kanal9tv.com Open in urlscan Pro
35.214.211.97  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response kanal9tv.com/.quarantine/lbfull/	6 KB 2 KB	84ms 26ms	Document text/html	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash d2e3e622e6b482606a6c20c637cf1db2e1a2443f278fa85e418bad88d8659ebc Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language nl-NL,nl;q=0.9 Response headers server nginx date Wed, 23 Mar 2022 02:13:26 GMT content-type text/html vary Accept-Encoding Accept-Encoding,User-Agent last-modified Tue, 22 Mar 2022 19:57:26 GMT etag W/"1987-5dad405a25580" x-httpd 1 host-header 6b7412fb82ca5edfd0917e3957f05d89 x-proxy-cache MISS x-proxy-cache-info 0 NC:000000 UP: content-encoding br
GET H2	200	style.css kanal9tv.com/.quarantine/lbfull/	1 KB 728 B	25ms 25ms	Stylesheet text/css	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://kanal9tv.com/.quarantine/lbfull/style.css Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash d130cc5b6028244c9f461e444926d14d36d45e7a45249b9f6373d2959a7d95ba Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/.quarantine/lbfull/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 02:13:26 GMT content-encoding br last-modified Tue, 22 Mar 2022 19:58:44 GMT server nginx etag W/"623a2a74-56c" vary Accept-Encoding x-proxy-cache-info DT:1 content-type text/css cache-control max-age=31536000 host-header 8441280b0c35cbc1147f8ba998a563a7 expires Thu, 23 Mar 2023 02:13:26 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.5.1/	87 KB 31 KB	106ms 21ms	Script text/javascript	2a00:1450:4001:82b::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Tue, 22 Mar 2022 15:45:26 GMT content-encoding gzip x-content-type-options nosniff age 37680 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 31021 x-xss-protection 0 last-modified Fri, 08 May 2020 07:05:03 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Wed, 22 Mar 2023 15:45:26 GMT
GET H2	200	lbpiaccess.jpg kanal9tv.com/.quarantine/lbfull/	441 KB 442 KB	46ms 46ms	Image image/jpeg	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://kanal9tv.com/.quarantine/lbfull/lbpiaccess.jpg Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash 7bedd38060b64d53ad5c2ad1e2f330970cc61069f65d3d28a32809d329bfce23 Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/.quarantine/lbfull/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 02:13:26 GMT last-modified Tue, 22 Mar 2022 18:06:58 GMT server nginx etag "623a1042-6e577" x-proxy-cache-info DT:1 content-type image/jpeg cache-control max-age=31536000 host-header 8441280b0c35cbc1147f8ba998a563a7 accept-ranges bytes content-length 451959 expires Thu, 23 Mar 2023 02:13:26 GMT
GET H/1.1	200 OK	favicon.ico www.lbpiaccess.com/resources/images/	1 KB 2 KB	913ms 838ms	Image image/x-icon	104.111.240.149 AKAMAI-AS
General Check archive.org Show headers Download Go to Show image Full URL https://www.lbpiaccess.com/resources/images/favicon.ico Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 104.111.240.149 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a104-111-240-149.deploy.static.akamaitechnologies.com Software / Resource Hash 06c9ad91cf91e1e3fdb85af3cbec9a90d19ffc103ff4c35e4b0079a3a0b16a73 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers Strict-Transport-Security max-age=15552000; includeSubDomains; preload X-Content-Type-Options nosniff Last-Modified Mon, 28 Feb 2022 11:59:54 GMT Date Wed, 23 Mar 2022 02:13:27 GMT X-Frame-Options SAMEORIGIN X-ORACLE-DMS-ECID 6e4261d7-2b31-48fe-bd71-3a061db497ae-000f383d Content-Type image/x-icon X-ORACLE-DMS-RID 0 Connection keep-alive Accept-Ranges bytes Content-Length 1150 X-XSS-Protection 1; mode=block
GET H2	200	ssl.svg kanal9tv.com/.quarantine/lbfull/	603 B 534 B	31ms 30ms	Image image/svg+xml	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://kanal9tv.com/.quarantine/lbfull/ssl.svg Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash 3b439667b653b07d8eec20a02b2c7cb25e4eb2a91acdbdb61f28f9163237067d Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/.quarantine/lbfull/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 02:13:26 GMT content-encoding br last-modified Mon, 21 Mar 2022 04:08:58 GMT server nginx etag W/"6237fa5a-25b" vary Accept-Encoding x-proxy-cache-info DT:1 content-type image/svg+xml cache-control max-age=31536000 host-header 8441280b0c35cbc1147f8ba998a563a7 expires Thu, 23 Mar 2023 02:13:26 GMT
GET H2	200	bancnet.png kanal9tv.com/.quarantine/lbfull/	5 KB 5 KB	42ms 42ms	Image image/png	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://kanal9tv.com/.quarantine/lbfull/bancnet.png Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash ca087c45509b633fcf2970a31573505c49537e91f5a62e2e2901da88be1f472c Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/.quarantine/lbfull/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 02:13:26 GMT last-modified Tue, 22 Mar 2022 18:07:12 GMT server nginx etag "623a1050-133e" x-proxy-cache-info DT:1 content-type image/png cache-control max-age=31536000 host-header 8441280b0c35cbc1147f8ba998a563a7 accept-ranges bytes content-length 4926 expires Thu, 23 Mar 2023 02:13:26 GMT
GET H2	200	script.js Show response kanal9tv.com/.quarantine/lbfull/	3 KB 970 B	27ms 27ms	Script application/javascript	35.214.211.97 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://kanal9tv.com/.quarantine/lbfull/script.js Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 35.214.211.97 Groningen, Netherlands, ASN15169 (GOOGLE, US), Reverse DNS 97.211.214.35.bc.googleusercontent.com Software nginx / Resource Hash ec0c2e4c572b330a9384411c8e97fb4216c8e6a1d45345949ac88222ed2e04f5 Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/.quarantine/lbfull/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers date Wed, 23 Mar 2022 02:13:26 GMT content-encoding br last-modified Tue, 22 Mar 2022 19:58:38 GMT server nginx etag W/"623a2a6e-b35" vary Accept-Encoding x-proxy-cache-info DT:1 content-type application/javascript cache-control max-age=31536000 host-header 8441280b0c35cbc1147f8ba998a563a7 expires Thu, 23 Mar 2023 02:13:26 GMT
GET H2	200	/ Show response tempsitecloud.com/ Frame 4764	7 KB 3 KB	1210ms 859ms	Document text/html	50.31.99.167 BIGSCOOTS
General Check archive.org Show headers Download Go to Full URL https://tempsitecloud.com/ Requested by Host: kanal9tv.com URL: https://kanal9tv.com/.quarantine/lbfull/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.31.99.167 , United States, ASN394303 (BIGSCOOTS, US), Reverse DNS lois.securedserverspace.com Software LiteSpeed / PHP/7.4.28 Resource Hash 5aae6321e2f142f9c71e224dafc97edc5a8e56a6b9b28176d56dac638dc72b65 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept-Language nl-NL,nl;q=0.9 Referer https://kanal9tv.com/ Response headers x-powered-by PHP/7.4.28 content-type text/html; charset=UTF-8 content-length 2468 content-encoding br vary Accept-Encoding date Wed, 23 Mar 2022 02:13:27 GMT server LiteSpeed x-content-type-options nosniff x-xss-protection 1; mode=block alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H2	404	lbpiaccess.jpg tempsitecloud.com/lb_files/img/ Frame 4764	1 KB 1 KB	128ms 127ms	Image text/html	50.31.99.167 BIGSCOOTS
General Check archive.org Show headers Download Go to Show image Full URL https://tempsitecloud.com/lb_files/img/lbpiaccess.jpg Requested by Host: tempsitecloud.com URL: https://tempsitecloud.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.31.99.167 , United States, ASN394303 (BIGSCOOTS, US), Reverse DNS lois.securedserverspace.com Software LiteSpeed / Resource Hash 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://tempsitecloud.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers pragma no-cache date Wed, 23 Mar 2022 02:13:27 GMT x-content-type-options nosniff server LiteSpeed content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 1238 x-xss-protection 1; mode=block
GET H2	404	professor.jpg tempsitecloud.com/lb_files/img/ Frame 4764	1 KB 1 KB	127ms 127ms	Image text/html	50.31.99.167 BIGSCOOTS
General Check archive.org Show headers Download Go to Show image Full URL https://tempsitecloud.com/lb_files/img/professor.jpg Requested by Host: tempsitecloud.com URL: https://tempsitecloud.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.31.99.167 , United States, ASN394303 (BIGSCOOTS, US), Reverse DNS lois.securedserverspace.com Software LiteSpeed / Resource Hash 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://tempsitecloud.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers pragma no-cache date Wed, 23 Mar 2022 02:13:27 GMT x-content-type-options nosniff server LiteSpeed content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 1238 x-xss-protection 1; mode=block
GET H2	404	bancnet.png tempsitecloud.com/lb_files/img/ Frame 4764	1 KB 1 KB	127ms 127ms	Image text/html	50.31.99.167 BIGSCOOTS
General Check archive.org Show headers Download Go to Show image Full URL https://tempsitecloud.com/lb_files/img/bancnet.png Requested by Host: tempsitecloud.com URL: https://tempsitecloud.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 50.31.99.167 , United States, ASN394303 (BIGSCOOTS, US), Reverse DNS lois.securedserverspace.com Software LiteSpeed / Resource Hash 5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language nl-NL,nl;q=0.9 Referer https://tempsitecloud.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Response headers pragma no-cache date Wed, 23 Mar 2022 02:13:27 GMT x-content-type-options nosniff server LiteSpeed content-type text/html cache-control private, no-cache, no-store, must-revalidate, max-age=0 content-length 1238 x-xss-protection 1; mode=block

