urlscan.io logo urlscan.io
SecurityTrails logo

aliahmad.rurl.me Open in urlscan Pro
52.89.45.200  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://aliahmad.rurl.me/smsat
Submission Tags: @phish_report
Submission: On April 03 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 52.89.45.200, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is aliahmad.rurl.me.
TLS certificate: Issued by Amazon RSA 2048 M03 on November 12th 2023. Valid for: a year.
This is the only time aliahmad.rurl.me was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Community Verdicts: Malicious1 votes Show Verdicts

Domain & IP information

IP Address AS Autonomous System
2 52.89.45.200 16509 (AMAZON-02)
4 54.184.18.72 16509 (AMAZON-02)
3 104.18.11.207 13335 (CLOUDFLAR...)
1 172.217.16.193 15169 (GOOGLE)
10 4
Apex Domain
Subdomains		 Transfer
4 linktrackr.com
ww3.linktrackr.com
256 KB
3 bootstrapcdn.com
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3610
30 KB
2 rurl.me
aliahmad.rurl.me
10 KB
1 blogspot.com
semsashgg6.blogspot.com
10 4
Domain Requested by
4 ww3.linktrackr.com aliahmad.rurl.me
3 netdna.bootstrapcdn.com aliahmad.rurl.me
2 aliahmad.rurl.me
1 semsashgg6.blogspot.com aliahmad.rurl.me
10 4

This site contains no links.

Subject Issuer Validity Valid
*.rurl.me
Amazon RSA 2048 M03		 2023-11-12 -
2024-12-10		 a year crt.sh
*.linktrackr.com
Amazon RSA 2048 M03		 2023-12-29 -
2025-01-27		 a year crt.sh
bootstrapcdn.com
GTS CA 1P5		 2024-03-27 -
2024-06-25		 3 months crt.sh
misc-sni.blogspot.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://aliahmad.rurl.me/smsat
Frame ID: 0FDF64068CB780A6FEC74A1A1E8E830E
Requests: 9 HTTP requests in this frame

Frame: https://semsashgg6.blogspot.com/
Frame ID: 4025AD40B77CBCF58B96E2C1BB063E32
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

سمسا | الرئيسية

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

295 kB
Transfer

427 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request smsat
aliahmad.rurl.me/ 		4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.45.200 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-45-200.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 / PHP/5.6.36
Resource Hash
f2483afd49e9004395b5cd3633c3060c54dc58061810b1b6c4d3976b6f7640b2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fi-FI,fi;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/html; charset=UTF-8
date
Wed, 03 Apr 2024 19:39:03 GMT
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
server
nginx/1.13.5
x-powered-by
PHP/5.6.36
bootstrap.css
ww3.linktrackr.com/assets/css/ 		121 KB
121 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ww3.linktrackr.com/assets/css/bootstrap.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.184.18.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-18-72.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 /
Resource Hash
61ea58cd7134682d95db15f67b6a9192e75d332a94fc7744b740c366f36968d6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
last-modified
Mon, 09 Jul 2018 16:48:39 GMT
server
nginx/1.13.5
accept-ranges
bytes
etag
"5b4391e7-1e2d1"
content-length
123601
content-type
text/css
bootstrap-responsive.css
ww3.linktrackr.com/assets/css/ 		22 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ww3.linktrackr.com/assets/css/bootstrap-responsive.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.184.18.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-18-72.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 /
Resource Hash
f4595e323e326540544ff51287f9956c37982fad4fcfff2108a3b39c548309bb

