urlabuse.com

https://urlabuse.com/login.html

172.67.193.57 · Cloudflare, Inc.

Location

Toronto, Canada

Domain Age

911 days

HTTP

200 · 29.3s

SSL

Valid· WE1, Google Trust Services, US

Status

COMPLETED

Visual Evidence

Zoom

Title: "Login | URLAbuse"

Save

Domain Intelligence: urlabuse.com

Scanned 2 times since Feb 27, 2026, 07:22 PM UTC

✗ Critical (90)

Take this site down

Report to 50+ vendors instantly

KB/IOK Matches (0)—

No KB/IOK detections were recorded for this scan.

URLAbuse

Credential Phishing

technology | ecommerce | finance | education | other · 4/5/2026

Summary

The page presents a Login | URLAbuse interface but the domain is urlabuse.com, which visually mimics a legitimate URL abuse service. The screenshot shows a branded login form with email and password fields and a Recaptcha challenge, implying credential collection. However, the domain appears to be the legitimate URLAbuse site rather than a well-known brand impersonation, but the page title and UI strongly imitate a login portal likely used for phishing/testing; the presence of external scripts and a Recaptcha integration suggests an attempt to harvest credentials under the guise of URL abuse tracking.

Attack Techniques (5)

Brand logo and UI elements resembling a legitimate serviceCredential harvesting form with password field on a login pageExternal script loading (recaptcha, analytics) to mimic legitimate behaviorSPA-like structure with external assets and recaptcha iframe integrationPresence of iframes and external resources to simulate a branded login flow

Indicators of Compromise (7)

▸DOMAIN: urlabuse.com (potentially legitimate, but used for phishing scan data)

▸PAGE TITLE: 'Login | URLAbuse' indicating a login capture page

▸NETWORK REQUESTS: recaptcha scripts and multiple external assets (urlabuse.com/cdn-cgi/zaraz/s.js, recaptcha JS/WOFF2 assets, Google APIs)

▸IFRAMES: recaptcha iframe references in network data

▸SSL: Valid certificate issued by Google Trust Services, valid through 2026

▸WHOIS: Domain created 2023-08-31, age ~911 days, Cloudflare for DNS

▸Page HTML: login form present with password field and GET/POST form actions, plus captcha-related endpoints

Risk AssessmentUsed in abuse reports

Scanner detected a legitimate-looking login page at urlabuse.com with a visible password field and a recaptcha widget. The page loads numerous external assets from recaptcha and cloudflare, indicating intent to mimic a branded login experience and potentially capture credentials. The SSL cert is recently issued and domain age indicates established presence, but the combination of a dedicated login UI on a domain that matches the brand plus embedded external tracking scripts elevates risk for credential harvesting. This site should be treated as a phishing vector targeting users of URLAbuse or visitors unknowingly interacting with the login form; block or suspend domain and review hosting for impersonation cues.

Recommended Action

Suspend Domain

Cross-Reference8

URL Intelligence