![](/screenshots/70ee8c36-aff8-4355-9256-d20985d41b80.png)
mail.sdad.online
Open in
urlscan Pro
89.252.138.99
Malicious Activity!
Public Scan
Submission: On October 14 via manual from SA — Scanned from DE
Summary
This is the only time mail.sdad.online was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: SADAD (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 | 89.252.138.99 89.252.138.99 | 42846 (GUZELHOST...) (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S.) | |
15 | 2606:4700:10:... 2606:4700:10::6816:1588 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 3 |
ASN42846 (GUZELHOSTING GNET INTERNET TELEKOMUNIKASYON A.S., TR)
PTR: 99lx3w9z.guzel.net.tr
mail.sdad.online |
Apex Domain Subdomains |
Transfer | |
---|---|---|
15 |
sadad.com
www.sadad.com |
81 KB |
2 |
sdad.online
mail.sdad.online |
36 KB |
0 |
Failed
function sub() { [native code] }. Failed |
|
23 | 3 |
Domain | Requested by | |
---|---|---|
15 | www.sadad.com |
mail.sdad.online
www.sadad.com |
2 | mail.sdad.online |
mail.sdad.online
|
0 | mhtml.blink Failed |
mail.sdad.online
|
23 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.sadad.com |
twitter.com |
www.youtube.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-04 - 2023-06-03 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://mail.sdad.online/
Frame ID: B95A31C8A6A64978C69EDA79E03128CD
Requests: 23 HTTP requests in this frame
28 Outgoing links
These are links going to different origins than the main page.
Title: Home
Search URL Search Domain Scan URL
Title: الرئيسية
Search URL Search Domain Scan URL
Title: شخصي
Search URL Search Domain Scan URL
Title: تسجيل الدخول
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: عن سداد
Search URL Search Domain Scan URL
Title: الرؤية والمهمة والأهداف
Search URL Search Domain Scan URL
Title: قيمنا
Search URL Search Domain Scan URL
Title: شهادات وجوائز
Search URL Search Domain Scan URL
Title: النشرة الإلكترونية
Search URL Search Domain Scan URL
Title: كنّا هناك
Search URL Search Domain Scan URL
Title: شخصي
Search URL Search Domain Scan URL
Title: طرق الدفع
Search URL Search Domain Scan URL
Title: المفوترون
Search URL Search Domain Scan URL
Title: فواتير سداد
Search URL Search Domain Scan URL
Title: انضم الآن
Search URL Search Domain Scan URL
Title: البنوك
Search URL Search Domain Scan URL
Title: طرق الدفع
Search URL Search Domain Scan URL
Title: أسئلة متكررة
Search URL Search Domain Scan URL
Title: توجيهات استخدام شعار سداد
Search URL Search Domain Scan URL
Title: فواتير سداد
Search URL Search Domain Scan URL
Title: تنويه
Search URL Search Domain Scan URL
Title: سياسة الخصوصية
Search URL Search Domain Scan URL
Title: شروط الاستخدام
Search URL Search Domain Scan URL
Title: اتصل بنا
Search URL Search Domain Scan URL
Title: خريطة الموقع
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
mail.sdad.online/ |
28 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
css-584e223b-968d-46a1-935d-ee1b98d44217@mhtml.blink
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
css-f4320574-9ea0-4a7c-8534-9247bc69dbd6@mhtml.blink
/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
controls.css
www.sadad.com/Style%20Library/ar-SA/Themable/Core%20Styles/ |
48 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
page-layouts-21.css
www.sadad.com/Style%20Library/ar-SA/Core%20Styles/ |
2 KB 906 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
corev48630.css
www.sadad.com/_layouts/1025/styles/Themable/ |
137 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/ |
119 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ie10-viewport-bug-workaround.css
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.smartmenus.bootstrap.css
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/multilevel-menu/css/ |
3 KB 695 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
navbar.css
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/bootstrap-3.4.1/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fgimg.png
www.sadad.com/_layouts/images/ |
20 KB 20 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
arabic_icon_disabled.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/ |
372 B 449 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
english_icon.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/ |
560 B 650 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sadad_logo_ar.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
twitter_icon_disabled.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/ |
494 B 571 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
youtube_icon_disabled.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/social/ |
706 B 783 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
title_corner_bg_ar.png
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/img/ |
378 B 455 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_btn.png
mail.sdad.online/_layouts/inc/SADAD.Internet.Portal/img/ |
28 KB 28 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTArabic-65Bold.html
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTArabic-55Roman.html
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTArabic-55Roman.ttf
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET |
FrutigerLTArabic-65Bold.ttf
www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- mhtml.blink
- URL
- cid:css-584e223b-968d-46a1-935d-ee1b98d44217@mhtml.blink
- Domain
- mhtml.blink
- URL
- cid:css-f4320574-9ea0-4a7c-8534-9247bc69dbd6@mhtml.blink
- Domain
- www.sadad.com
- URL
- https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.html
- Domain
- www.sadad.com
- URL
- https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.html
- Domain
- www.sadad.com
- URL
- https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-55Roman.ttf
- Domain
- www.sadad.com
- URL
- https://www.sadad.com/_layouts/inc/SADAD.Internet.Portal/Arabic/css/fonts/FrutigerLTArabic-65Bold.ttf
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: SADAD (Financial)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
12 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mail.sdad.online
mhtml.blink
www.sadad.com
mhtml.blink
www.sadad.com
2606:4700:10::6816:1588
89.252.138.99
0d6ce179d4e8559fcfda95f2a3c54910926be6b71c7338a768aee5b4a62b3a72
152b33cb3f2a8fd0dadbcf16c5ffc8189adefac666a334eef48e8414ea1f84bd
3aa33de22731a1840c76528f7791115ef296bd6fe2ac9c4bc8562def08363d69
4004293f081201ead3df6f86daa9d3974bde048ae8187cda602dffb256324124
5ebd9fdde20679e9639aa035038fa007f990cdeb54bdecaccb9f94816d399c8b
70791816df959b5d95a23c1b21c23d14d1e4ec01764d31f41b354edec0bd6b85
7234436a16815743645bf4ef4fafdce42027b982cf54e20518a16f01ff487207
7ff9cf120fd5fd4257826f9f8b87a39318cb3bc4c2d7254fe6c9c21d2df25600
9c8e9aadc1add3c5ed03bf930079ca0bab2689e47933aacbd6ec51d1bb5712e3
a3b99a741b0cfdd528816822497368578c2bdbefa8a689797391a1d08d45acb8
b343ff74c02205d8b4324cde81d74324da5ba7b06eca9a137ceb6c3c8d7b7e9f
ba566ddf8cff1d7975c2b637b42275006c1156a686ff6a29f4cf94f3668faf38
dc6ffe00ea357a0f8ce9d0104243cd52ed4a09e4c4594d27dbe5b44c3af92c4d
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecf32ffc408a5d3183df0e49925328f471519083992e83ef8f4e101e38f3d0ff