audit.al-arabia.com Open in urlscan Pro
40.123.210.132  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response audit.al-arabia.com/wp-includes/certificates/net/id/	2 KB 2 KB	399ms 142ms	Document text/html	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash e515a15ea2d64efc58b35fe0f550a1087879744032874cd60bbd5d7f397eed2e Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate pragma no-cache content-type text/html; charset=UTF-8 expires Thu, 19 Nov 1981 08:52:00 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT content-length 1907
GET H2	200	style2.css audit.al-arabia.com/wp-includes/certificates/net/id/sr/	5 KB 5 KB	123ms 122ms	Stylesheet text/css	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/style2.css Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 99fdfdd823eaf44fa2db75b21e75211d3985b05f55f60187031665d9367581e2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "391abd4deee9d71:0" content-type text/css accept-ranges bytes content-length 5410
GET H2	200	jquery-3.3.1.min2.js Show response audit.al-arabia.com/wp-includes/certificates/net/id/sr/	85 KB 85 KB	242ms 241ms	Script application/javascript	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/jquery-3.3.1.min2.js Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "3c20994deee9d71:0" content-type application/javascript accept-ranges bytes content-length 86927
GET H2	200	nemid-common.js Show response audit.al-arabia.com/wp-includes/certificates/net/id/sr/	2 KB 2 KB	366ms 365ms	Script application/javascript	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/nemid-common.js Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash f0301af56cde34f27c0753694764456759a119d2fbfc8a8216e7e232b75e756c Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "a6a9a24deee9d71:0" content-type application/javascript accept-ranges bytes content-length 2115
GET H2	200	Nets_logo.svg audit.al-arabia.com/wp-includes/certificates/net/id/sr/	5 KB 5 KB	166ms 166ms	Image image/svg+xml	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/Nets_logo.svg Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 88553c13740cace8eadae97046ee0d96e0c55d876d38e25de48835fa33117eb8 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "ffba54deee9d71:0" content-type image/svg+xml accept-ranges bytes content-length 4728
GET H2	200	gb.svg audit.al-arabia.com/wp-includes/certificates/net/id/sr/	956 B 1013 B	165ms 165ms	Image image/svg+xml	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/gb.svg Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash d85f0f149b4390bed6624bc30ca2cbfa37d394f14474fcf81d63363ad363e284 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "c6bd964deee9d71:0" content-type image/svg+xml accept-ranges bytes content-length 956
GET H2	200	1.svg audit.al-arabia.com/wp-includes/certificates/net/id/sr/	2 KB 2 KB	160ms 160ms	Image image/svg+xml	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/1.svg Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 4eb7dc739a56765e696e89099f427a8f6da8da7a71a138a4cc92cdee397535e2 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "1f54884deee9d71:0" content-type image/svg+xml accept-ranges bytes content-length 1971
GET H2	200	id.html Show response audit.al-arabia.com/wp-includes/certificates/net/id/sr/ Frame F54A	177 KB 177 KB	159ms 159ms	Document text/html	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash f8f5515edbfa84813fe147fcf522061ed785fc19224a0d9d6eb4bbbd22a82a45 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/index.php Response headers content-type text/html last-modified Sun, 05 Dec 2021 15:39:34 GMT accept-ranges bytes etag "c6bd964deee9d71:0" server Microsoft-IIS/10.0 x-powered-by ASP.NET x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT content-length 181444
GET		webrtc-patch.js fdcgdnkidjaadafnichfpabhfomcebme/scripts/ Frame F54A	0 0
GET H2	200	js15_as.js Show response audit.al-arabia.com/wp-includes/certificates/net/id/sr/ Frame F54A	11 KB 11 KB	142ms 140ms	Script application/javascript	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/js15_as.js Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT last-modified Sun, 05 Dec 2021 15:39:34 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET etag "4047a04deee9d71:0" content-type application/javascript accept-ranges bytes content-length 11440
GET H2	404	0.php audit.al-arabia.com/wp-includes/certificates/net/id/sr/ Frame F54A	0 0	129ms 129ms	Script text/html	40.123.210.132 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/0.php Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 40.123.210.132 Dubai, United Arab Emirates, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software Microsoft-IIS/10.0 / ASP.NET Resource Hash Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers x-powered-by-plesk PleskWin date Mon, 06 Dec 2021 11:04:54 GMT server Microsoft-IIS/10.0 x-powered-by ASP.NET content-length 12579 content-type text/html
GET H2	200	js15_as.js Show response s10.histats.com/ Frame F54A	11 KB 4 KB	29ms 9ms	Script text/javascript	46.105.201.240 OVH
General Check archive.org Show headers Download Go to Full URL https://s10.histats.com/js15_as.js Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/id.html Protocol H2 Security TLS 1.3, , AES_256_GCM Server 46.105.201.240 , France, ASN16276 (OVH, FR), Reverse DNS Software / Resource Hash 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 11:01:33 GMT content-encoding br last-modified Thu, 16 Apr 2020 10:44:16 GMT x-cdn-pop-ip 137.74.120.0/27 etag "-375139978" x-cacheable Matched cache content-type text/javascript x-cdn-pop sbg accept-ranges bytes content-length 4364 x-request-id 126387401
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/ Frame F54A	50 B 184 B	295ms 97ms	Script text/html	192.99.8.34 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4203309&@f16&@g1&@h1&@i1&@j1638788695376&@k0&@l1&@mNemID&@n0&@ohttps%3A%2F%2Faudit.al-arabia.com%2Fwp-includes%2Fcertificates%2Fnet%2Fid%2Findex.php&@q0&@r0&@s0&@ten-US&@u1600&@b1:-56546062&@b3:1638788695&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Faudit.al-arabia.com%2Fwp-includes%2Fcertificates%2Fnet%2Fid%2Fsr%2Fid.html&@w Requested by Host: s10.histats.com URL: https://s10.histats.com/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.99.8.34 , Canada, ASN16276 (OVH, FR), Reverse DNS ns501383.ip-192-99-8.net Software / Resource Hash 287651edf08b0ab499e4895ab4cf46ce42be6710357fb90b9b8e9f650187c741 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 11:04:55 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8
GET H/1.1	200 OK	0.php Show response s4.histats.com/stats/ Frame F54A	50 B 184 B	297ms 98ms	Script text/html	192.99.8.34 OVH
General Check archive.org Show headers Download Go to Full URL https://s4.histats.com/stats/0.php?4203309&@f16&@g0&@h2&@i1&@j1638788695479&@k103&@l2&@mNemID&@n0&@ohttps%3A%2F%2Faudit.al-arabia.com%2Fwp-includes%2Fcertificates%2Fnet%2Fid%2Findex.php&@q0&@r0&@s0&@ten-US&@u1600&@b1:-69547953&@b3:1638788695&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Faudit.al-arabia.com%2Fwp-includes%2Fcertificates%2Fnet%2Fid%2Fsr%2Fid.html&@w Requested by Host: audit.al-arabia.com URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/js15_as.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 192.99.8.34 , Canada, ASN16276 (OVH, FR), Reverse DNS ns501383.ip-192-99-8.net Software / Resource Hash 287651edf08b0ab499e4895ab4cf46ce42be6710357fb90b9b8e9f650187c741 Request headers Accept-Language de-DE,de;q=0.9 Referer https://audit.al-arabia.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers Date Mon, 06 Dec 2021 11:04:55 GMT Connection close Content-Length 50 Content-Type text/html;charset=UTF-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

