Submitted URL: https://ak-t.si/1
Effective URL: https://zabeb.com/1/
Submission: On April 24 via manual from ES

Summary

This website contacted 5 IPs in 4 countries across 6 domains to perform 10 HTTP transactions. The main IP is 110.4.45.158, located in Malaysia and belongs to EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY. The main domain is zabeb.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on February 27th 2020. Valid for: 3 months.
This is the only time zabeb.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BBVA (Financial)

Domain & IP information

IP Address AS Autonomous System
2 2 212.48.118.94 8893 (ARTFILES-...)
1 6 110.4.45.158 46015 (EXABYTES-...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
2 23.111.9.35 33438 (HIGHWINDS2)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
10 5
Domain Requested by
6 zabeb.com 1 redirects zabeb.com
2 use.fontawesome.com zabeb.com
2 ak-t.si 2 redirects
1 fonts.gstatic.com zabeb.com
1 fonts.googleapis.com zabeb.com
1 maxcdn.bootstrapcdn.com zabeb.com
10 6

This site contains no links.

Subject Issuer Validity Valid
zabeb.com
cPanel, Inc. Certification Authority
2020-02-27 -
2020-05-27
3 months crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2019-09-14 -
2020-10-13
a year crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA
2019-10-28 -
2020-12-23
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
*.gstatic.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh

This page contains 2 frames:

Primary Page: https://zabeb.com/1/
Frame ID: 8B949EB63F299A90C02577FB284970E5
Requests: 9 HTTP requests in this frame

Frame: https://zabeb.com/1/x.php
Frame ID: F8250502B1498CC0DCF5F51CFA906A08
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://ak-t.si/1 HTTP 301
    https://ak-t.si/1/ HTTP 302
    https://zabeb.com/1 HTTP 301
    https://zabeb.com/1/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

6
Domains

6
Subdomains

5
IPs

4
Countries

115 kB
Transfer

261 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ak-t.si/1 HTTP 301
    https://ak-t.si/1/ HTTP 302
    https://zabeb.com/1 HTTP 301
    https://zabeb.com/1/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
zabeb.com/1/
Redirect Chain
  • https://ak-t.si/1
  • https://ak-t.si/1/
  • https://zabeb.com/1
  • https://zabeb.com/1/
5 KB
5 KB
Document
General
Full URL
https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.4.45.158 , Malaysia, ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY),
Reverse DNS
stormbreaker.mschosting.com
Software
Apache /
Resource Hash
79feac7c3077ed7ed9c7415b46c79fb220beedd325c6ee133be15cc0e1f84848

Request headers

:method
GET
:authority
zabeb.com
:scheme
https
:path
/1/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 24 Apr 2020 17:49:05 GMT
server
Apache
content-length
5140
content-type
text/html; charset=UTF-8

Redirect headers

status
301
date
Fri, 24 Apr 2020 17:49:05 GMT
server
Apache
location
https://zabeb.com/1/
content-length
228
content-type
text/html; charset=iso-8859-1
component.css
zabeb.com/1/css/
5 KB
5 KB
Stylesheet
General
Full URL
https://zabeb.com/1/css/component.css
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.4.45.158 , Malaysia, ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY),
Reverse DNS
stormbreaker.mschosting.com
Software
Apache /
Resource Hash
7a72f7f3fb7fbd274ce3242eee78da41bc58251ddd444c1589d21853f0093bd7

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 24 Apr 2020 17:49:06 GMT
last-modified
Thu, 31 May 2018 08:18:06 GMT
server
Apache
accept-ranges
bytes
content-length
5094
content-type
text/css
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/
141 KB
20 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:1a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 24 Apr 2020 17:49:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 12 Dec 2018 18:34:10 GMT
status
200
etag
"1544639650"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
20563
all.css
use.fontawesome.com/releases/v5.0.7/css/
35 KB
9 KB
Stylesheet
General
Full URL
https://use.fontawesome.com/releases/v5.0.7/css/all.css
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
eee7283bce47f63001396d58cace92f57058ea0c5ee546579e841609a359d52e

