URL: https://medsgulf.com/?rid=YsSifuq
Submission: On May 29 via manual from SA — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 8 HTTP transactions. The main IP is 91.221.22.159, located in Saudi Arabia and belongs to TVTC-AS, SA. The main domain is medsgulf.com.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on May 29th 2024. Valid for: 3 months.
This is the only time medsgulf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 91.221.22.159 51670 (TVTC-AS)
1 91.221.22.211 51670 (TVTC-AS)
8 3
Apex Domain
Subdomains
Transfer
2 medsgulf.com
medsgulf.com
3 KB
1 tvtc.gov.sa
tvtc.gov.sa
575 KB
0 grintahub.com Failed
cdn.grintahub.com Failed
8 3
Domain Requested by
2 medsgulf.com
1 tvtc.gov.sa medsgulf.com
0 cdn.grintahub.com Failed medsgulf.com
8 3

This site contains links to these domains. Also see Links.

Domain
https
Subject Issuer Validity Valid
medsgulf.com
ZeroSSL RSA Domain Secure Site CA
2024-05-29 -
2024-08-27
3 months crt.sh
*.tvtc.gov.sa
Go Daddy Secure Certificate Authority - G2
2024-03-19 -
2025-03-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://medsgulf.com/?rid=YsSifuq
Frame ID: 96506943C54C25CB0258D9C821AC8E13
Requests: 8 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css


Page Statistics

8
Requests

38 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

578 kB
Transfer

580 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
medsgulf.com/
3 KB
1 KB
Document
General
Full URL
https://medsgulf.com/?rid=YsSifuq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.221.22.159 , Saudi Arabia, ASN51670 (TVTC-AS, SA),
Reverse DNS
Software
/
Resource Hash
5b9d8f36ac9fd23fa950cee21bb2287430e938a1a92a28396b075378d4a02351

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
gzip
content-length
1417
content-type
text/html; charset=utf-8
date
Wed, 29 May 2024 15:06:03 GMT
vary
Accept-Encoding
x-server
CyberX
bootstrap.rtl.min.css
cdn.grintahub.com/public/assets/web/css/
0
0

typeahead.min.css
cdn.grintahub.com/public/assets/web/css/
0
0

owl.carousel.min.css
cdn.grintahub.com/public/assets/web/css/
0
0

auth.css
cdn.grintahub.com/public/assets/web/css/
0
0

auth.rtl.css
cdn.grintahub.com/public/assets/web/css/
0
0

slider__2.jpg
tvtc.gov.sa/Style%20Library/tvtc/images/
574 KB
575 KB
Image
General
Full URL
https://tvtc.gov.sa/Style%20Library/tvtc/images/slider__2.jpg
Requested by
Host: medsgulf.com
URL: https://medsgulf.com/?rid=YsSifuq
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.221.22.211 , Saudi Arabia, ASN51670 (TVTC-AS, SA),
Reverse DNS
Software
/
Resource Hash
20f47e97fea1abc6618b0e2d41d8739ba920f426eaf6c999b1fbf653693e0a65
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://medsgulf.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
frame-ancestors 'self' teams.microsoft.com *.teams.microsoft.com *.skype.com *.teams.microsoft.us local.teams.office.com *.powerapps.com *.yammer.com *.officeapps.live.com *.office.com *.stream.azure-test.net *.microsoftstream.com *.dynamics.com *.microsoft.com onedrive.live.com *.onedrive.live.com;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Wed, 29 May 2024 14:59:47 GMT
ResourceTag
rt:D96184C2-B5E0-4D03-B107-B85C40445EC6@00000000006
Public-Extension
http://schemas.microsoft.com/repl-2
request-id
a2702da1-af25-c0e6-b046-c5ea4493fc5f
Content-Length
587785
X-XSS-Protection
1; mode=block
X-MS-InvokeApp
1; RequireReadOnly
Referrer-Policy
strict-origin
Last-Modified
Mon, 08 Nov 2021 12:39:25 GMT
ETag
"{D96184C2-B5E0-4D03-B107-B85C40445EC6},6"
X-FRAME-OPTIONS
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
private,max-age=0
Accept-Ranges
bytes
Expires
Tue, 14 May 2024 14:59:47 GMT
favicon.ico
medsgulf.com/
3 KB
1 KB
Other
General
Full URL
https://medsgulf.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
91.221.22.159 , Saudi Arabia, ASN51670 (TVTC-AS, SA),
Reverse DNS
Software
/
Resource Hash
0b98156a16da551fe8c351c173e02c5d82cd28727707fafe54366954ebda933c

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://medsgulf.com/?rid=YsSifuq
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 29 May 2024 15:06:08 GMT
content-encoding
gzip
content-length
995
vary
Accept-Encoding
content-type
text/html; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.grintahub.com
URL
https://cdn.grintahub.com/public/assets/web/css/bootstrap.rtl.min.css
Domain
cdn.grintahub.com
URL
https://cdn.grintahub.com/public/assets/web/css/typeahead.min.css
Domain
cdn.grintahub.com
URL
https://cdn.grintahub.com/public/assets/web/css/owl.carousel.min.css
Domain
cdn.grintahub.com
URL
https://cdn.grintahub.com/public/assets/web/css/auth.css
Domain
cdn.grintahub.com
URL
https://cdn.grintahub.com/public/assets/web/css/auth.rtl.css

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

6 Console Messages

Source Level URL
Text
network error URL: https://cdn.grintahub.com/public/assets/web/css/typeahead.min.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://cdn.grintahub.com/public/assets/web/css/owl.carousel.min.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://cdn.grintahub.com/public/assets/web/css/bootstrap.rtl.min.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://cdn.grintahub.com/public/assets/web/css/auth.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
network error URL: https://cdn.grintahub.com/public/assets/web/css/auth.rtl.css
Message:
Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOrigin
recommendation verbose URL: https://medsgulf.com/?rid=YsSifuq
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.grintahub.com
medsgulf.com
tvtc.gov.sa
cdn.grintahub.com
91.221.22.159
91.221.22.211
0b98156a16da551fe8c351c173e02c5d82cd28727707fafe54366954ebda933c
20f47e97fea1abc6618b0e2d41d8739ba920f426eaf6c999b1fbf653693e0a65
5b9d8f36ac9fd23fa950cee21bb2287430e938a1a92a28396b075378d4a02351