sdad.online Open in urlscan Pro
89.252.138.99 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://sdad.online/
Submission: On October 14 via manual (October 14th 2022, 3:41:19 pm UTC) from SA — Scanned from DE

Summary HTTP 23 Redirects Links 28 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 23 HTTP transactions. The main IP is 89.252.138.99, located in Turkey and belongs to GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR. The main domain is sdad.online.

This is the only time sdad.online was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SADAD (Financial)

Domain & IP information

	IP Address	AS Autonomous System
2	89.252.138.99 89.252.138.99	42846 (GUZELHOST...) (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S.)
15	2606:4700:10:... 2606:4700:10::6816:1588	13335 (CLOUDFLAR...) (CLOUDFLARENET)
23	3

2 89.252.138.99 (Turkey)

ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR)
PTR: 99lx3w9z.guzel.net.tr

sdad.online	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:4700:10::6816:1588 (United States)

ASN13335 (CLOUDFLARENET, US)

www.sadad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	sadad.com www.sadad.com	80 KB
2	sdad.online sdad.online	36 KB
0	Failed function sub() { [native code] }. Failed
23	3

	Domain	Requested by
15	www.sadad.com	sdad.online www.sadad.com
2	sdad.online
0	mhtml.blink Failed	sdad.online
23	3

This site contains links to these domains. Also see Links.

Domain
www.sadad.com
twitter.com
www.youtube.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: http://sdad.online/
Frame ID: A3D03E6C68F0BAD3ACA8E8DF61BB2453
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

فاتورة لمرة واحدة

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

23
Requests

65 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

116 kB
Transfer

409 kB
Size

0
Cookies

28 Outgoing links

These are links going to different origins than the main page.

URL: https://www.sadad.com/en/pages/home-2.html
Title: Home

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/home.html
Title: الرئيسية

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Personal/Pages/default.html
Title: شخصي

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Personal/_layouts/Authenticate0f8e.html?Source=%2Far%2FPersonal%2FPages%2FSADADBills%2Easpx
Title: تسجيل الدخول

Search URL Search Domain Scan URL

URL: https://www.sadad.com/en/Pages/home.html

Search URL Search Domain Scan URL

URL: https://twitter.com/SADAD/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SADADPaymentSystem/%20/

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/AboutUs.html
Title: عن سداد

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/VMO.html
Title: الرؤية والمهمة والأهداف

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/Values.html
Title: قيمنا

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/MediaCenter/CertificatesandAwards/Pages/default.html
Title: شهادات وجوائز

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/MediaCenter/e-Newsletters/Pages/default.html
Title: النشرة الإلكترونية

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/MediaCenter/Wewerethere/Pages/default.html
Title: كنّا هناك

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Personal/Pages/SADADBills.html
Title: شخصي

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Personal/Pages/PaymentMethods.html
Title: طرق الدفع

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/Billers.html
Title: المفوترون

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Business/Pages/SADADBills.html
Title: فواتير سداد

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Business/Pages/MerchantsJoiningNow.html
Title: انضم الآن

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/Banks.html
Title: البنوك

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Business/Pages/PaymentMethods.html
Title: طرق الدفع

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/FAQ.html
Title: أسئلة متكررة

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/MediaCenter/Pages/SADAD-Logo-Guidelines.html
Title: توجيهات استخدام شعار سداد

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Banks/Pages/SADADBills.html
Title: فواتير سداد

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/Disclaimer.html
Title: تنويه

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/PrivacyPolicy.html
Title: سياسة الخصوصية

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/TermsOfUse.html
Title: شروط الاستخدام

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/ContactUs.html
Title: اتصل بنا

Search URL Search Domain Scan URL

URL: https://www.sadad.com/ar/Pages/Sitemap.html
Title: خريطة الموقع

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request / Show response sdad.online/	28 KB 8 KB	213ms 73ms	Document text/html	89.252.138.99 GUZELHOSTING GNET...
General Check archive.org Show headers Download Go to Full URL http://sdad.online/ Protocol HTTP/1.1 Server 89.252.138.99 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR), Reverse DNS 99lx3w9z.guzel.net.tr Software LiteSpeed / PHP/8.1.11 Resource Hash `ba566ddf8cff1d7975c2b637b42275006c1156a686ff6a29f4cf94f3668faf38` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Keep-Alive timeout=5, max=100 content-encoding gzip content-length 7613 content-type text/html; charset=UTF-8 date Fri, 14 Oct 2022 15:41:13 GMT server LiteSpeed vary Accept-Encoding x-powered-by PHP/8.1.11
GET		css-584e223b-968d-46a1-935d-ee1b98d44217@mhtml.blink /	0 0

