urlscan.io logo urlscan.io
SecurityTrails logo

www.fabyboutique.com Open in urlscan Pro
35.189.218.17  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://lacapell.com/MMS_Offers_NewsLetters/
Effective URL: https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVX...
Submission: On January 13 via manual from DE — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 4 HTTP transactions. The main IP is 35.189.218.17, located in Brussels, Belgium and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.fabyboutique.com.
TLS certificate: Issued by Sectigo RSA Extended Validation Secur... on November 8th 2022. Valid for: a year.
This is the only time www.fabyboutique.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Postbank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 89.46.90.206 201446 (PROFESION...)
1 4 35.189.218.17 396982 (GOOGLE-CL...)
4 3
Apex Domain
Subdomains		 Transfer
4 fabyboutique.com
www.fabyboutique.com
617 KB
1 lacapell.com
lacapell.com
403 B
4 2
Domain Requested by
4 www.fabyboutique.com 1 redirects www.fabyboutique.com
1 lacapell.com
4 2

This site contains no links.

Subject Issuer Validity Valid
lacapell.com
Sectigo RSA Domain Validation Secure Server CA		 2022-01-24 -
2023-01-24		 a year crt.sh
www.fabyboutique.com
Sectigo RSA Extended Validation Secure Server CA		 2022-11-08 -
2023-12-08		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk=
Frame ID: 88AAE33D84FDD7FAA1BD9B60AF98DF01
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://lacapell.com/MMS_Offers_NewsLetters/ Page URL
  2. https://www.fabyboutique.com/MY/MYBNQ/ Page URL
  3. https://www.fabyboutique.com/MY/MYBNQ/home/ HTTP 302
    https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2lu... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

617 kB
Transfer

1468 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://lacapell.com/MMS_Offers_NewsLetters/ Page URL
  2. https://www.fabyboutique.com/MY/MYBNQ/ Page URL
  3. https://www.fabyboutique.com/MY/MYBNQ/home/ HTTP 302
    https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
lacapell.com/MMS_Offers_NewsLetters/ 		140 B
403 B 		Document
General
Check archive.org
Download Go to
Full URL
https://lacapell.com/MMS_Offers_NewsLetters/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
89.46.90.206 , Spain, ASN201446 (PROFESIONALHOSTING, ES),
Reverse DNS
dns90206.phdns17.es
Software
LiteSpeed / PHP/7.0.33 PleskLin
Resource Hash
8f9ceab049bc953a5189272b5647241f8aa5a26193cf8d622c320cffac632e9d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

alt-svc
quic=":443"; ma=2592000; v="35,39,43,44"
cache-control
public, max-age=0
content-encoding
br
content-length
117
content-type
text/html; charset=UTF-8
date
Fri, 13 Jan 2023 10:56:24 GMT
edit
Set-Cookie ^(.*)$ $1;HttpOnly;Secure
expires
Fri, 13 Jan 2023 10:56:24 GMT
server
LiteSpeed
strict-transport-security
max-age=63072000;
vary
Accept-Encoding
x-content-type-options
nosniff
x-powered-by
PHP/7.0.33 PleskLin
/
www.fabyboutique.com/MY/MYBNQ/ 		104 B
360 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fabyboutique.com/MY/MYBNQ/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.189.218.17 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
17.218.189.35.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
0efae8927c3a86e353d09d08ec7f30d5e18260295b589d68c66a24dff5ba944a

Request headers

Referer
https://lacapell.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
108
Content-Type
text/html; charset=UTF-8
Date
Fri, 13 Jan 2023 10:56:27 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
Primary Request pstB-id.php
www.fabyboutique.com/MY/MYBNQ/home/
Redirect Chain
  • https://www.fabyboutique.com/MY/MYBNQ/home/
  • https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQg...
804 KB
586 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.189.218.17 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
17.218.189.35.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
d6ed8535ceb242183be2b84886c4c8fac874a58a88506475f8d0d88ab7cb2ffc

Request headers

Referer
https://www.fabyboutique.com/MY/MYBNQ/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Fri, 13 Jan 2023 10:56:27 GMT
Keep-Alive
timeout=5, max=98
Server
Apache/2.4.29 (Ubuntu)
Transfer-Encoding
chunked
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
4
Content-Type
text/html; charset=UTF-8
Date
Fri, 13 Jan 2023 10:56:27 GMT
Keep-Alive
timeout=5, max=99
Server
Apache/2.4.29 (Ubuntu)
location
pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk=
truncated
/ 		6 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1ad849d8a916dcde00adb1ee3d0f21c7f636a98b7b2c49f57194f245d37b2e91

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		370 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
130d73c4eb6e09d7372576762b61bdc69ccc112befefde6c40220278baf30686

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		15 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
550778f7050b2f39fc38c8e326c78e0a53921774f9f39dd3685f1c73efee2613

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/jpeg
truncated
/ 		186 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
946660bb68994bd9480fd5822b55ebd2907bcf76927305e84f47c20431568789

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Content-Type
image/jpeg
jquery.min.js
www.fabyboutique.com/MY/MYBNQ/home/pstB_files/ 		86 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fabyboutique.com/MY/MYBNQ/home/pstB_files/jquery.min.js
Requested by
Host: www.fabyboutique.com
URL: https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
35.189.218.17 Brussels, Belgium, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
17.218.189.35.bc.googleusercontent.com
Software
Apache/2.4.29 (Ubuntu) /
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://www.fabyboutique.com/MY/MYBNQ/home/pstB-id.php?token=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwOS4wLjU0MTQuNzQgU2FmYXJpLzUzNy4zNjE0Ni43MC43NC4xMDEyMDIzOkphbjpGcmk=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Date
Fri, 13 Jan 2023 10:56:28 GMT
Content-Encoding
gzip
Last-Modified
Thu, 12 Jan 2023 09:08:01 GMT
Server
Apache/2.4.29 (Ubuntu)
Vary
Accept-Encoding
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
30679

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Postbank (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000;
X-Content-Type-Options nosniff