fdcgdnkidjaadafnichfpabhfomcebme

URL

chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Nexi (Banking) Visa (Financial)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| $ function| jQuery

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			audit.al-arabia.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: no5gm8cd42bs8gvpkdpmceb0ak
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstCfa4203309 Value: 1638788695376
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstCmu4203309 Value: 1638788695376
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstCnv4203309 Value: 1
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstCns4203309 Value: 1
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstCla4203309 Value: 1638788695479
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstPn4203309 Value: 2
			audit.al-arabia.com/	1970-01-20 07:58:44	Name: HstPt4203309 Value: 2

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: chrome-extension://fdcgdnkidjaadafnichfpabhfomcebme/scripts/webrtc-patch.js Message: Failed to load resource: net::ERR_UNKNOWN_URL_SCHEME
network	error	URL: https://audit.al-arabia.com/wp-includes/certificates/net/id/sr/0.php Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

audit.al-arabia.com
fdcgdnkidjaadafnichfpabhfomcebme
s10.histats.com
s4.histats.com
fdcgdnkidjaadafnichfpabhfomcebme
192.99.8.34
40.123.210.132
46.105.201.240
287651edf08b0ab499e4895ab4cf46ce42be6710357fb90b9b8e9f650187c741
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede
4eb7dc739a56765e696e89099f427a8f6da8da7a71a138a4cc92cdee397535e2
88553c13740cace8eadae97046ee0d96e0c55d876d38e25de48835fa33117eb8
99fdfdd823eaf44fa2db75b21e75211d3985b05f55f60187031665d9367581e2
d30b6114fb9496ae46b2a8cdf59379c8ffdb957534bd1dd73e626c7c61c7e67d
d85f0f149b4390bed6624bc30ca2cbfa37d394f14474fcf81d63363ad363e284
e515a15ea2d64efc58b35fe0f550a1087879744032874cd60bbd5d7f397eed2e
f0301af56cde34f27c0753694764456759a119d2fbfc8a8216e7e232b75e756c
f8f5515edbfa84813fe147fcf522061ed785fc19224a0d9d6eb4bbbd22a82a45