com 1.base.maps.cit.api.here.com route.cit.api.here.com ;style-src 'self' js.api.here.com fonts.googleapis.com js.cit.api.here.com http://js.api.here.com aramex.api.sociaplus.com tagmanager.google.com www.gstatic.com cdnjs.cloudflare.com gamma.euroland.com tools.euroland.com 'unsafe-inline';img-src * blob: data:;font-src 'self' fonts.gstatic.com https: data:; connect-src 'self' https: http:;form-action www.facebook.com 'self' 'unsafe-inline'https://tpay1.digitsecure.com/; frame-src dotcomaramexprod.blob.core.windows.net consentcdn.cookiebot.com www.facebook.com 'self' https://app.powerbi.com https://consentcdn.cookiebot.com/ charts3.equitystory.com irpages2.equitystory.com charts25.equitystory.com qas4.equitystory.com gamma.euroland.com tools.euroland.com tools.eurolandir.com aramex.api.sociaplus.com api.sociaplus.com *.addthis.com www.youtube.com aramex-fior.typeform.com qas4.equitystory.com charts25.equitystory.com
Date
Fri, 04 Nov 2022 12:44:57 GMT
Referrer-Policy
strict-origin-when-cross-origin
Content-Encoding
gzip
ntCoent-Length
7280
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
no-cache
Content-Disposition
inline; filename=aramex-logo.svg
Content-Length
2274
X-UA-Compatible
IE=edge
jquery-3.6.1.js
code.jquery.com/ 		283 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.1.js
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1b , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
df3941e6cdaec28533ad72b7053ec05f7172be88ecada345c42736bc2ffba4d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 04 Nov 2022 12:45:04 GMT
content-encoding
gzip
last-modified
Fri, 26 Aug 2022 17:36:05 GMT
server
nginx
etag
W/"63090485-46c14"
vary
Accept-Encoding
x-hw
1667565904.dop143.fr8.t,1667565904.cds160.fr8.hn,1667565904.cds223.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
85058
droidarabickufi.css
fonts.googleapis.com/earlyaccess/ 		1 KB
717 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/earlyaccess/droidarabickufi.css
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/assets/project-arabic.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
06eb9b648fd1429d0cef25265009259c35f053a76118194b4073c98e161812be
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 04 Nov 2022 12:45:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
expires
Fri, 04 Nov 2022 12:45:04 GMT
notokufiarabic.css
fonts.googleapis.com/earlyaccess/ 		4 KB
572 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/earlyaccess/notokufiarabic.css
Requested by
Host: arampost.wpengine.com
URL: http://arampost.wpengine.com/mrs/naramex/assets/project-arabic.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
813c2766f40d0f09656144d36dcc80ab040cf82488f887746c74f0d78039ddd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 04 Nov 2022 12:45:04 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 04 Nov 2022 11:42:55 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 04 Nov 2022 12:45:04 GMT
truncated
/ 		22 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
562c90a81e4d9f0878ebca0479762fc65b44ab95f9b275973228b6233bc920d4

Request headers

accept-language
de-DE,de;q=0.9
Referer
http://arampost.wpengine.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/jpeg
DroidKufi-Regular.woff2
fonts.gstatic.com/ea/droidarabickufi/v6/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/ea/droidarabickufi/v6/DroidKufi-Regular.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/earlyaccess/droidarabickufi.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a7b09bb9c8e8e2fb189204e08ed94bd8096c118780b5e926847cf2748ca7c5c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://arampost.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 19:01:39 GMT
x-content-type-options
nosniff
age
236605
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31248
x-xss-protection
0
last-modified
Wed, 13 Aug 2014 16:50:04 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
vary
Accept-Encoding
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Nov 2023 19:01:39 GMT
truncated
/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
739f9163d22610c132fd50176539bc522fa31c9c638e824c62a3ee56f1f80df0

Request headers

Referer
http://arampost.wpengine.com/
Origin
http://arampost.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
CSRk4ydQnPyaDxEXLFF6LZVLKrodrOYFFg.woff2
fonts.gstatic.com/s/notokufiarabic/v15/ 		84 KB
84 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/notokufiarabic/v15/CSRk4ydQnPyaDxEXLFF6LZVLKrodrOYFFg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/earlyaccess/notokufiarabic.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea591f0d4d85b2fc80db86a816a83f9d206faa51d4bad44025bff11057dff992
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
http://arampost.wpengine.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 01:25:00 GMT
x-content-type-options
nosniff
age
300004
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
86024
x-xss-protection
0
last-modified
Mon, 18 Jul 2022 19:16:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 01 Nov 2023 01:25:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Aramex (Transportation)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation function| addLoadEvent function| $ function| jQuery

4 Cookies

Domain/Path Name / Value
.linkedin.com/ Name: bcookie
Value: "v=2&c8f0edcd-62bb-4db3-8a73-9a7af45739b7"
.www.linkedin.com/ Name: bscookie
Value: "v=1&202211041245020110688e-c09a-4ab9-8a1e-46e2954ca46eAQF_utUIzB7emxol85khw8CdFRhCg_cA"
.linkedin.com/ Name: li_gc
Value: MTswOzE2Njc1NjU5MDI7MjswMjGmLGLTlufNLHkS1VyQl0qovPBP22YlqnzX6DHLbrZQPg==
.linkedin.com/ Name: lidc
Value: "b=OGST00:s=O:r=O:a=O:p=O:g=2842:u=1:x=1:i=1667565902:t=1667652302:v=2:sig=AQH5tDzCP_u6X9oVyrizjiZLqU6_FY0m"