urlscan.io logo urlscan.io
SecurityTrails logo

abqtools.com Open in urlscan Pro
34.202.169.48  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://abqtools.com/document/retrieve
Submission: On October 01 via manual from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 34.202.169.48, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is abqtools.com.
This is the only time abqtools.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Dropbox (Consumer)

Domain & IP information

IP Address AS Autonomous System
4 34.202.169.48 14618 (AMAZON-AES)
5 34.197.205.214 14618 (AMAZON-AES)
1 2400:cb00:204... 13335 (CLOUDFLAR...)
14 4
Apex Domain
Subdomains		 Transfer
9 abqtools.com
abqtools.com
258 KB
1 ipapi.co
ipapi.co
621 B
0 alkhanservice.com Failed
alkhanservice.com Failed
14 3
Domain Requested by
9 abqtools.com abqtools.com
1 ipapi.co abqtools.com
0 alkhanservice.com Failed abqtools.com
14 3

This site contains no links.

Subject Issuer Validity Valid
ssl377101.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-07-26 -
2019-02-01		 6 months crt.sh

This page contains 1 frames:

Primary Page: http://abqtools.com/document/retrieve
Frame ID: EAEFBDE6374937C55FDA9109EE8E870C
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /Cowboy/i
Overall confidence: 100%
Detected patterns
  • headers server /Cowboy/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
Overall confidence: 100%
Detected patterns
  • env /^webpackJsonp$/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]+?href="[^"]+bootstrap(?:\.min)?\.css/i
  • script /(?:twitter\.github\.com\/bootstrap|bootstrap(?:\.js|\.min\.js))/i

Page Statistics

14
Requests

7 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

259 kB
Transfer

265 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request retrieve
abqtools.com/document/ 		986 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.202.169.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-169-48.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
dbf0c0376869a4d95613dd5a31db2df09f46a3fe646fff71e712b299803fce97

Request headers

Host
abqtools.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Server
Cowboy
Connection
keep-alive
X-Powered-By
Express
Accept-Ranges
bytes
Cache-Control
public, max-age=0
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Etag
W/"3da-165e32c0a98"
Content-Type
text/html; charset=UTF-8
Content-Length
986
Date
Mon, 01 Oct 2018 04:36:42 GMT
Via
1.1 vegur
font-awesome.min.css
alkhanservice.com/ 		0
0
bootstrap.min.css
alkhanservice.com/ 		0
0
jquery.min.js
alkhanservice.com/ 		0
0
bootstrap.min.js
alkhanservice.com/ 		0
0
app.696297e42854247914e741a595e71b39.css
abqtools.com/static/css/ 		69 B
391 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://abqtools.com/static/css/app.696297e42854247914e741a595e71b39.css
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.202.169.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-169-48.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
812c1c8e422962aafa013761727067a7f272f141dc933bae0fe935546ef75e95

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:42 GMT
Via
1.1 vegur
Etag
W/"45-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
69
manifest.2ae2e69a05c33dfc65f8.js
abqtools.com/static/js/ 		857 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://abqtools.com/static/js/manifest.2ae2e69a05c33dfc65f8.js
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.202.169.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-169-48.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
d414b80e539a45c4c5b318d37543f524d2cfcc69c92256879afb2f1dd980fdd1

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:42 GMT
Via
1.1 vegur
Etag
W/"359-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
857
vendor.db2c8be488295635e38a.js
abqtools.com/static/js/ 		142 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://abqtools.com/static/js/vendor.db2c8be488295635e38a.js
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.197.205.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-197-205-214.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
2db2904a882a073804412c31ec1baa87d761b0e343c685be6717001149915f62

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:42 GMT
Via
1.1 vegur
Etag
W/"2360c-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
144908
app.4f6c922a951e6b830e7c.js
abqtools.com/static/js/ 		31 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://abqtools.com/static/js/app.4f6c922a951e6b830e7c.js
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.197.205.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-197-205-214.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
67e81f30e8af15e121f46013768c34f3685157a60df624881c22ecdad0dafe6d

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:42 GMT
Via
1.1 vegur
Etag
W/"7cd3-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31955
json
ipapi.co/ 		484 B
621 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ipapi.co/json
Requested by
Host: abqtools.com
URL: http://abqtools.com/static/js/app.4f6c922a951e6b830e7c.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6819:d263 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
58444ae983b82e14143c10e89470ccdc07f0385063a4b4af038bb5289af5d6a5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
http://abqtools.com/document/retrieve
Origin
http://abqtools.com

Response headers

status
200
date
Mon, 01 Oct 2018 04:36:43 GMT
content-encoding
gzip
vary
Host
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
allow
HEAD, POST, OPTIONS, OPTIONS, GET
content-type
application/json
access-control-allow-origin
*
cf-ray
462c3ad969316385-FRA
truncated
/ 		8 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ca0ac191f9cef829e124ace37284f09d3d3afb8cb230f7938a82b43ed83ead16

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
dropbig.721ca96.png
abqtools.com/static/img/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://abqtools.com/static/img/dropbig.721ca96.png
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.197.205.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-197-205-214.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
87dbdc4222e35d4c110e0b33b3fea9a0588b0d08195b8c098a95e906f57ad651

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:43 GMT
Via
1.1 vegur
Etag
W/"74a5-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
29861
to_view.319a43e.jpg
abqtools.com/static/img/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://abqtools.com/static/img/to_view.319a43e.jpg
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.197.205.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-197-205-214.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
d38a13a91114c43fad4d1a25b852b9adcb92ab9bca12a99f246af9e880b89e03

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:43 GMT
Via
1.1 vegur
Etag
W/"50e3-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
image/jpeg
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20707
support.e264c04.jpg
abqtools.com/static/img/ 		31 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://abqtools.com/static/img/support.e264c04.jpg
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.202.169.48 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-202-169-48.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
5010f18b9c06867af25dc6875632200e45f9e2e05086d208db1e181d3654d649

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:43 GMT
Via
1.1 vegur
Etag
W/"7ae7-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
image/jpeg
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
31463
retrieve
abqtools.com/document/ 		986 B
986 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://abqtools.com/document/retrieve
Requested by
Host: abqtools.com
URL: http://abqtools.com/document/retrieve
Protocol
HTTP/1.1
Server
34.197.205.214 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-197-205-214.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
abqtools.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
http://abqtools.com/document/retrieve
Connection
keep-alive
Cache-Control
no-cache
Referer
http://abqtools.com/document/retrieve
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Mon, 01 Oct 2018 04:36:43 GMT
Via
1.1 vegur
Etag
W/"3da-165e32c0a98"
Last-Modified
Sun, 16 Sep 2018 16:17:19 GMT
Server
Cowboy
X-Powered-By
Express
Content-Type
text/html; charset=UTF-8
Cache-Control
public, max-age=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
986

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
alkhanservice.com
URL
http://alkhanservice.com/font-awesome.min.css
Domain
alkhanservice.com
URL
http://alkhanservice.com/bootstrap.min.css
Domain
alkhanservice.com
URL
http://alkhanservice.com/jquery.min.js
Domain
alkhanservice.com
URL
http://alkhanservice.com/bootstrap.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Dropbox (Consumer)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| webpackJsonp object| __core-js_shared__

0 Cookies