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 24 Apr 2020 17:49:06 GMT
content-encoding
gzip
last-modified
Mon, 26 Feb 2018 20:53:41 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"16f4f6797931e43125885e1741f125a7"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
BBVA-Bancomer_Featured_Image.png
zabeb.com/1/
5 KB
5 KB
Image
General
Full URL
https://zabeb.com/1/BBVA-Bancomer_Featured_Image.png
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.4.45.158 , Malaysia, ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY),
Reverse DNS
stormbreaker.mschosting.com
Software
Apache /
Resource Hash
0e6a66b96853deb8b1389df3c9b382c83cc433ebe581983c9714be835e77dc8f

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 24 Apr 2020 17:49:06 GMT
last-modified
Tue, 31 Jul 2018 13:24:38 GMT
server
Apache
accept-ranges
bytes
content-length
4759
content-type
image/png
cvv.jpg
zabeb.com/1/
17 KB
17 KB
Image
General
Full URL
https://zabeb.com/1/cvv.jpg
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.4.45.158 , Malaysia, ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY),
Reverse DNS
stormbreaker.mschosting.com
Software
Apache /
Resource Hash
c0e6bad7ebdfec0ce999ac0f7483f3d54169824867e61d163ca637b7ae295332

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 24 Apr 2020 17:49:06 GMT
last-modified
Sun, 07 Oct 2018 13:28:42 GMT
server
Apache
accept-ranges
bytes
content-length
17206
content-type
image/jpeg
x.php
zabeb.com/1/ Frame F825
0
26 B
Document
General
Full URL
https://zabeb.com/1/x.php
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
110.4.45.158 , Malaysia, ASN46015 (EXABYTES-AS-AP Exa Bytes Network Sdn.Bhd., MY),
Reverse DNS
stormbreaker.mschosting.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

:method
GET
:authority
zabeb.com
:scheme
https
:path
/1/x.php
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://zabeb.com/1/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://zabeb.com/1/

Response headers

status
200
date
Fri, 24 Apr 2020 17:49:06 GMT
server
Apache
content-length
0
content-type
text/html; charset=UTF-8
css
fonts.googleapis.com/
1 KB
531 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Muli
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
57145cf093de2984bbc3201dc077145b05574c05f225aa1eb1a4f5bc1a0f3e72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://zabeb.com/1/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
x-xss-protection
0
last-modified
Fri, 24 Apr 2020 17:49:06 GMT
server
ESF
date
Fri, 24 Apr 2020 17:49:06 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 24 Apr 2020 17:49:06 GMT
7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e6fwniDtzM.woff
fonts.gstatic.com/s/muli/v20/
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/muli/v20/7Aulp_0qiz-aVz7u3PJLcUMYOFnOkEk30e6fwniDtzM.woff
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
302f0fbc9d7907bf57c61dfb1a6cce18b65b7ef936e71d9177f278793e4b7872
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Muli
Origin
https://zabeb.com

Response headers

date
Sat, 28 Mar 2020 08:52:52 GMT
x-content-type-options
nosniff
last-modified
Tue, 04 Feb 2020 22:49:05 GMT
server
sffe
age
2364976
status
200
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
13532
x-xss-protection
0
expires
Sun, 28 Mar 2021 08:52:52 GMT
fa-solid-900.woff2
use.fontawesome.com/releases/v5.0.7/webfonts/
39 KB
40 KB
Font
General
Full URL
https://use.fontawesome.com/releases/v5.0.7/webfonts/fa-solid-900.woff2
Requested by
Host: zabeb.com
URL: https://zabeb.com/1/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
ececd30b13956872441d17b03b9de4c032b5983f0932051e763a0a6d0250842b

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://use.fontawesome.com/releases/v5.0.7/css/all.css
Origin
https://zabeb.com

Response headers

date
Fri, 24 Apr 2020 17:49:08 GMT
last-modified
Mon, 26 Feb 2018 20:53:59 GMT
server
NetDNA-cache/2.2
status
200
etag
"64f88ebe25c54a12320f42f0b229961b"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
accept-ranges
bytes
content-length
40244

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BBVA (Financial)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

0 Cookies