nitaqat.mlsd.gov.sa.ar-saudi.xyz Open in urlscan Pro
23.229.166.161 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/
Effective URL:
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85
Submission: On March 11 via manual (March 11th 2019, 7:44:10 am UTC) from SA

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 23.229.166.161, located in Scottsdale, United States and belongs to AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US. The main domain is nitaqat.mlsd.gov.sa.ar-saudi.xyz.

This is the only time nitaqat.mlsd.gov.sa.ar-saudi.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saudi Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
12	23.229.166.161 23.229.166.161	26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com)
1	167.99.135.134 167.99.135.134	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
13	2

12 23.229.166.161 (Scottsdale, United States)

ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-23-229-166-161.ip.secureserver.net

nitaqat.mlsd.gov.sa.ar-saudi.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 167.99.135.134 (Fort Worth, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

geoip-db.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	ar-saudi.xyz nitaqat.mlsd.gov.sa.ar-saudi.xyz	172 KB
1	geoip-db.com geoip-db.com	285 B
13	2

	Domain	Requested by
12	nitaqat.mlsd.gov.sa.ar-saudi.xyz	nitaqat.mlsd.gov.sa.ar-saudi.xyz
1	geoip-db.com	nitaqat.mlsd.gov.sa.ar-saudi.xyz
13	2

This site contains no links.

Subject Issuer	Validity	Valid
geoip-db.com Let's Encrypt Authority X3	`2019-01-04` - `2019-04-04`	3 months	crt.sh

This page contains 1 frames:

Primary Page: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85
Frame ID: DA405BA7B73F2677609CE8B5626BCDED
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Page URL
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Page URL
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Page Statistics

13
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

172 kB
Transfer

340 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Page URL
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Page URL
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set / Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/	637 B 906 B	372ms 196ms	Document text/html	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / PHP/5.4.45 Resource Hash `3e9ff76a82bdfe4fe090c5fb73f465eb453247f63c27f2f53ac7925121a0eb4d` Request headers Host nitaqat.mlsd.gov.sa.ar-saudi.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Accept-Encoding gzip, deflate Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:55 GMT Server Apache X-Powered-By PHP/5.4.45 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Set-Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85; path=/ Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 462 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	comp.php Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/	692 B 882 B	158ms 158ms	Document text/html	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / PHP/5.4.45 Resource Hash `de02c4b97481ddb9f95a38496f53013fb7cac1251460d2af7c00927c3627c9cf` Request headers Host nitaqat.mlsd.gov.sa.ar-saudi.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Accept-Encoding gzip, deflate Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Response headers Date Mon, 11 Mar 2019 07:43:57 GMT Server Apache X-Powered-By PHP/5.4.45 Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 496 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	Primary Request comp_add.php Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/	12 KB 3 KB	162ms 162ms	Document text/html	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / PHP/5.4.45 Resource Hash `c7911bb5c16d55fe19dce448b7b6933432a46f88039e8f9c07345acefec5d97e` Request headers Host nitaqat.mlsd.gov.sa.ar-saudi.xyz Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Accept-Encoding gzip, deflate Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Response headers Date Mon, 11 Mar 2019 07:43:58 GMT Server Apache X-Powered-By PHP/5.4.45 Vary Accept-Encoding,User-Agent Content-Encoding gzip Content-Length 2904 Keep-Alive timeout=5 Connection Keep-Alive Content-Type text/html
GET H/1.1	200 OK	style.css nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/	294 B 544 B	147ms 145ms	Stylesheet text/css	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/style.css Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `b1fb3d3a0737f1675ad89e0e14fa7b9d8b3ede4784647caed28a82be4bc7e7da` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:58 GMT Content-Encoding gzip Last-Modified Fri, 30 Mar 2018 14:22:54 GMT Server Apache ETag "9400a9b-126-568a1f9d40b80-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 214
GET H/1.1	200 OK	SpryValidationTextField.js Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/	76 KB 17 KB	330ms 153ms	Script application/javascript	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/SpryValidationTextField.js Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `69e875128adeedbc8aa1221b7ebffb20b484685964f4ab9a9772ce2146e52d48` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Content-Encoding gzip Last-Modified Fri, 30 Mar 2018 14:31:22 GMT Server Apache ETag "9400ac9-12f38-568a2181b8280-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 17183
GET H/1.1	200 OK	SpryValidationCheckbox.js Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/	16 KB 4 KB	323ms 146ms	Script application/javascript	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/SpryValidationCheckbox.js Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `e6a642ec0b87ed63674689e271f580d79b099db387ed79b50cc24b875dc4ec10` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Content-Encoding gzip Last-Modified Fri, 30 Mar 2018 15:38:36 GMT Server Apache ETag "9400ac5-4064-568a3088d7700-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 4016
GET H/1.1	200 OK	SpryValidationTextField.css nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/	3 KB 1 KB	292ms 145ms	Stylesheet text/css	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/SpryValidationTextField.css Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `23d0712c0ed03b1f4636061df39f42471c13e811d5373ff7875a9b7821743be1` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:58 GMT Content-Encoding gzip Last-Modified Fri, 30 Mar 2018 14:31:22 GMT Server Apache ETag "9400ac8-c32-568a2181b8280-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 1068
GET H/1.1	200 OK	SpryValidationCheckbox.css nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/	1 KB 866 B	321ms 145ms	Stylesheet text/css	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/SpryValidationCheckbox.css Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `96f94be8213cd99f929ae7c1d616daea4630276a8d63d2e120f8be0eda17f18f` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept text/css,/;q=0.1 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Content-Encoding gzip Last-Modified Fri, 30 Mar 2018 15:38:36 GMT Server Apache ETag "9400ac4-435-568a3088d7700-gzip" Vary Accept-Encoding,User-Agent Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 536
GET H/1.1	200 OK	Verifications.js Show response nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/	2 KB 915 B	321ms 145ms	Script application/javascript	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/Verifications.js Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `d0a5cdc9433f54774707aecb1d46d9cf2aad15e760144612ca6af5266b526012` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Content-Encoding gzip Last-Modified Tue, 11 Nov 2014 21:17:00 GMT Server Apache ETag "9400a9c-783-5079bccbfcb00-gzip" Vary Accept-Encoding,User-Agent Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 571
GET H/1.1	200 OK	nitaqat.png nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/	31 KB 32 KB	175ms 144ms	Image image/png	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/nitaqat.png Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `0cf4323b9eb06b30c3299c233c3ea9f624e789b40f4ae4ec8f9970154625fa58` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Last-Modified Sun, 25 Mar 2018 15:57:26 GMT Server Apache ETag "9400ab5-7d5b-5683eb6b30580" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 32091
GET H/1.1	200 OK	footer.png nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/	34 KB 35 KB	146ms 146ms	Image image/png	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Show image Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/footer.png Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `78eff112588c82d7f2ed53092bba1c80aa3433d4dca4945231f6234633eda79e` Request headers Pragma no-cache Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept image/webp,image/apng,image/,/;q=0.8 Referer* http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Last-Modified Tue, 27 Mar 2018 11:24:24 GMT Server Apache ETag "9400aa8-8941-5686321f04a00" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 35137
GET H/1.1	200 OK	ntaqat.ttf nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/	162 KB 76 KB	156ms 155ms	Font font/ttf	23.229.166.161 GoDaddy.com
General Check archive.org Show headers Download Go to Full URL http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/ntaqat.ttf Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol HTTP/1.1 Server 23.229.166.161 Scottsdale, United States, ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US), Reverse DNS ip-23-229-166-161.ip.secureserver.net Software Apache / Resource Hash `60a23b06a63300530b748be1a50ffd15687c44001c835876d5896af40108c2c4` Request headers Pragma no-cache Origin http://nitaqat.mlsd.gov.sa.ar-saudi.xyz Accept-Encoding gzip, deflate Host nitaqat.mlsd.gov.sa.ar-saudi.xyz User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Accept / Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/style.css Cookie PHPSESSID=femj34d9io6ok5c9afjp7p0n85 Connection keep-alive Cache-Control no-cache User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/style.css Origin http://nitaqat.mlsd.gov.sa.ar-saudi.xyz Response headers Date Mon, 11 Mar 2019 07:43:59 GMT Content-Encoding gzip Last-Modified Fri, 06 Dec 2013 07:24:08 GMT Server Apache ETag "9400a9a-28958-4ecd888241600-gzip" Vary Accept-Encoding,User-Agent Content-Type font/ttf Transfer-Encoding chunked Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5
GET H2	200	geoip.php Show response geoip-db.com/json/	178 B 285 B	40ms 10ms	Script text/html	167.99.135.134 DigitalOcean
General Check archive.org Show headers Download Go to Full URL https://geoip-db.com/json/geoip.php?jsonp=callback Requested by Host: nitaqat.mlsd.gov.sa.ar-saudi.xyz URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 167.99.135.134 Fort Worth, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US), Reverse DNS Software nginx/1.14.0 (Ubuntu) / Resource Hash `ae91c9981ec848db81c0b8be33cc895445a433775a09ecb9b18aaadb39d500e5` Request headers Referer http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=femj34d9io6ok5c9afjp7p0n85 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36 Response headers status 200 date Mon, 11 Mar 2019 07:43:59 GMT content-encoding gzip server nginx/1.14.0 (Ubuntu) access-control-allow-origin * content-type text/html; charset=UTF-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saudi Government (Government)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

