urlscan.io logo urlscan.io
SecurityTrails logo

sp-ksa.xyz Open in urlscan Pro
157.90.118.146  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
Effective URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Submission: On February 24 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 20 HTTP transactions. The main IP is 157.90.118.146, located in Germany and belongs to HETZNER-AS, DE. The main domain is sp-ksa.xyz.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 23rd 2021. Valid for: 3 months.
This is the only time sp-ksa.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saudi Post (Government)

Domain & IP information

IP Address AS Autonomous System
1 2 34.95.109.120 15169 (GOOGLE)
1 13.224.195.99 16509 (AMAZON-02)
1 188.165.150.177 16276 (OVH)
1 1 198.38.82.73 23352 (SERVERCEN...)
1 16 157.90.118.146 24940 (HETZNER-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:20e... 16509 (AMAZON-02)
20 6
2    34.95.109.120 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 120.109.95.34.bc.googleusercontent.com
clk.tradedoubler.com
1    13.224.195.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-99.fra2.r.cloudfront.net
vht.tradedoubler.com
1    188.165.150.177 (France)

ASN16276 (OVH, FR)
PTR: lb01.net.royalcactus.com
analytics.tradedoubler.com
1    198.38.82.73 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: mocha3022-web1.my-hosting-panel.com
coolroofstiles.com
16    157.90.118.146 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.146.118.90.157.clients.your-server.de
sp-ksa.xyz
1    2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2600:9000:20eb:a200:12:94b3:c380:93a1 (United States)

ASN16509 (AMAZON-02, US)
images.ctfassets.net
Domain Requested by
16 sp-ksa.xyz 1 redirects sp-ksa.xyz
2 clk.tradedoubler.com 1 redirects
1 images.ctfassets.net sp-ksa.xyz
1 ajax.googleapis.com sp-ksa.xyz
1 coolroofstiles.com 1 redirects
1 analytics.tradedoubler.com vht.tradedoubler.com
1 vht.tradedoubler.com clk.tradedoubler.com
20 7

This site contains no links.

Subject Issuer Validity Valid
*.tradedoubler.com
R3		 2021-01-23 -
2021-04-23		 3 months crt.sh
sp-ksa.xyz
cPanel, Inc. Certification Authority		 2021-02-23 -
2021-05-24		 3 months crt.sh
upload.video.google.com
GTS CA 1O1		 2021-01-26 -
2021-04-20		 3 months crt.sh
images.ctfassets.net
Amazon		 2020-04-17 -
2021-05-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Frame ID: C4375B7302953463D3E0252BE7872C36
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includ... Page URL
  2. https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includ... HTTP 302
    https://coolroofstiles.com/wp-includes/csq/ HTTP 302
    https://sp-ksa.xyz/saudi-post/?pwd=nic HTTP 302
    https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<[^>]+(?:https?:)?\/\/(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • headers via /^1\.1 google$/i
Overall confidence: 100%
Detected patterns
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

20
Requests

100 %
HTTPS

29 %
IPv6

5
Domains

7
Subdomains

6
IPs

3
Countries

1599 kB
Transfer

1655 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/ Page URL
  2. https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/ HTTP 302
    https://coolroofstiles.com/wp-includes/csq/ HTTP 302
    https://sp-ksa.xyz/saudi-post/?pwd=nic HTTP 302
    https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
click
clk.tradedoubler.com/ 		960 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.95.109.120 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
120.109.95.34.bc.googleusercontent.com
Software
TXServerHttp /
Resource Hash
8faf08e63ebd2122321177c350aa104283ec6542fb340fa82d6475261bc88c53

Request headers

:method
GET
:authority
clk.tradedoubler.com
:scheme
https
:path
/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=ISO-8859-1
server
TXServerHttp
access-control-allow-origin
*
cache-control
private, max-age=0
pragma
no-cache
p3p
policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
referrer-policy
origin
date
Wed, 24 Feb 2021 13:10:09 GMT
content-length
960
via
1.1 google
alt-svc
clear
prefs.js
vht.tradedoubler.com/fp/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://vht.tradedoubler.com/fp/prefs.js
Requested by
Host: clk.tradedoubler.com
URL: https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.224.195.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-195-99.fra2.r.cloudfront.net
Software
Apache /
Resource Hash

Request headers

Referer
https://clk.tradedoubler.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Sun, 21 Feb 2021 03:44:37 GMT
Content-Encoding
gzip
Age
293132
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Mon, 15 Oct 2018 09:28:46 GMT
Server
Apache
ETag
W/"2509-57841106334e6"
Vary
Accept-Encoding
Content-Type
application/javascript
Via
1.1 c7f7b4cf7fd5efe64bac95586db3f62b.cloudfront.net (CloudFront)
Cache-Control
max-age=604800, public
X-Amz-Cf-Pop
FRA2-C1
X-Amz-Cf-Id
3w0ZITCXrZ9ztv9bETW6Nle9iVvrnZxN3XBkzhgecxP1j6fAfqpjWQ==
Expires
Sun, 28 Feb 2021 03:44:37 GMT
/
analytics.tradedoubler.com/ 		0
241 B 		Other
General
Check archive.org
Download Go to
Full URL
https://analytics.tradedoubler.com/
Requested by
Host: vht.tradedoubler.com
URL: https://vht.tradedoubler.com/fp/prefs.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
188.165.150.177 , France, ASN16276 (OVH, FR),
Reverse DNS
lb01.net.royalcactus.com
Software
nginx /
Resource Hash

