urlscan.io logo urlscan.io
SecurityTrails logo

www.secure-sabbnet-online.hijauelektronikindonesia.com Open in urlscan Pro
131.153.99.18  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.secure-sabbnet-online.hijauelektronikindonesia.com/
Submission: On October 24 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 2 HTTP transactions. The main IP is 131.153.99.18, located in Singapore, Singapore and belongs to PHOENIXNAP-AS-SG1 PhoenixNAP, SG. The main domain is www.secure-sabbnet-online.hijauelektronikindonesia.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 24th 2022. Valid for: 3 months.
This is the only time www.secure-sabbnet-online.hijauelektronikindonesia.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: HSBC (Banking)

Domain & IP information

IP Address AS Autonomous System
1 131.153.99.18 59210 (PHOENIXNA...)
1 193.27.7.77 57900 (SAUDI-BRI...)
2 3
Domain Requested by
1 www.security.online-banking.sabbnet.com www.secure-sabbnet-online.hijauelektronikindonesia.com
1 www.secure-sabbnet-online.hijauelektronikindonesia.com
2 2

This site contains links to these domains. Also see Links.

Domain
www.security.online-banking.sabbnet.com
www.sabb.com
Subject Issuer Validity Valid
secure-sabbnet-online.hijauelektronikindonesia.com
cPanel, Inc. Certification Authority		 2022-10-24 -
2023-01-22		 3 months crt.sh
www.security.online-banking.sabbnet.com
DigiCert SHA2 Extended Validation Server CA		 2021-12-06 -
2022-12-21		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.secure-sabbnet-online.hijauelektronikindonesia.com/
Frame ID: 1D6F34922B136B443A3F38ADB00D63A0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Log on to online : Username | SABB

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

209 kB
Transfer

482 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.secure-sabbnet-online.hijauelektronikindonesia.com/ 		319 KB
58 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secure-sabbnet-online.hijauelektronikindonesia.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
131.153.99.18 Singapore, Singapore, ASN59210 (PHOENIXNAP-AS-SG1 PhoenixNAP, SG),
Reverse DNS
cs30.koneksiaman.net
Software
LiteSpeed / PHP/7.2.34
Resource Hash
76df0888097b3ddc4d743e0f85d883ee5c29a6e321d750c27fd2fc9f1f210275

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
cache-control
no-store, no-cache, must-revalidate
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 24 Oct 2022 04:13:52 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding
x-powered-by
PHP/7.2.34
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cab78213e8c945c10cae355403260048dad7936a706febbacf3782fb0b15f059

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		54 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bf266f02007642c1b71807c6b399ee1268d8a5a36b8d03162bce1fa222942c98

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9bcbc0ff19ab678085c819498dbb667ad36a1862b0fa3dd8ae8c19e93f0f5ff7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c242fecf52b24a49f80215433f75fcd149fe3cdf9e807437bbd38317f036b965

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
IPS_Campaign_Phase_Two-18.jpg
www.security.online-banking.sabbnet.com/ContentService/gsp_sabb/saas/Components/htmls/cam10/en/ 		150 KB
151 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.security.online-banking.sabbnet.com/ContentService/gsp_sabb/saas/Components/htmls/cam10/en/IPS_Campaign_Phase_Two-18.jpg
Requested by
Host: www.secure-sabbnet-online.hijauelektronikindonesia.com
URL: https://www.secure-sabbnet-online.hijauelektronikindonesia.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.27.7.77 , Saudi Arabia, ASN57900 (SAUDI-BRITISH-BANK, SA),
Reverse DNS
Software
/
Resource Hash
735c87d12818649c361b9362460bc1d236fa67dea3843abdc6b7ab2af72c2591
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.secure-sabbnet-online.hijauelektronikindonesia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Mon, 24 Oct 2022 04:13:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
153522
Last-Modified
Sat, 23 Apr 2022 17:58:29 GMT
Access-Control-Max-Age
3600
Vary
DECRYPTED
CONTENT_RESOURCE_PATH
gsp_sabb/saas/Components/htmls/cam10/en/IPS_Campaign_Phase_Two-18.jpg
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET
Content-Type
image/jpeg
X-Frame-Options
sameorigin
Content-Language
en-US
S
LWSSASIP0501P
Access-Control-Allow-Headers
x-requested-with
Keep-Alive
timeout=5, max=500
truncated
/ 		942 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b5a3dd3f96d3e983873762c6b69b7946be6b1627dff5eca7716ad8396bbab132

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8a4a5bc7c1c81d7dfe382d0f1157298e7e439e13228d23d2a448f1c811015c8f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2d04f19fe518e0201f68d3a0b0e6979c06848a95d84f3f07c32b000fc621367

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0e470a24cfcdfa42487418070681845219a16cfedb62c5101514d96faf510c9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6197f7ae191cb4b28ec55b5cf74a92db66a1a8e43f76abe3863ab3c51cb7667b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fae7e94394deac2d50a89ee95bb3a24887711c08c0c4c56ac5bcd2a2ca2d6cce

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
9db0d37a99592c40f146b9a8026e020d2c0b843bca0d7b0279ac8fa8fb13fd53

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: HSBC (Banking)

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| savepage_ShadowLoader

1 Cookies

Domain/Path Name / Value
www.secure-sabbnet-online.hijauelektronikindonesia.com/ Name: PHPSESSID
Value: ab2e9c84ab2f45733aab6e39a1de128e