![](/screenshots/1e24d911-bbb4-40b8-ac41-d8531169def3.png)
almanahel-eg.com
Open in
urlscan Pro
167.86.110.237
Malicious Activity!
Public Scan
Effective URL: https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506...
Submission: On May 20 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on May 19th 2020. Valid for: 3 months.
This is the only time almanahel-eg.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 4 | 95.217.58.146 95.217.58.146 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 3 | 167.86.110.237 167.86.110.237 | 51167 (CONTABO) (CONTABO) | |
1 | 2606:4700::68... 2606:4700::6810:84e5 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2600:3c01::f0... 2600:3c01::f03c:91ff:fe79:43b | 63949 (LINODE-AP...) (LINODE-AP Linode) | |
5 | 5 |
ASN24940 (HETZNER-AS, DE)
PTR: static.146.58.217.95.clients.your-server.de
landportal.org |
ASN51167 (CONTABO, DE)
PTR: mail.semicolon-solutions.com
almanahel-eg.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
landportal.org
3 redirects
landportal.org |
654 B |
3 |
almanahel-eg.com
1 redirects
almanahel-eg.com |
361 KB |
1 |
jsonip.com
jsonip.com |
453 B |
1 |
cloudflare.com
cdnjs.cloudflare.com |
73 KB |
5 | 4 |
Domain | Requested by | |
---|---|---|
4 | landportal.org | 3 redirects |
3 | almanahel-eg.com | 1 redirects |
1 | jsonip.com |
cdnjs.cloudflare.com
|
1 | cdnjs.cloudflare.com |
almanahel-eg.com
|
5 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
landportal.org Let's Encrypt Authority X3 |
2020-03-31 - 2020-06-29 |
3 months | crt.sh |
almanahel-eg.com Let's Encrypt Authority X3 |
2020-05-19 - 2020-08-17 |
3 months | crt.sh |
cloudflare.com CloudFlare Inc ECC CA-2 |
2020-01-07 - 2020-10-09 |
9 months | crt.sh |
jsonip.com Let's Encrypt Authority X3 |
2020-04-29 - 2020-07-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Frame ID: 866637D74BCCBD92CE454F9255DB6726
Requests: 9 HTTP requests in this frame
Screenshot
![](/screenshots/1e24d911-bbb4-40b8-ac41-d8531169def3.png)
Page URL History Show full URLs
-
http://landportal.org/ssl
HTTP 302
https://landportal.org/ssl HTTP 301
http://landportal.org/ssl/ HTTP 302
https://landportal.org/ssl/ Page URL
-
https://almanahel-eg.com/ofc/
HTTP 303
https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a354... Page URL
- https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a... Page URL
Detected technologies
![](/vendor/wappa/icons/Debian.png)
Detected patterns
- headers server /Debian/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://landportal.org/ssl
HTTP 302
https://landportal.org/ssl HTTP 301
http://landportal.org/ssl/ HTTP 302
https://landportal.org/ssl/ Page URL
-
https://almanahel-eg.com/ofc/
HTTP 303
https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4 Page URL
- https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://landportal.org/ssl HTTP 302
- https://landportal.org/ssl HTTP 301
- http://landportal.org/ssl/ HTTP 302
- https://landportal.org/ssl/
- https://almanahel-eg.com/ofc/ HTTP 303
- https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
5 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
landportal.org/ssl/ Redirect Chain
|
76 B 199 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
r.php
almanahel-eg.com/ofc/ Redirect Chain
|
222 B 585 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
almanahel-eg.com/ofc/s/ |
542 KB 360 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ |
257 KB 73 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
383 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
/
jsonip.com/ |
152 B 453 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress string| x2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
almanahel-eg.com/ | Name: PHPSESSID Value: f52e385ac781a551d8af59472b6d6dbd |
|
almanahel-eg.com/ofc/s | Name: ip11 Value: 2a01:4f8:192:5414::2 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
almanahel-eg.com
cdnjs.cloudflare.com
jsonip.com
landportal.org
167.86.110.237
2600:3c01::f03c:91ff:fe79:43b
2606:4700::6810:84e5
95.217.58.146
1beeb0ac5c6b927a0b60777818ea73abcdc797fec781b1eecd34507206674a9b
3a19301fd606d78d60b4bd8609a25849f63c8fc20b16fe6d0062fb6f70457b0b
532c9758db299f4555be03965ca28ef919e90170fbec4b0db2a0cd577641fe3c
73659e77f9bb992741d43775ce94bfc0e5973a63fcc45574b2151d921e662d8b
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
a04d5852c848bffc3b70d8366d5838027d28243e9ab2fe82d1608f9f331f7846
cda4e5020e3988ecad1deb564406e33e25f99371d4279a2b66a8e68d687d993c
dc22cb90c5bbee3aaf5562155e40c53d2c0213d0f5247261acdd2d88c9878a27
eb3727e3721aacab36d313849e0cf752bfc844fe01756d0e7ffd29bb20ddedde