GET		css-f4320574-9ea0-4a7c-8534-9247bc69dbd6@mhtml.blink /	0 0

GET H2	200	controls.css www.sadad.com/Style%20Library/ar-SA/Themable/Core%20Styles/	48 KB 7 KB	212ms 133ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/Style%20Library/ar-SA/Themable/Core%20Styles/controls.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `0d6ce179d4e8559fcfda95f2a3c54910926be6b71c7338a768aee5b4a62b3a72` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"c193-17ef38f52e0" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fc829064-FRA
GET H2	200	page-layouts-21.css www.sadad.com/Style%20Library/ar-SA/Core%20Styles/	2 KB 824 B	172ms 93ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/Style%20Library/ar-SA/Core%20Styles/page-layouts-21.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `ecf32ffc408a5d3183df0e49925328f471519083992e83ef8f4e101e38f3d0ff` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:13 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"6ee-17ef38f52e0" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fc869064-FRA
GET H2	200	corev48630.css www.sadad.com/_layouts/1025/styles/Themable/	137 KB 24 KB	242ms 163ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/1025/styles/Themable/corev48630.css?rev=q4oC6vgYyMDS%2BypgPPiGcA%3D%3D Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `7ff9cf120fd5fd4257826f9f8b87a39318cb3bc4c2d7254fe6c9c21d2df25600` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"22453-17ef38f52ec" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fc879064-FRA
GET H2	200	bootstrap.min.css www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/	119 KB 19 KB	287ms 209ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/bootstrap.min.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `dc6ffe00ea357a0f8ce9d0104243cd52ed4a09e4c4594d27dbe5b44c3af92c4d` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"1da76-17ef38f5300" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fcc89064-FRA
GET H2	404	ie10-viewport-bug-workaround.css www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/	0 0	148ms 70ms	Stylesheet text/html	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/ie10-viewport-bug-workaround.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers
GET H2	200	jquery.smartmenus.bootstrap.css www.sadad.com/_layouts/inc/SADAD.Internet.Portal/multilevel-menu/css/	3 KB 695 B	175ms 96ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/multilevel-menu/css/jquery.smartmenus.bootstrap.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `b343ff74c02205d8b4324cde81d74324da5ba7b06eca9a137ceb6c3c8d7b7e9f` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:13 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"a0c-17ef38f5318" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fc8a9064-FRA
GET H2	404	navbar.css www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/	0 0	146ms 68ms	Stylesheet text/html	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/navbar.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software / Resource Hash Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers
GET H2	200	styles.css www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/	19 KB 4 KB	199ms 121ms	Stylesheet text/css	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `70791816df959b5d95a23c1b21c23d14d1e4ec01764d31f41b354edec0bd6b85` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT content-encoding gzip cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"4d21-17ef38f52f0" x-powered-by Express vary Accept-Encoding content-type text/css; charset=UTF-8 cache-control public, max-age=14400 cf-ray 75a16b01fcc19064-FRA
GET H2	200	fgimg.png www.sadad.com/_layouts/images/	20 KB 20 KB	89ms 89ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/images/fgimg.png Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `4004293f081201ead3df6f86daa9d3974bde048ae8187cda602dffb256324124` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"4e93-17ef38f52ec" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b025d6c9064-FRA content-length 20115
GET H2	200	arabic_icon_disabled.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/	372 B 449 B	84ms 84ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/arabic_icon_disabled.png Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `7234436a16815743645bf4ef4fafdce42027b982cf54e20518a16f01ff487207` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"174-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b025d6d9064-FRA content-length 372
GET H2	200	english_icon.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/	560 B 650 B	77ms 77ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/english_icon.png Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `9c8e9aadc1add3c5ed03bf930079ca0bab2689e47933aacbd6ec51d1bb5712e3` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"230-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b025d6e9064-FRA content-length 560
GET H2	200	sadad_logo_ar.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/	3 KB 3 KB	83ms 82ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/sadad_logo_ar.png Requested by Host: sdad.online URL: http://sdad.online/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `a3b99a741b0cfdd528816822497368578c2bdbefa8a689797391a1d08d45acb8` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"ad3-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b025d7c9064-FRA content-length 2771
GET H2	200	twitter_icon_disabled.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/	494 B 571 B	199ms 198ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/twitter_icon_disabled.png Requested by Host: www.sadad.com URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `5ebd9fdde20679e9639aa035038fa007f990cdeb54bdecaccb9f94816d399c8b` Request headers accept-language de-DE,de;q=0.9 Referer https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"1ee-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b034f909064-FRA content-length 494
GET H2	200	youtube_icon_disabled.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/	706 B 783 B	160ms 160ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/youtube_icon_disabled.png Requested by Host: www.sadad.com URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `152b33cb3f2a8fd0dadbcf16c5ffc8189adefac666a334eef48e8414ea1f84bd` Request headers accept-language de-DE,de;q=0.9 Referer https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"2c2-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b034fba9064-FRA content-length 706
GET H2	200	title_corner_bg_ar.png www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/	378 B 455 B	188ms 188ms	Image image/png	2606:4700:10::6816:1588 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/title_corner_bg_ar.png Requested by Host: www.sadad.com URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1588 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Express Resource Hash `3aa33de22731a1840c76528f7791115ef296bd6fe2ac9c4bc8562def08363d69` Request headers accept-language de-DE,de;q=0.9 Referer https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/styles.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:14 GMT cf-cache-status EXPIRED last-modified Sun, 13 Feb 2022 14:49:23 GMT server cloudflare etag W/"17a-17ef38f5314" x-powered-by Express vary Accept-Encoding content-type image/png cache-control public, max-age=14400 accept-ranges bytes cf-ray 75a16b034fce9064-FRA content-length 378
GET H/1.1	200 OK	footer_btn.png sdad.online/_layouts/inc/SADAD.Internet.Portal/img/	28 KB 28 KB	85ms 85ms	Image text/html	89.252.138.99 GUZELHOSTING GNET...
General Check archive.org Show headers Download Go to Show image Full URL http://sdad.online/_layouts/inc/SADAD.Internet.Portal/img/footer_btn.png Protocol HTTP/1.1 Server 89.252.138.99 , Turkey, ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR), Reverse DNS 99lx3w9z.guzel.net.tr Software LiteSpeed / PHP/8.1.11 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers accept-language de-DE,de;q=0.9 Referer http://sdad.online/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36 Response headers date Fri, 14 Oct 2022 15:41:13 GMT content-encoding gzip server LiteSpeed x-powered-by PHP/8.1.11 vary Accept-Encoding content-type text/html; charset=UTF-8 Connection Keep-Alive Keep-Alive timeout=5, max=100 content-length 7613
GET		FrutigerLTArabic-65Bold.html www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/	0 0

