nitaqat.mlsd.gov.sa.ar-saudi.xyz
Open in
urlscan Pro
23.229.166.161
Malicious Activity!
Public Scan
Effective URL: http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=
Submission: On July 24 via api from GB
Summary
This is the only time nitaqat.mlsd.gov.sa.ar-saudi.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Saudi Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 23.229.166.161 23.229.166.161 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com) | |
13 | 2 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC - GoDaddy.com, LLC, US)
PTR: ip-23-229-166-161.ip.secureserver.net
nitaqat.mlsd.gov.sa.ar-saudi.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
ar-saudi.xyz
nitaqat.mlsd.gov.sa.ar-saudi.xyz |
172 KB |
0 |
geoip-db.com
Failed
geoip-db.com Failed |
|
13 | 2 |
Domain | Requested by | |
---|---|---|
12 | nitaqat.mlsd.gov.sa.ar-saudi.xyz |
nitaqat.mlsd.gov.sa.ar-saudi.xyz
|
0 | geoip-db.com Failed |
nitaqat.mlsd.gov.sa.ar-saudi.xyz
|
13 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh |
This page contains 1 frames:
Primary Page:
http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp=
Frame ID: B01F9A51A93DBAE4C38B7EBAD63DADE3
Requests: 13 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Page URL
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Page URL
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp= Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/ Page URL
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp.php?ssspp= Page URL
- http://nitaqat.mlsd.gov.sa.ar-saudi.xyz/comp_add.php?ssspp= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
/
nitaqat.mlsd.gov.sa.ar-saudi.xyz/ |
637 B 947 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Cookie set
comp.php
nitaqat.mlsd.gov.sa.ar-saudi.xyz/ |
666 B 930 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
comp_add.php
nitaqat.mlsd.gov.sa.ar-saudi.xyz/ |
12 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/ |
294 B 544 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.js
nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/ |
76 KB 17 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationCheckbox.js
nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/ |
16 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationTextField.css
nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/ |
3 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SpryValidationCheckbox.css
nitaqat.mlsd.gov.sa.ar-saudi.xyz/SpryAssets/ |
1 KB 866 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Verifications.js
nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/ |
2 KB 915 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
nitaqat.png
nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/ |
31 KB 32 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer.png
nitaqat.mlsd.gov.sa.ar-saudi.xyz/imag/ |
34 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ntaqat.ttf
nitaqat.mlsd.gov.sa.ar-saudi.xyz/css/ |
162 KB 76 KB |
Font
font/ttf |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
geoip.php
geoip-db.com/json/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- geoip-db.com
- URL
- https://geoip-db.com/json/geoip.php?jsonp=callback
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Saudi Government (Government)25 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Spry function| refrClock function| IdVerification object| sprytextfield1 object| sprytextfield2 object| sprytextfield3 object| sprytextfield4 object| sprytextfield5 object| sprytextfield6 object| sprytextfield8 object| sprytextfield9 object| sprycheckbox1 object| country object| state object| city object| postal object| latitude object| longitude object| ip function| callback object| script object| h1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nitaqat.mlsd.gov.sa.ar-saudi.xyz/ | Name: PHPSESSID Value: 67dtgecrbht6fj25v0l7bdn3h3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
geoip-db.com
nitaqat.mlsd.gov.sa.ar-saudi.xyz
geoip-db.com
23.229.166.161
0cf4323b9eb06b30c3299c233c3ea9f624e789b40f4ae4ec8f9970154625fa58
23d0712c0ed03b1f4636061df39f42471c13e811d5373ff7875a9b7821743be1
3e9ff76a82bdfe4fe090c5fb73f465eb453247f63c27f2f53ac7925121a0eb4d
60a23b06a63300530b748be1a50ffd15687c44001c835876d5896af40108c2c4
69e875128adeedbc8aa1221b7ebffb20b484685964f4ab9a9772ce2146e52d48
78eff112588c82d7f2ed53092bba1c80aa3433d4dca4945231f6234633eda79e
96f94be8213cd99f929ae7c1d616daea4630276a8d63d2e120f8be0eda17f18f
b1fb3d3a0737f1675ad89e0e14fa7b9d8b3ede4784647caed28a82be4bc7e7da
d0a5cdc9433f54774707aecb1d46d9cf2aad15e760144612ca6af5266b526012
dd46b65df80ae6178d5812af165d16f1f061f7c1ec687f5df7242f3bba62d97f
e4dd3b0235f363f4802792d0300cd6e65de9f3e52d8d294d651c1ef3082a7b7f
e6a642ec0b87ed63674689e271f580d79b099db387ed79b50cc24b875dc4ec10