geoip-db.com
nitaqat.mlsd.gov.sa.ar-saudi.xyz
167.99.135.134
23.229.166.161
0cf4323b9eb06b30c3299c233c3ea9f624e789b40f4ae4ec8f9970154625fa58
23d0712c0ed03b1f4636061df39f42471c13e811d5373ff7875a9b7821743be1
3e9ff76a82bdfe4fe090c5fb73f465eb453247f63c27f2f53ac7925121a0eb4d
60a23b06a63300530b748be1a50ffd15687c44001c835876d5896af40108c2c4
69e875128adeedbc8aa1221b7ebffb20b484685964f4ab9a9772ce2146e52d48
78eff112588c82d7f2ed53092bba1c80aa3433d4dca4945231f6234633eda79e
96f94be8213cd99f929ae7c1d616daea4630276a8d63d2e120f8be0eda17f18f
ae91c9981ec848db81c0b8be33cc895445a433775a09ecb9b18aaadb39d500e5
b1fb3d3a0737f1675ad89e0e14fa7b9d8b3ede4784647caed28a82be4bc7e7da
c7911bb5c16d55fe19dce448b7b6933432a46f88039e8f9c07345acefec5d97e
d0a5cdc9433f54774707aecb1d46d9cf2aad15e760144612ca6af5266b526012
de02c4b97481ddb9f95a38496f53013fb7cac1251460d2af7c00927c3627c9cf
e6a642ec0b87ed63674689e271f580d79b099db387ed79b50cc24b875dc4ec10

nitaqat.mlsd.gov.sa.ar-saudi.xyz Open in urlscan Pro 23.229.166.161 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

8 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

172 kBTransfer

340 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

0 Cookies

Indicators

nitaqat.mlsd.gov.sa.ar-saudi.xyz Open in urlscan Pro
23.229.166.161 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

8 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

172 kB
Transfer

340 kB
Size

0
Cookies

13 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!