urlscan.io logo urlscan.io
SecurityTrails logo

almanahel-eg.com Open in urlscan Pro
167.86.110.237  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://landportal.org/ssl
Effective URL: https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506...
Submission: On May 20 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 167.86.110.237, located in Nuremberg, Germany and belongs to CONTABO, DE. The main domain is almanahel-eg.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on May 19th 2020. Valid for: 3 months.
This is the only time almanahel-eg.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

IP Address AS Autonomous System
3 4 95.217.58.146 24940 (HETZNER-AS)
1 3 167.86.110.237 51167 (CONTABO)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:3c01::f0... 63949 (LINODE-AP...)
5 5
Apex Domain
Subdomains		 Transfer
4 landportal.org
landportal.org
654 B
3 almanahel-eg.com
almanahel-eg.com
361 KB
1 jsonip.com
jsonip.com
453 B
1 cloudflare.com
cdnjs.cloudflare.com
73 KB
5 4
Domain Requested by
4 landportal.org 3 redirects
3 almanahel-eg.com 1 redirects
1 jsonip.com cdnjs.cloudflare.com
1 cdnjs.cloudflare.com almanahel-eg.com
5 4

This site contains no links.

Subject Issuer Validity Valid
landportal.org
Let's Encrypt Authority X3		 2020-03-31 -
2020-06-29		 3 months crt.sh
almanahel-eg.com
Let's Encrypt Authority X3		 2020-05-19 -
2020-08-17		 3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
jsonip.com
Let's Encrypt Authority X3		 2020-04-29 -
2020-07-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Frame ID: 866637D74BCCBD92CE454F9255DB6726
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://landportal.org/ssl HTTP 302
    https://landportal.org/ssl HTTP 301
    http://landportal.org/ssl/ HTTP 302
    https://landportal.org/ssl/ Page URL
  2. https://almanahel-eg.com/ofc/ HTTP 303
    https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a354... Page URL
  3. https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Debian/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

5
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

5
IPs

3
Countries

434 kB
Transfer

1203 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://landportal.org/ssl HTTP 302
    https://landportal.org/ssl HTTP 301
    http://landportal.org/ssl/ HTTP 302
    https://landportal.org/ssl/ Page URL
  2. https://almanahel-eg.com/ofc/ HTTP 303
    https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4 Page URL
  3. https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://landportal.org/ssl HTTP 302
  • https://landportal.org/ssl HTTP 301
  • http://landportal.org/ssl/ HTTP 302
  • https://landportal.org/ssl/
Request Chain 1
  • https://almanahel-eg.com/ofc/ HTTP 303
  • https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
landportal.org/ssl/
Redirect Chain
  • http://landportal.org/ssl
  • https://landportal.org/ssl
  • http://landportal.org/ssl/
  • https://landportal.org/ssl/
76 B
199 B 		Document
General
Check archive.org
Download Go to
Full URL
https://landportal.org/ssl/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
95.217.58.146 , Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.58.217.95.clients.your-server.de
Software
Apache/2.4.25 (Debian) /
Resource Hash
eb3727e3721aacab36d313849e0cf752bfc844fe01756d0e7ffd29bb20ddedde
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
landportal.org
:scheme
https
:path
/ssl/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
accept-ranges
bytes
content-encoding
gzip
content-type
text/html
date
Wed, 20 May 2020 11:19:35 GMT
etag
"4c-5a611b2349a80-gzip"
last-modified
Wed, 20 May 2020 10:16:58 GMT
server
Apache/2.4.25 (Debian)
vary
Accept-Encoding
x-content-type-options
nosniff
content-length
96

Redirect headers

Location
https://landportal.org:443/ssl/
Date
Wed, 20 May 2020 11:19:35 GMT
Content-Length
5
Content-Type
text/plain; charset=utf-8
r.php
almanahel-eg.com/ofc/
Redirect Chain
  • https://almanahel-eg.com/ofc/
  • https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
222 B
585 B 		Document
General
Check archive.org
Download Go to
Full URL
https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.86.110.237 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
mail.semicolon-solutions.com
Software
nginx / PHP/7.2.23
Resource Hash
1beeb0ac5c6b927a0b60777818ea73abcdc797fec781b1eecd34507206674a9b

Request headers

Host
almanahel-eg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://landportal.org/ssl/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=f52e385ac781a551d8af59472b6d6dbd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://landportal.org/ssl/

Response headers

Server
nginx
Date
Wed, 20 May 2020 11:19:37 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=60
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.23
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Server
nginx
Date
Wed, 20 May 2020 11:19:37 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=60
X-Powered-By
PHP/7.2.23
Set-Cookie
PHPSESSID=f52e385ac781a551d8af59472b6d6dbd; path=/
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
LOCATION
./r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Primary Request /
almanahel-eg.com/ofc/s/ 		542 KB
360 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
167.86.110.237 Nuremberg, Germany, ASN51167 (CONTABO, DE),
Reverse DNS
mail.semicolon-solutions.com
Software
nginx / PHP/7.2.23
Resource Hash
532c9758db299f4555be03965ca28ef919e90170fbec4b0db2a0cd577641fe3c

Request headers

Host
almanahel-eg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-origin
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=f52e385ac781a551d8af59472b6d6dbd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://almanahel-eg.com/ofc/r.php?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4

Response headers

Server
nginx
Date
Wed, 20 May 2020 11:19:37 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Keep-Alive
timeout=60
Vary
Accept-Encoding
X-Powered-By
PHP/7.2.23
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip
jquery.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/ 		257 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Requested by
Host: almanahel-eg.com
URL: https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:84e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8eb3cb67ef2f0f1b76167135cef6570a409c79b23f0bc0ede71c9a4018f1408a
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 20 May 2020 11:19:37 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
3386571
status
200
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
cf-request-id
02d36886c00000dff71b88e200000001
served-in-seconds
0.004
timing-allow-origin
*
last-modified
Thu, 17 May 2018 09:21:00 GMT
server
cloudflare
etag
W/"5afd497c-40464"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5965a9eacfe4dff7-FRA
expires
Mon, 10 May 2021 11:19:37 GMT
truncated
/ 		383 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73659e77f9bb992741d43775ce94bfc0e5973a63fcc45574b2151d921e662d8b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
/
jsonip.com/ 		152 B
453 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery30005870488164011616_1589973577461&_=1589973577462
Requested by
Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0/jquery.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:3c01::f03c:91ff:fe79:43b , United States, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
dc22cb90c5bbee3aaf5562155e40c53d2c0213d0f5247261acdd2d88c9878a27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

Referer
https://almanahel-eg.com/ofc/s/?signin=d41d8cd98f00b204e9800998ecf8427e&auth=a92ee75f25e9c62d2a35484a1e58f916e5e899c61506e69b5fee11554009a842052a82d4
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 20 May 2020 11:19:37 GMT
Server
nginx/1.16.1
Strict-Transport-Security
max-age=31536000;
Access-Control-Allow-Methods
GET
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Connection
keep-alive
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a19301fd606d78d60b4bd8609a25849f63c8fc20b16fe6d0062fb6f70457b0b

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		10 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a04d5852c848bffc3b70d8366d5838027d28243e9ab2fe82d1608f9f331f7846

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cda4e5020e3988ecad1deb564406e33e25f99371d4279a2b66a8e68d687d993c

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Microsoft (Consumer)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| getIPAddress string| x

2 Cookies

Domain/Path Name / Value
almanahel-eg.com/ Name: PHPSESSID
Value: f52e385ac781a551d8af59472b6d6dbd
almanahel-eg.com/ofc/s Name: ip11
Value: 2a01:4f8:192:5414::2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff