zabeb.com
Open in
urlscan Pro
110.4.45.158
Malicious Activity!
Public Scan
Effective URL: https://zabeb.com/1/
Submission: On April 24 via manual from ES
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 27th 2020. Valid for: 3 months.
This is the only time zabeb.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BBVA (Financial)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 212.48.118.94 212.48.118.94 | 8893 (ARTFILES-...) (ARTFILES-AS Zirkusweg 1) | |
1 6 | 110.4.45.158 110.4.45.158 | 46015 (EXABYTES-...) (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd.) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 2a00:1450:400... 2a00:1450:4001:806::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::2003 | 15169 (GOOGLE) (GOOGLE) | |
10 | 5 |
ASN8893 (ARTFILES-AS Zirkusweg 1, DE)
PTR: ns1.neoserver.net
ak-t.si |
ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY)
PTR: stormbreaker.mschosting.com
zabeb.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
zabeb.com
1 redirects
zabeb.com |
32 KB |
2 |
fontawesome.com
use.fontawesome.com |
49 KB |
2 |
ak-t.si
2 redirects
ak-t.si |
527 B |
1 |
gstatic.com
fonts.gstatic.com |
13 KB |
1 |
googleapis.com
fonts.googleapis.com |
531 B |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
20 KB |
10 | 6 |
Domain | Requested by | |
---|---|---|
6 | zabeb.com |
1 redirects
zabeb.com
|
2 | use.fontawesome.com |
zabeb.com
|
2 | ak-t.si | 2 redirects |
1 | fonts.gstatic.com |
zabeb.com
|
1 | fonts.googleapis.com |
zabeb.com
|
1 | maxcdn.bootstrapcdn.com |
zabeb.com
|
10 | 6 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
zabeb.com cPanel, Inc. Certification Authority |
2020-02-27 - 2020-05-27 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2019-09-14 - 2020-10-13 |
a year | crt.sh |
*.fontawesome.com DigiCert SHA2 Secure Server CA |
2019-10-28 - 2020-12-23 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
*.gstatic.com GTS CA 1O1 |
2020-04-07 - 2020-06-30 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://zabeb.com/1/
Frame ID: 8B949EB63F299A90C02577FB284970E5
Requests: 9 HTTP requests in this frame
Frame:
https://zabeb.com/1/x.php
Frame ID: F8250502B1498CC0DCF5F51CFA906A08
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://ak-t.si/1
HTTP 301
https://ak-t.si/1/ HTTP 302
https://zabeb.com/1 HTTP 301
https://zabeb.com/1/ Page URL
Detected technologies
Bootstrap (Web Frameworks) ExpandDetected patterns
- html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Font Awesome (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://ak-t.si/1
HTTP 301
https://ak-t.si/1/ HTTP 302
https://zabeb.com/1 HTTP 301
https://zabeb.com/1/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
zabeb.com/1/ Redirect Chain
|
5 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
component.css
zabeb.com/1/css/ |
5 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ |
141 KB 20 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.css
use.fontawesome.com/releases/v5.0.7/css/ |
35 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
BBVA-Bancomer_Featured_Image.png
zabeb.com/1/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cvv.jpg
zabeb.com/1/ |
17 KB 17 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
x.php
zabeb.com/1/ Frame F825 |
0 26 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
1 KB 531 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e6fwniDtzM.woff
fonts.gstatic.com/s/muli/v20/ |
13 KB 13 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.7/webfonts/ |
39 KB 40 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BBVA (Financial)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ak-t.si
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
use.fontawesome.com
zabeb.com
110.4.45.158
2001:4de0:ac19::1:b:1a
212.48.118.94
23.111.9.35
2a00:1450:4001:806::200a
2a00:1450:4001:81a::2003
0e6a66b96853deb8b1389df3c9b382c83cc433ebe581983c9714be835e77dc8f
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
302f0fbc9d7907bf57c61dfb1a6cce18b65b7ef936e71d9177f278793e4b7872
57145cf093de2984bbc3201dc077145b05574c05f225aa1eb1a4f5bc1a0f3e72
79feac7c3077ed7ed9c7415b46c79fb220beedd325c6ee133be15cc0e1f84848
7a72f7f3fb7fbd274ce3242eee78da41bc58251ddd444c1589d21853f0093bd7
c0e6bad7ebdfec0ce999ac0f7483f3d54169824867e61d163ca637b7ae295332
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ececd30b13956872441d17b03b9de4c032b5983f0932051e763a0a6d0250842b
eee7283bce47f63001396d58cace92f57058ea0c5ee546579e841609a359d52e