GET		FrutigerLTArabic-55Roman.html www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/	0 0

GET		FrutigerLTArabic-55Roman.ttf www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/	0 0

GET		FrutigerLTArabic-65Bold.ttf www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: mhtml.blink
URL: cid:css-584e223b-968d-46a1-935d-ee1b98d44217@mhtml.blink

Domain: mhtml.blink
URL: cid:css-f4320574-9ea0-4a7c-8534-9247bc69dbd6@mhtml.blink

Domain: www.sadad.com
URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.html

Domain: www.sadad.com
URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.html

Domain: www.sadad.com
URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.ttf

Domain: www.sadad.com
URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SADAD (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

12 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: cid:css-584e223b-968d-46a1-935d-ee1b98d44217@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: cid:css-f4320574-9ea0-4a7c-8534-9247bc69dbd6@mhtml.blink Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/navbar.css Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/ie10-viewport-bug-workaround.css Message: Failed to load resource: the server responded with a status of 404 ()
javascript	error	URL: http://sdad.online/ Message: Access to font at 'https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.html' from origin 'http://sdad.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.html Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://sdad.online/ Message: Access to font at 'https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.html' from origin 'http://sdad.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.html Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://sdad.online/ Message: Access to font at 'https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.ttf' from origin 'http://sdad.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.ttf Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: http://sdad.online/ Message: Access to font at 'https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.ttf' from origin 'http://sdad.online' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.ttf Message: Failed to load resource: net::ERR_FAILED

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mhtml.blink
sdad.online
www.sadad.com
mhtml.blink
www.sadad.com
2606:4700:10::6816:1588
89.252.138.99
0d6ce179d4e8559fcfda95f2a3c54910926be6b71c7338a768aee5b4a62b3a72
152b33cb3f2a8fd0dadbcf16c5ffc8189adefac666a334eef48e8414ea1f84bd
3aa33de22731a1840c76528f7791115ef296bd6fe2ac9c4bc8562def08363d69
4004293f081201ead3df6f86daa9d3974bde048ae8187cda602dffb256324124
5ebd9fdde20679e9639aa035038fa007f990cdeb54bdecaccb9f94816d399c8b
70791816df959b5d95a23c1b21c23d14d1e4ec01764d31f41b354edec0bd6b85
7234436a16815743645bf4ef4fafdce42027b982cf54e20518a16f01ff487207
7ff9cf120fd5fd4257826f9f8b87a39318cb3bc4c2d7254fe6c9c21d2df25600
9c8e9aadc1add3c5ed03bf930079ca0bab2689e47933aacbd6ec51d1bb5712e3
a3b99a741b0cfdd528816822497368578c2bdbefa8a689797391a1d08d45acb8
b343ff74c02205d8b4324cde81d74324da5ba7b06eca9a137ceb6c3c8d7b7e9f
ba566ddf8cff1d7975c2b637b42275006c1156a686ff6a29f4cf94f3668faf38
dc6ffe00ea357a0f8ce9d0104243cd52ed4a09e4c4594d27dbe5b44c3af92c4d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecf32ffc408a5d3183df0e49925328f471519083992e83ef8f4e101e38f3d0ff

sdad.online Open in urlscan Pro 89.252.138.99 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

23 Requests

65 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

116 kBTransfer

409 kBSize

0 Cookies

28 Outgoing links

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

0 Cookies

12 Console Messages

Indicators

sdad.online Open in urlscan Pro
89.252.138.99 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

65 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

116 kB
Transfer

409 kB
Size

0
Cookies

23 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!