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Land Bank of the Philippines (Banking)

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored function| $ function| jQuery object| minimize object| square object| exit object| titleBar object| draggable object| title function| enlarge

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://tempsitecloud.com/lb_files/img/lbpiaccess.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tempsitecloud.com/lb_files/img/professor.jpg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://tempsitecloud.com/lb_files/img/bancnet.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
kanal9tv.com
tempsitecloud.com
www.lbpiaccess.com
104.111.240.149
2a00:1450:4001:82b::200a
35.214.211.97
50.31.99.167
06c9ad91cf91e1e3fdb85af3cbec9a90d19ffc103ff4c35e4b0079a3a0b16a73
3b439667b653b07d8eec20a02b2c7cb25e4eb2a91acdbdb61f28f9163237067d
5aae6321e2f142f9c71e224dafc97edc5a8e56a6b9b28176d56dac638dc72b65
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
7bedd38060b64d53ad5c2ad1e2f330970cc61069f65d3d28a32809d329bfce23
ca087c45509b633fcf2970a31573505c49537e91f5a62e2e2901da88be1f472c
d130cc5b6028244c9f461e444926d14d36d45e7a45249b9f6373d2959a7d95ba
d2e3e622e6b482606a6c20c637cf1db2e1a2443f278fa85e418bad88d8659ebc
ec0c2e4c572b330a9384411c8e97fb4216c8e6a1d45345949ac88222ed2e04f5
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d