mena.ar
Open in
urlscan Pro
200.58.112.68
Malicious Activity!
Public Scan
Effective URL: https://mena.ar/wp-admin/user/degr/
Submission: On April 04 via manual from SE — Scanned from SE
Summary
TLS certificate: Issued by R3 on March 12th 2023. Valid for: 3 months.
This is the only time mena.ar was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BankID (Banking) Posten Norge (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.89.123.122 167.89.123.122 | 11377 (SENDGRID) (SENDGRID) | |
1 32 | 200.58.112.68 200.58.112.68 | 27823 (Dattatec.com) (Dattatec.com) | |
1 | 142.250.185.163 142.250.185.163 | 15169 (GOOGLE) (GOOGLE) | |
32 | 2 |
ASN11377 (SENDGRID, US)
PTR: o16789123x122.outbound-mail.sendgrid.net
u33351581.ct.sendgrid.net |
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net
www.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
32 |
mena.ar
1 redirects
mena.ar |
82 KB |
1 |
gstatic.com
www.gstatic.com |
2 KB |
1 |
sendgrid.net
1 redirects
u33351581.ct.sendgrid.net |
237 B |
32 | 3 |
Domain | Requested by | |
---|---|---|
32 | mena.ar |
1 redirects
mena.ar
|
1 | www.gstatic.com |
mena.ar
|
1 | u33351581.ct.sendgrid.net | 1 redirects |
32 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.mena.ar R3 |
2023-03-12 - 2023-06-10 |
3 months | crt.sh |
*.gstatic.com GTS CA 1C3 |
2023-03-13 - 2023-06-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://mena.ar/wp-admin/user/degr/
Frame ID: 45FE643EB6967410C6539F7BDAD78527
Requests: 32 HTTP requests in this frame
Screenshot
Page Title
DigipostPage URL History Show full URLs
-
https://u33351581.ct.sendgrid.net/ls/click?upn=WaWq-2Fok9X4jF7dHAsdk7hWSNJMEd7WvGwZE4Lx9rpiD2m-2FYXBs-2FXNlHtv...
HTTP 302
https://mena.ar/wp-admin/user/degr HTTP 301
https://mena.ar/wp-admin/user/degr/ Page URL
Detected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI (JavaScript Libraries) Expand
Detected patterns
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://u33351581.ct.sendgrid.net/ls/click?upn=WaWq-2Fok9X4jF7dHAsdk7hWSNJMEd7WvGwZE4Lx9rpiD2m-2FYXBs-2FXNlHtvAFA4GoFkuwS_oHMMPtiCXUG0KITdt19V5AS-2FrugBvV5Gd43QVml9CnTy00xh4F6x6rgUh0v-2FXivDgXJdDio79i89viY5MzCJPmiqDRN86bDeq9lA-2B8vIpNFhzTM4yafpi7FoqKVFB7Mj1Av2orO7BAxnuuB1Ny2QaSMJEqBLBNxaWokyRBuO8tTS9RtAdkzaDVEs9kGllavm3ZvNxPhomWh-2BqEsVGdsFdBTF85S22Ycmyn9hINf5MVDVfozOKnCnGh1EVnf09ZGFcYLeXatVnBEVtGZ2j621FHmRbbLKnVgu0v35ahtUx1At0UYxf7KM9XGo94LhJka7E6BBrem61MRsH1dT-2FniqR9USNsNGzK3uWcomwl-2FCuqswLGXbI6lLaiurPCi45y2tD-2FAc2rZ724Y1b0rbyPFSFq19lxCpiih000Ks4F0BbgIebxr2DeI9LgYad8wNX7S03nh0FOfBIa7WQPa2qKJCL601t-2FzXKTJV4TiknuIimdtXX6w8cHd9CQYMFGqCAFD60qSdv-2FUqqnjx-2BTYvdHWzQT9a7bZ3Ggmu6KE9f5cR2TFZy1j3QRSYhXkwBmjJmX9HyHMEQAku4J-2F8O2NO5lHBVAHznG6eIIMnbauK-2BuE7OdpE0OTreeEW1YT-2B73TpLrO90I3Qzv4UilJE-2F3W2CFK6qn7LXzVOKzkAgQQ-2BTm7OM1kRYe7RsCapRuumKzl6PBW16zcDS6MIGduQjQbGeRz7OTiWiH5Wq5-2FZorCWfK1wVA0aLHyhkZP9yCb9kjJRNnge2XTiyrykoWsWn0ePVdVlHcY3JIq55tOCbPRLneC1p345KlurO0gzkrT9BmFgcYXz-2F4-2FKZYzQfmuGtFdh1Ge234oh2HMekWCMBaWwZ3Lf5YE-3D
HTTP 302
https://mena.ar/wp-admin/user/degr HTTP 301
https://mena.ar/wp-admin/user/degr/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
32 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
mena.ar/wp-admin/user/degr/ Redirect Chain
|
29 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
font-awesome.css
mena.ar/wp-admin/user/degr/helse_files/ |
37 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans.css
mena.ar/wp-admin/user/degr/helse_files/ |
2 KB 444 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.min.css
mena.ar/wp-admin/user/degr/helse_files/ |
48 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
override.css
mena.ar/wp-admin/user/degr/helse_files/ |
474 B 285 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
idporten-difi.css
mena.ar/wp-admin/user/degr/helse_files/ |
3 KB 983 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement.css
mena.ar/wp-admin/user/degr/helse_files/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement(1).css
mena.ar/wp-admin/user/degr/helse_files/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translateelement(2).css
