sp-ksa.xyz
Open in
urlscan Pro
157.90.118.146
Malicious Activity!
Public Scan
Effective URL: https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Submission: On February 24 via api from BE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 23rd 2021. Valid for: 3 months.
This is the only time sp-ksa.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Post (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 2 | 34.95.109.120 34.95.109.120 | 15169 (GOOGLE) (GOOGLE) | |
1 | 13.224.195.99 13.224.195.99 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 188.165.150.177 188.165.150.177 | 16276 (OVH) (OVH) | |
1 1 | 198.38.82.73 198.38.82.73 | 23352 (SERVERCEN...) (SERVERCENTRAL) | |
1 16 | 157.90.118.146 157.90.118.146 | 24940 (HETZNER-AS) (HETZNER-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2600:9000:20e... 2600:9000:20eb:a200:12:94b3:c380:93a1 | 16509 (AMAZON-02) (AMAZON-02) | |
20 | 6 |
ASN15169 (GOOGLE, US)
PTR: 120.109.95.34.bc.googleusercontent.com
clk.tradedoubler.com |
ASN16509 (AMAZON-02, US)
PTR: server-13-224-195-99.fra2.r.cloudfront.net
vht.tradedoubler.com |
ASN16276 (OVH, FR)
PTR: lb01.net.royalcactus.com
analytics.tradedoubler.com |
ASN23352 (SERVERCENTRAL, US)
PTR: mocha3022-web1.my-hosting-panel.com
coolroofstiles.com |
ASN24940 (HETZNER-AS, DE)
PTR: static.146.118.90.157.clients.your-server.de
sp-ksa.xyz |
ASN16509 (AMAZON-02, US)
images.ctfassets.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
sp-ksa.xyz
1 redirects
sp-ksa.xyz |
412 KB |
4 |
tradedoubler.com
1 redirects
clk.tradedoubler.com vht.tradedoubler.com analytics.tradedoubler.com |
6 KB |
1 |
ctfassets.net
images.ctfassets.net |
1 MB |
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
1 |
coolroofstiles.com
1 redirects
coolroofstiles.com |
247 B |
20 | 5 |
Domain | Requested by | |
---|---|---|
16 | sp-ksa.xyz |
1 redirects
sp-ksa.xyz
|
2 | clk.tradedoubler.com | 1 redirects |
1 | images.ctfassets.net |
sp-ksa.xyz
|
1 | ajax.googleapis.com |
sp-ksa.xyz
|
1 | coolroofstiles.com | 1 redirects |
1 | analytics.tradedoubler.com |
vht.tradedoubler.com
|
1 | vht.tradedoubler.com |
clk.tradedoubler.com
|
20 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.tradedoubler.com R3 |
2021-01-23 - 2021-04-23 |
3 months | crt.sh |
sp-ksa.xyz cPanel, Inc. Certification Authority |
2021-02-23 - 2021-05-24 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2021-01-26 - 2021-04-20 |
3 months | crt.sh |
images.ctfassets.net Amazon |
2020-04-17 - 2021-05-17 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification
Frame ID: C4375B7302953463D3E0252BE7872C36
Requests: 20 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includ... Page URL
-
https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includ...
HTTP 302
https://coolroofstiles.com/wp-includes/csq/ HTTP 302
https://sp-ksa.xyz/saudi-post/?pwd=nic HTTP 302
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification Page URL
Detected technologies
Contentful (CMS) ExpandDetected patterns
- html /<[^>]+(?:https?:)?\/\/(?:assets|downloads|images|videos)\.(?:ct?fassets\.net|contentful\.com)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Google Cloud (CDN) Expand
Detected patterns
- headers via /^1\.1 google$/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/ Page URL
-
https://clk.tradedoubler.com/click?p=310496&a=2893046&g=24946974&url=https://coolroofstiles.com/wp-includes/csq/
HTTP 302
https://coolroofstiles.com/wp-includes/csq/ HTTP 302
https://sp-ksa.xyz/saudi-post/?pwd=nic HTTP 302
https://sp-ksa.xyz/saudi-post/clients/j1H2K3u4ZDNVkYxbjhsDYawO.php?verification Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
20 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
click
clk.tradedoubler.com/ |
960 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
prefs.js
vht.tradedoubler.com/fp/ |
9 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H/1.1 |
/
analytics.tradedoubler.com/ |
0 241 B |
Other
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
j1H2K3u4ZDNVkYxbjhsDYawO.php
sp-ksa.xyz/saudi-post/clients/ Redirect Chain
|
7 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
main-ar.css
sp-ksa.xyz/saudi-post/assets/ |
232 KB 233 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
sp-ksa.xyz/saudi-post/assets/ |
30 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
sp-ksa.xyz/saudi-post/assets/ |
21 KB 22 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.svg
sp-ksa.xyz/saudi-post/assets/ |
81 KB 81 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-mobiel_levertijden-feestdagen.gif
images.ctfassets.net/zar1ypr5qpcx/3Tep8FvK1kGDyjJN8mDDr4/ac2718df71da4783dc9f478208bc343d/ |
1 MB 1 MB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
apple.svg
sp-ksa.xyz/saudi-post/assets/ |
21 KB 21 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
googlePlay.svg
sp-ksa.xyz/saudi-post/assets/ |
14 KB 15 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.svg
sp-ksa.xyz/saudi-post/assets/ |
2 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.svg
sp-ksa.xyz/saudi-post/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi.woff
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi-Bold.woff
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi.ttf
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidArabicKufi-Bold.ttf
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidSans-webfont.woff
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
DroidSans-webfont.ttf
sp-ksa.xyz/saudi-post/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Post (Government)14 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| $ function| jQuery object| _0xa88b function| reverseString string| xvxr1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
sp-ksa.xyz/ | Name: PHPSESSID Value: 59793b4b2fb778811e5281c91226b4a3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
analytics.tradedoubler.com
clk.tradedoubler.com
coolroofstiles.com
images.ctfassets.net
sp-ksa.xyz
vht.tradedoubler.com
13.224.195.99
157.90.118.146
188.165.150.177
198.38.82.73
2600:9000:20eb:a200:12:94b3:c380:93a1
2a00:1450:4001:801::200a
34.95.109.120
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
1e674d2a3d591d95f06609104dafd3386be1c7a1afecabb37a26d885e83f35fd
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7d5e659c3ddc19ad374f51057aea69b769f245d54ca470a91e01e9736998e5c0
806c4bd82bee2c9ed5686d1da83700fb91684659da85af1b1d21feae71ae94c1
8808f5e4b5c0524450dc413742615f34a824d85bb613b194829a33ad09060a46
8faf08e63ebd2122321177c350aa104283ec6542fb340fa82d6475261bc88c53
a2707f31f75ebbb3e077d86bb52630d2aa18633503df1cbef96ba61cef2a85ab
ba5a3fee4ef63db23108c8a7ab08a793b69a8dac60cc007f635f1c6775ab85a1
c0c9703a78049d812e4ce0fd3d97b8d3f7b5dddb36fd44ce8a7bbef12bccf38d
d581d8016e457ec50c46aab56a8edcf8c1adc4b52afcfa40f70d78d697f9be0a
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3