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
last-modified
Mon, 09 Jul 2018 16:48:39 GMT
server
nginx/1.13.5
accept-ranges
bytes
etag
"5b4391e7-565f"
content-length
22111
content-type
text/css
font-awesome.css
ww3.linktrackr.com/assets/css/ 		21 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ww3.linktrackr.com/assets/css/font-awesome.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.184.18.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-18-72.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 /
Resource Hash
3083e8d3b21ddc3f0e6d65ec3580aa6edfaadca5d9737d9caa27e6a233e1ccf3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
last-modified
Mon, 09 Jul 2018 16:48:39 GMT
server
nginx/1.13.5
accept-ranges
bytes
etag
"5b4391e7-549a"
content-length
21658
content-type
text/css
font-awesome.css
netdna.bootstrapcdn.com/font-awesome/3.2.1/css/ 		27 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
22a22e76f4de930e54dd33af00c71b68828847409e5e79787df5224dd9776c6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
601
age
11468716
cdn-cachedat
08/03/2021 17:42:29
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:51 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
9026c9e4abb125cb82a6f9e5488a7cfc
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
86eb85c71f708d70-HEL
cdn-requestpullsuccess
True
font-awesome.css
netdna.bootstrapcdn.com/font-awesome/4.0.3/css/ 		21 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/font-awesome/4.0.3/css/font-awesome.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3083e8d3b21ddc3f0e6d65ec3580aa6edfaadca5d9737d9caa27e6a233e1ccf3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
756
age
11542247
cdn-cachedat
09/09/2023 15:04:09
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:53 GMT
cdn-proxyver
1.04
cdn-requestpullcode
200
server
cloudflare
etag
W/"1f9e9d1a5a1d347d945ef4b7727f2ea0"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
712ee4b3c17826367971d61ec7639739
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
86eb85c71f728d70-HEL
cdn-requestpullsuccess
True
bootstrap-combined.no-icons.min.css
netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/ 		116 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/twitter-bootstrap/2.3.2/css/bootstrap-combined.no-icons.min.css
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75a721f6f467fcda98080593f318b78ff31558e822d283d473cabd3ad0d49b24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
601
age
11468848
cdn-cachedat
08/03/2021 13:26:07
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:05:01 GMT
cdn-proxyver
1.0
cdn-requestpullcode
200
server
cloudflare
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
b6ea5ef779bb3c6d58c6f87bad8a05ce
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
86eb85c71f738d70-HEL
cdn-requestpullsuccess
True
jquery.js
ww3.linktrackr.com/assets/js/ 		91 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ww3.linktrackr.com/assets/js/jquery.js
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.184.18.72 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-184-18-72.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 /
Resource Hash
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:04 GMT
last-modified
Mon, 09 Jul 2018 16:48:39 GMT
server
nginx/1.13.5
accept-ranges
bytes
etag
"5b4391e7-16dc5"
content-length
93637
content-type
application/javascript; charset=utf-8
/
semsashgg6.blogspot.com/ Frame 4025 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://semsashgg6.blogspot.com/
Requested by
Host: aliahmad.rurl.me
URL: https://aliahmad.rurl.me/smsat
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.16.193 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s65-in-f1.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://aliahmad.rurl.me/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
fi-FI,fi;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
gzip
content-length
63862
content-type
text/html; charset=UTF-8
date
Wed, 03 Apr 2024 19:39:06 GMT
etag
W/"90a15de5ff4e2f430afef479ac5da39efc534f2c0082c8cb1d29cc38dcd5d251"
expires
Wed, 03 Apr 2024 19:39:06 GMT
last-modified
Wed, 03 Apr 2024 17:26:03 GMT
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
favicon.ico
aliahmad.rurl.me/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aliahmad.rurl.me/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.89.45.200 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-89-45-200.us-west-2.compute.amazonaws.com
Software
nginx/1.13.5 /
Resource Hash
b5f24ed4da289c9fa70a08f964a8672f33a0029f36e4039fd34d0800be781903

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://aliahmad.rurl.me/smsat
accept-language
fi-FI,fi;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Apr 2024 19:39:08 GMT
last-modified
Mon, 09 Jul 2018 16:48:39 GMT
server
nginx/1.13.5
accept-ranges
bytes
etag
"5b4391e7-114d"
content-length
4429
content-type
image/x-icon

Verdicts & Comments Add Verdict or Comment

Malicious page.url
Submitted on April 3rd 2024, 7:42:35 pm UTC — From Saudi Arabia

Threats: Phishing Scam
Comment: this websites https://aliahmad.rurl.me/smsat claiming to be smsa shipping company in Saudi Arabia and this is fake and phishing and not true at all the Website asks for private information such as credit card number and password all of this Is to steal the victim money see this picture on this link https://i.ibb.co/0MQ83RQ/Screenshot-Samsung-Internet.png the real website for smsa shipping company in Saudi Arabia is https://www.smsaexpress.com/sa/

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| main function| registerEvents function| resizeIframe function| WindowHeight function| getObjHeight object| jQuery18308568086360247213

3 Cookies

Domain/Path Name / Value
aliahmad.rurl.me/ Name: lt_vi
Value: 660db0578088a4.61535162
aliahmad.rurl.me/ Name: lt_vsi11606
Value: 660db0578331d6.14307644
aliahmad.rurl.me/ Name: ltn
Value: Uo4NLKHVH0HJ%2FiNYgf%2FDw4h01XGJMj1esA3lSOF2w4aV2CtSHmYcyEJQBUjlSNJZ05z0jT3sLoekdAeItICcriu3j5th6wBaRLDDrr3Oo2VVVpJrxoFh1Y22bfUEt291OZdTeT0lsoGwv2FWYXAgU1%2BPSK%2BC6%2B7Tlgjmw6zW4tesbtK6Hj1DOFxNqWVLZ%2By1lrt8j%2FL2ihxViRUsAKUkQhrL01dg%2BSIM1z5Lttlj8zsOkEOXK4Uk9%2Fc89yG3cZ%2ByQR4yZ7jcT0GhgmMW0zjgOjdvWHs6%2Bxu2%2BqLrjdKFRzU%3D