mena.ar/wp-admin/user/degr/helse_files/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
helsenorge.png
mena.ar/wp-admin/user/degr/helse_files/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bankid.svg
mena.ar/wp-admin/user/degr/helse_files/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.min.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-ui.min.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
1 KB 659 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
accordion.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
1 KB 773 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
disabled-links.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
846 B 548 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
3 KB 994 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tab.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
1 KB 612 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
toggleMenues.js.download
mena.ar/wp-admin/user/degr/helse_files/ |
2 KB 862 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
mena.ar/wp-admin/user/degr/helse_files/ |
825 B 873 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp(1).png
mena.ar/wp-admin/user/degr/helse_files/ |
825 B 873 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp(2).png
mena.ar/wp-admin/user/degr/helse_files/ |
825 B 873 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Digdir-Emblem-Hvit.png
mena.ar/wp-admin/user/degr/images/ |
79 B 79 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-600.woff2
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-700.woff2
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-regular.woff2
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-600.woff
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-regular.woff
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-700.woff
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
translate_24dp.png
www.gstatic.com/images/branding/product/2x/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-600.ttf
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 143 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-700.ttf
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
open-sans-v13-latin-regular.ttf
mena.ar/wp-admin/user/degr/helse_files/open-sans/ |
79 B 120 B |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BankID (Banking) Posten Norge (Transportation)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless undefined| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
mena.ar/ | Name: PHPSESSID Value: ebe2a777392e8f14e4291832837ef3fd |
18 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mena.ar
u33351581.ct.sendgrid.net
www.gstatic.com
142.250.185.163
167.89.123.122
200.58.112.68
06163e51b22ff5cbe78ac43d18d53b8c2a028d073cb27244a6c6463371131825
1bb2279aed6bc1438d2b17a5ffcbac9d37864582aedeeec8d301eab162b2c213
36e0a7e08bee65774168528938072c536437669c1b7458ac77976ec788e4439c
3e0daeee99e506486767f1162d42c4fe6138c991b6655ab432cf93740792966f
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
5d0a6e3bc914db376bf187c380750b197c317e1bf40fab9ad959ad5facd8f9ed
6368b62b5417972505c1fd1690030796179d463df8fcf845f6fa48a0a52802f2
6c0391f7d442bd95af8773308e9210ef32faa6ab3df023613909a527e92d6458
80cd73c4dbe1eeefc2cb6ebae14bbb19141aafb505e510a235b5958e062e4821
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
93040f579f0018c2a311c11d843c7fd964cec80941f349ba9f3253958eddf889
b79a58cd38674fb9c381741996689962a7406e4d856441a196e3096755b80ce9
c383c7ecf6eb63a895189a289a21bd3da819aaff7046d41728b8ac0f930a61db
d1aef2979bd154b53e6e52204ae3896a85bdf01a27c2b882cd2911f2817d0df4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5623583a8e1da978ef9fcc1cf53da5d4005a1a8fff8db28e5ab88473e7d56a1
e96629223996521f0c7bdb254769be54e9cc9eb8c33d3ca1fa781705add6811d
ee0b4000267970c427d4dd02b778857b7697486a303d61d6e1935534069e7a8e
f32f432c3a0c264077324c5ca7fbf62998f3e4c757d88b81a0411276da47aa85
f4ca5b846a899dc44540d31be9987c0755322d595162fc6371abe2134d5d2f91