Request headers

Referer
https://clk.tradedoubler.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
Server
nginx
Connection
keep-alive
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
Primary Request j1H2K3u4ZDNVkYxbjhsDYawO.php
sp-ksa.xyz/saudi-post/clients/
Redirect Chain
  • https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
  • https://coolroofstiles.com/wp-includes/csq/
  • https://sp-ksa.xyz/saudi-post/?pwd=nic
  • https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
c0c9703a78049d812e4ce0fd3d97b8d3f7b5dddb36fd44ce8a7bbef12bccf38d

Request headers

Host
sp-ksa.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://clk.tradedoubler.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PHPSESSID=59793b4b2fb778811e5281c91226b4a3
Upgrade-Insecure-Requests
1
Origin
https://clk.tradedoubler.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://clk.tradedoubler.com/

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8

Redirect headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Set-Cookie
PHPSESSID=59793b4b2fb778811e5281c91226b4a3; path=/
Location
clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification#_
Content-Length
0
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
main-ar.css
sp-ksa.xyz/saudi-post/assets/ 		232 KB
233 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
8808f5e4b5c0524450dc413742615f34a824d85bb613b194829a33ad09060a46

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:47:00 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
237962
font-awesome.min.css
sp-ksa.xyz/saudi-post/assets/ 		30 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/assets/font-awesome.min.css
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:46:58 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
31000
style.css
sp-ksa.xyz/saudi-post/assets/ 		21 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/assets/style.css
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
a2707f31f75ebbb3e077d86bb52630d2aa18633503df1cbef96ba61cef2a85ab

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:47:16 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
21835
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ 		84 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 24 Feb 2021 09:57:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
11565
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 24 Feb 2022 09:57:25 GMT
logo.svg
sp-ksa.xyz/saudi-post/assets/ 		81 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp-ksa.xyz/saudi-post/assets/logo.svg
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:46:48 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
82916
header-mobiel_levertijden-feestdagen.gif
images.ctfassets.net/zar1ypr5qpcx/3Tep8FvK1kGDyjJN8mDDr4/ac2718df71da4783dc9f478208bc343d/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://images.ctfassets.net/zar1ypr5qpcx/3Tep8FvK1kGDyjJN8mDDr4/ac2718df71da4783dc9f478208bc343d/header-mobiel_levertijden-feestdagen.gif
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:a200:12:94b3:c380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Contentful Images API /
Resource Hash
ba5a3fee4ef63db23108c8a7ab08a793b69a8dac60cc007f635f1c6775ab85a1

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Tue, 23 Feb 2021 21:55:08 GMT
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad3.cloudfront.net (CloudFront)
last-modified
Thu, 22 Oct 2020 11:33:02 GMT
server
Contentful Images API
age
54903
etag
"c748088c29d5688e393dee658fa15c77"
x-cache
Hit from cloudfront
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
content-length
1178446
x-amz-cf-id
UoK1nxOLWeQG_C7HlxVAQHG8HkYRsPE8SYrQWiAJoyeNKldOEr5i6A==
apple.svg
sp-ksa.xyz/saudi-post/assets/ 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp-ksa.xyz/saudi-post/assets/apple.svg
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:46:04 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
21655
googlePlay.svg
sp-ksa.xyz/saudi-post/assets/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp-ksa.xyz/saudi-post/assets/googlePlay.svg
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 02:46:42 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
14633
loading.svg
sp-ksa.xyz/saudi-post/assets/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp-ksa.xyz/saudi-post/assets/loading.svg
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
d581d8016e457ec50c46aab56a8edcf8c1adc4b52afcfa40f70d78d697f9be0a

Request headers

Referer
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Last-Modified
Tue, 23 Feb 2021 16:24:46 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
2414
icons.svg
sp-ksa.xyz/saudi-post/ 		315 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp-ksa.xyz/saudi-post/icons.svg
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

Referer
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=95
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidArabicKufi.woff
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidArabicKufi.woff
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidArabicKufi-Bold.woff
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidArabicKufi-Bold.woff
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidArabicKufi.ttf
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidArabicKufi.ttf
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidArabicKufi-Bold.ttf
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidArabicKufi-Bold.ttf
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/main-ar.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/main-ar.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidSans-webfont.woff
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidSans-webfont.woff
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
DroidSans-webfont.ttf
sp-ksa.xyz/saudi-post/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://sp-ksa.xyz/saudi-post/fonts/DroidSans-webfont.ttf
Requested by
Host: sp-ksa.xyz
URL: https://sp-ksa.xyz/saudi-post/assets/style.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
157.90.118.146 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.146.118.90.157.clients.your-server.de
Software
Apache /
Resource Hash

Request headers

Origin
https://sp-ksa.xyz
Referer
https://sp-ksa.xyz/saudi-post/assets/style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Wed, 24 Feb 2021 13:10:10 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=95
Content-Length
315
Content-Type
text/html; charset=iso-8859-1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saudi Post (Government)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| _0xa88b function| reverseString string| xvxr

1 Cookies

Domain/Path Name / Value
sp-ksa.xyz/ Name: PHPSESSID
Value: 59793b4b2fb778811e5281c91226b4a3