sebab.xyz Open in urlscan Pro
172.67.146.131 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://sebab.xyz/
Effective URL:
https://sebab.xyz/
Submission: On May 04 via api (May 4th 2024, 4:03:47 pm UTC) from TR — Scanned from DE

Summary HTTP 17 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 17 HTTP transactions. The main IP is 172.67.146.131, located in United States and belongs to CLOUDFLARENET, US. The main domain is sebab.xyz.
TLS certificate: Issued by GTS CA 1P5 on May 3rd 2024. Valid for: 3 months.

This is the only time sebab.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Ziraat Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
16	172.67.146.131 172.67.146.131	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a04:4e42::649 2a04:4e42::649	54113 (FASTLY) (FASTLY)
17	2

16 172.67.146.131 (United States)

ASN13335 (CLOUDFLARENET, US)

sebab.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::649 (United States)

ASN54113 (FASTLY, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	sebab.xyz sebab.xyz	424 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 776	31 KB
17	2

	Domain	Requested by
16	sebab.xyz	sebab.xyz code.jquery.com
1	code.jquery.com	sebab.xyz
17	2

This site contains no links.

Subject Issuer	Validity	Valid
sebab.xyz GTS CA 1P5	`2024-05-03` - `2024-08-01`	3 months	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-11` - `2024-07-14`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://sebab.xyz/
Frame ID: A1FA0E17D84E691EEB28D26B68079D90
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Hoş Geldiniz | Ziraat Bankası İnternet Bankacılığı

Page URL History Show full URLs

http://sebab.xyz/ HTTP 307
https://sebab.xyz/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

455 kB
Transfer

1451 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://sebab.xyz/ HTTP 307
https://sebab.xyz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H3	200	Primary Request / Show response sebab.xyz/ Redirect Chain http://sebab.xyz/ https://sebab.xyz/	200 KB 15 KB	102ms 61ms	Document text/html	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18 PleskLin Resource Hash `982f2838b8196e0ec08cf3a35812666755ab3db53e611fe9f676c397c9ba4cae` Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 87e9b8efd9088fd6-FRA content-encoding br content-type text/html; charset=UTF-8 date Sat, 04 May 2024 16:03:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NxZ4mVbWXPQw9QQ39nYpV5uoNln4MRHxTry2obYESINWqSwOOEKt%2FEjRdhHXiNQPIEgND%2Fa%2Bk0zlSd%2FH%2BljuHUWZ2xFWlRcVyI5m2Sd0ntqQHQHqz8t87iUDGfY%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding x-powered-by PHP/8.2.18 PleskLin Redirect headers Location https://sebab.xyz/ Non-Authoritative-Reason HttpsUpgrades
GET H3	200	plugins.min.css sebab.xyz/Content/assets/bundle/css/	341 KB 54 KB	23ms 23ms	Stylesheet text/css	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/bundle/css/plugins.min.css Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ee81740f6cc74f3e18b1a459058b371b76febbc1ae8b6365783f17a046212719` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT content-encoding br cf-cache-status HIT last-modified Fri, 29 Mar 2024 16:44:24 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3658 etag W/"6606efe8-555ae" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlAgfyxjvFnCmoX4LCOwrQu%2BcRMxYUGofZxVHgxO2lAS11d6Ig9U4aJdY3vs8OvjAvZWm6LTnUTPQXn4cf2lDMtn4e9z7R%2Fnce9RA5JRjwY2fqckev4WCN9NBJM%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 87e9b8f0599c8fd6-FRA alt-svc h3=":443"; ma=86400
GET H3	200	sub.min.css sebab.xyz/Content/assets/bundle/css/	541 KB 71 KB	32ms 32ms	Stylesheet text/css	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/bundle/css/sub.min.css Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `50b033e053c9707c86314ed31c05d31fd1768ede279d4b676de687d6b19ca122` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT content-encoding br cf-cache-status HIT last-modified Wed, 17 Apr 2024 21:16:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3658 etag W/"66203c42-8753c" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8snFD5Yc0cRiBBuFBnXPeszlpi8bfoWkfDbD63xKWQCxDqdNJs9ELUufEnCmK1ssjaZ5B3hlazdudlCvkE1Yq3snmr5T6lqhIHhpnyPXBuBMydNzv2hpE5%2BhhXQ%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 87e9b8f0599e8fd6-FRA alt-svc h3=":443"; ma=86400
GET H2	200	jquery-3.6.4.min.js Show response code.jquery.com/	88 KB 31 KB	30ms 6ms	Script application/javascript	2a04:4e42::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-3.6.4.min.js Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash `a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 20036423 x-cache HIT, HIT content-length 31011 x-served-by cache-lga21953-LGA, cache-fra-eddf8230074-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1714838623.795603,VS0,VE0 etag W/"28feccc0-15ec3" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 133, 111932
GET H3	200	phone.png sebab.xyz/Content/assets/img/	8 KB 9 KB	36ms 36ms	Image image/png	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sebab.xyz/Content/assets/img/phone.png Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3658 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 8378 last-modified Fri, 29 Mar 2024 16:46:44 GMT server cloudflare etag "6606f074-20ba" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lboeqpeg6XT2jOhaVT%2B2yEJFJ20jlASg0Po4wewM7ZgfRF2M4jWwxq9FwDvjMdI%2F1XN20lz3XGvNVXFwgvlEKZQN%2F3I%2FxxMp0o%2BPoooWHqaz537Xwso9kCDXpg4%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f059a38fd6-FRA
GET H3	200	phone.png sebab.xyz/Content/assets/img/login/	10 KB 10 KB	16ms 15ms	Image image/png	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sebab.xyz/Content/assets/img/login/phone.png Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3658 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 9783 last-modified Fri, 29 Mar 2024 16:46:26 GMT server cloudflare etag "6606f062-2637" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RXONw24otElJDhK1NsV9%2BYirwXPxphUmhqbo67C6%2FasYhDLGzrwKI6iy55LKyK0DW4%2FwS842XUvYkJQMQRAjedYfeZyCvumNwx5loBLZNwz9aWySGo0wWwD5zzM%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f059a48fd6-FRA
GET H3	200	comodo-logo.png sebab.xyz/Content/assets/img/	6 KB 7 KB	14ms 14ms	Image image/png	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sebab.xyz/Content/assets/img/comodo-logo.png Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3658 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 6295 last-modified Fri, 29 Mar 2024 16:46:34 GMT server cloudflare etag "6606f06a-1897" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zhrNBUiUAIZ7gowtpwwJWE2iM%2BrXwVjPVJsnCnOwLlIR2duC5NgbT9ash8qqaqubGI70SzoYLV0QFRSOkx8KNbtS0rwQGG7dqAFNDacNRVVjZwL6WZVh04C7Qxw%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f059a58fd6-FRA
GET H3	200	script.js Show response sebab.xyz/client-side/	4 KB 2 KB	36ms 36ms	Script application/javascript	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/client-side/script.js Requested by Host: sebab.xyz URL: https://sebab.xyz/ Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `dc8b58aa54037d6d5d1499384b704e3859a944b78f5a5e7adb38f8769fdc952b` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT content-encoding br cf-cache-status HIT last-modified Tue, 30 Apr 2024 17:31:22 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 3658 etag W/"66312aea-11d2" x-powered-by PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MWQRRVR0F0wOcgsW2wwNupyVj1vO2hDAyEUmfI6AshsEEUiVhgwkXDnNsKM97bH4XCNOWVNsbtDYRIePj9n6agTcA0XCmAdxrLeBVdLVDznjF1CUQeNili%2Fm7AQ%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 87e9b8f059a78fd6-FRA alt-svc h3=":443"; ma=86400
GET H3	200	login-bg.jpg sebab.xyz/Content/assets/img/	104 KB 105 KB	16ms 16ms	Image image/jpeg	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://sebab.xyz/Content/assets/img/login-bg.jpg?v=20181004 Requested by Host: sebab.xyz URL: https://sebab.xyz/Content/assets/bundle/css/sub.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/Content/assets/bundle/css/sub.min.css Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3707 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 106717 last-modified Fri, 29 Mar 2024 16:46:38 GMT server cloudflare etag "6606f06e-1a0dd" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5j3lJyeb6rXHGhGwCRvAherTbL2iqoMbI59Buvv2jNDYHWu2Pm7R5sOdSLN7mk0%2FYNISkwwAVTQCpbsQPu6B4xLOSuVeKBhkWntrK0JvY7%2FcYqkB5f7EjpNhrkk%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f0aa088fd6-FRA
GET H3	200	BB78E1BCF28E9E4CC.woff2 sebab.xyz/Content/assets/css/webfonts/new/	13 KB 14 KB	15ms 15ms	Font font/woff2	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/css/webfonts/new/BB78E1BCF28E9E4CC.woff2 Requested by Host: sebab.xyz URL: https://sebab.xyz/Content/assets/bundle/css/sub.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/Content/assets/bundle/css/sub.min.css Origin https://sebab.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3707 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 13468 last-modified Fri, 29 Mar 2024 16:45:40 GMT server cloudflare etag "6606f034-349c" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=85ODZN3jXgJCxCdya4rMiYq9PBnc1pLySkH28tuHZK0gWb1vXxn1hvHAT3tc0qH%2FS3vSxggNGfL%2BAef9oEEQniqeR5RpVNF5Tbxzjs8aclNxHaAO836WTTIDKX0%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f0ca2e8fd6-FRA
GET H3	200	icomoon.woff2 sebab.xyz/Content/assets/css/fonts/	98 KB 98 KB	17ms 16ms	Font font/woff2	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/css/fonts/icomoon.woff2 Requested by Host: sebab.xyz URL: https://sebab.xyz/Content/assets/bundle/css/sub.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `4eb0a95d46a2a21d2a033af489807a56e8669c172839474ed2ab8865ee40994f` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/Content/assets/bundle/css/sub.min.css Origin https://sebab.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3707 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 100000 last-modified Fri, 29 Mar 2024 16:45:04 GMT server cloudflare etag "6606f010-186a0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWETo17hlFKAA2C5BMPbSjgyT9Bi1U3baoc0jJ%2FEYUCJtwiqnILqG%2BE8OkmPu9bYA0d25NIXXDdSnRBCwZldu8NG3asueb%2FEiN25HoCYjiy9kxQ%2FHXeogfOJYh0%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f0ca328fd6-FRA
GET H3	200	D40DF048D299CA4DD.woff2 sebab.xyz/Content/assets/css/webfonts/new/	13 KB 14 KB	18ms 18ms	Font font/woff2	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/css/webfonts/new/D40DF048D299CA4DD.woff2 Requested by Host: sebab.xyz URL: https://sebab.xyz/Content/assets/bundle/css/sub.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/Content/assets/bundle/css/sub.min.css Origin https://sebab.xyz Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3707 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 13476 last-modified Fri, 29 Mar 2024 16:45:44 GMT server cloudflare etag "6606f038-34a4" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d5BINIJhR8%2FUf6%2F3N325wIQhwgHGVCyzx8w2WCtutm25oXPCIe9KRUpM7%2BJxYDcowN%2FzybCN1qQIHnZikLFyagIyy0j74mDCUOMqorpEg2aL2gTwki5EQOfJU7M%3D"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f0ca348fd6-FRA
POST H3	500	process.php Show response sebab.xyz/	0 521 B	32ms 32ms	XHR text/html	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Referer https://sebab.xyz/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers pragma no-cache date Sat, 04 May 2024 16:03:42 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.2.18 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WtTVMeRXyn5kBZuQSaIEk%2BBGIHzyshDyu4hO0MMLLzcsHjbmq0zQEUz5p%2FI%2F1uzrLmtvCP39QHlXP2J5%2Ba7fX7E8EwDUC%2BuUHmEaDsGVhaeHQMx%2BtR9yLF0oFt0%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 87e9b8f0da378fd6-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
GET H3	200	touch_icon.png sebab.xyz/Content/assets/img/	24 KB 25 KB	14ms 13ms	Other image/png	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/Content/assets/img/touch_icon.png Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PleskLin Resource Hash `3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Referer https://sebab.xyz/ Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Sat, 04 May 2024 16:03:42 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 3724 x-powered-by PleskLin alt-svc h3=":443"; ma=86400 content-length 24678 last-modified Mon, 01 Apr 2024 12:19:16 GMT server cloudflare etag "660aa644-6066" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XoKDFutBULu1TNi2KANUyiPkxADBAUECS%2BFNXOCf%2F%2BomFlOSRtl753w62R%2B1gpzKRPOk9fBre%2F1RkEy5jiTspPErS1KKpjbzTSfBws2MKG94sv9NE5%2BaG9rLwao%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 accept-ranges bytes cf-ray 87e9b8f10a618fd6-FRA
POST H3	200	process.php Show response sebab.xyz/	0 504 B	66ms 66ms	XHR text/html	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18, PleskLin Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Referer https://sebab.xyz/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers pragma no-cache date Sat, 04 May 2024 16:03:45 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.2.18, PleskLin report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hxoevoH7%2FiUT%2FYWYzCXicP%2BminKZpCs1rMgPmQmpXkDT2qrDRHMquOBdokwcLUhdvbgeVy%2B3cNs2bKta%2B6UsV6RPXPYhCt2vaYnUn1J4I5EDHu4%2BK9q4TtwS5tg%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 87e9b90398ba8fd6-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H3	500	process.php Show response sebab.xyz/	0 482 B	31ms 31ms	XHR text/html	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/process.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18 Resource Hash `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded; charset=UTF-8 Accept / Referer https://sebab.xyz/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers pragma no-cache date Sat, 04 May 2024 16:03:45 GMT cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.2.18 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WNv4JKI%2ByIuAgJ0GAUH7SdGXUZxRV2iZ63oP4GT0uBi7zYpHdFhIYOzuLmmyydqMNdncix%2FIygHfpijL5qG9VOlUiRASpHDNCdIz9t88MnXtH1S%2BFa1pE7%2FY3D0%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 87e9b90398bd8fd6-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT
POST H3	200	status.php Show response sebab.xyz/	7 B 530 B	28ms 28ms	XHR text/html	172.67.146.131 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://sebab.xyz/status.php Requested by Host: code.jquery.com URL: https://code.jquery.com/jquery-3.6.4.min.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.146.131 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / PHP/8.2.18, PleskLin Resource Hash `8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae` Request headers sec-ch-ua "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Accept / Referer https://sebab.xyz/ X-Requested-With XMLHttpRequest sec-ch-ua-platform "Win32" Response headers pragma no-cache date Sat, 04 May 2024 16:03:45 GMT content-encoding br cf-cache-status DYNAMIC nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare x-powered-by PHP/8.2.18, PleskLin vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=chqKJzetY%2Fx8ozOgdBlFDBlBaoEqnm5XMbcRCbauXm0YIru%2BkcyzsJnF0fALmsiEGrJGXqz5ynlfev%2BMlfwF2mWmZZjGH7Iyd7DX2BveTFBVmEUGu%2B4%2BSsVBQO8%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=UTF-8 cache-control no-store, no-cache, must-revalidate cf-ray 87e9b903f91a8fd6-FRA alt-svc h3=":443"; ma=86400 expires Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Ziraat Bank (Banking)

25 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			sebab.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: hlce4hrcniej2nj8g40boidadf

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://sebab.xyz/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://sebab.xyz/(Line 2) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://code.jquery.com/jquery-3.6.4.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
network	error	URL: https://sebab.xyz/process.php Message: Failed to load resource: the server responded with a status of 500 ()
network	error	URL: https://sebab.xyz/process.php Message: Failed to load resource: the server responded with a status of 500 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

code.jquery.com
sebab.xyz
172.67.146.131
2a04:4e42::649
2f9071e4de731c949bee363cc182a5b88e61caa7cffbfd3ccf7321ca11327544
3f57f2ca6d11bb33c055ec016ce0b3c7816097de2bdbdca444b11f0ba90bf166
4eb0a95d46a2a21d2a033af489807a56e8669c172839474ed2ab8865ee40994f
50b033e053c9707c86314ed31c05d31fd1768ede279d4b676de687d6b19ca122
75e159dc563cef2d81dfc676edd0562791341ffc58e8fb9d377011d4fe0977ae
7bd1ce5e91f7fa685fe3ec37c7f79c27a49f3ae067afce596fa46bb5b2d90d89
87066901222869bbc18ab6d6620daa3aeac78dad94f88233f14ff68bae4cb472
8e2c7ac508139a02af859de64a4743c1f3946837279332c35ec8f5ddf20654ae
982f2838b8196e0ec08cf3a35812666755ab3db53e611fe9f676c397c9ba4cae
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
b055c452bbb3790a25caef40ba7e75a53f148ad46260c00719b5bd7b6ee90d82
dc8b58aa54037d6d5d1499384b704e3859a944b78f5a5e7adb38f8769fdc952b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ecd0bd452254e541bd3e0f90384daf729c71bac57dcd6506ce531b82e91a6077
ee81740f6cc74f3e18b1a459058b371b76febbc1ae8b6365783f17a046212719

sebab.xyz Open in urlscan Pro 172.67.146.131 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

17 Requests

100 %HTTPS

50 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

455 kBTransfer

1451 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

17 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

25 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

sebab.xyz Open in urlscan Pro
172.67.146.131 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

17
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

455 kB
Transfer

1451 kB
Size

1
Cookies

17 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!