knab.persoonlijk-register.xyz
Open in
urlscan Pro
69.162.108.66
Malicious Activity!
Public Scan
Effective URL: https://knab.persoonlijk-register.xyz/RIVM19/
Submission: On December 01 via manual from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 1st 2020. Valid for: 3 months.
This is the only time knab.persoonlijk-register.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Knab (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2a00:4e40:1:1... 2a00:4e40:1:1::2:203 | 59980 (MIJNDOMEIN) (MIJNDOMEIN) | |
1 1 | 162.214.103.245 162.214.103.245 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1) | |
1 | 69.162.108.66 69.162.108.66 | 46475 (LIMESTONE...) (LIMESTONENETWORKS) | |
9 | 194.213.115.75 194.213.115.75 | 34762 (COMBELL-AS) (COMBELL-AS) | |
10 | 2 |
ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: dedi-5091631.notese.com.br
diz.ae |
ASN46475 (LIMESTONENETWORKS, US)
PTR: verso.coinhost.io
knab.persoonlijk-register.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
knab.nl
email.knab.nl |
48 KB |
1 |
persoonlijk-register.xyz
knab.persoonlijk-register.xyz |
28 KB |
1 |
diz.ae
1 redirects
diz.ae |
587 B |
1 |
falaziwan.nl
1 redirects
falaziwan.nl |
199 B |
10 | 4 |
Domain | Requested by | |
---|---|---|
9 | email.knab.nl |
knab.persoonlijk-register.xyz
|
1 | knab.persoonlijk-register.xyz | |
1 | diz.ae | 1 redirects |
1 | falaziwan.nl | 1 redirects |
10 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.knab.nl |
email.knab.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
knab.persoonlijk-register.xyz Let's Encrypt Authority X3 |
2020-12-01 - 2021-03-01 |
3 months | crt.sh |
email.knab.nl GlobalSign Extended Validation CA - SHA256 - G3 |
2019-12-30 - 2021-12-30 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://knab.persoonlijk-register.xyz/RIVM19/
Frame ID: 6D7CD8003CE18DBF1DDBACCADDA32A20
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://falaziwan.nl/
HTTP 302
https://diz.ae/IeLKI HTTP 301
https://knab.persoonlijk-register.xyz/RIVM19/ Page URL
Detected technologies
Nginx (Web Servers) ExpandDetected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
6 Outgoing links
These are links going to different origins than the main page.
Title: pagina
Search URL Search Domain Scan URL
Title: www.knab.nl
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://falaziwan.nl/
HTTP 302
https://diz.ae/IeLKI HTTP 301
https://knab.persoonlijk-register.xyz/RIVM19/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
knab.persoonlijk-register.xyz/RIVM19/ Redirect Chain
|
28 KB 28 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
spacer.png
email.knab.nl/images/Templates/Knab_template/ |
3 KB 3 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
header_logo_1.jpg
email.knab.nl/images/Templates/v2/ |
7 KB 8 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_logo_left_1.jpg
email.knab.nl/images/Templates/v2/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_fb_1.jpg
email.knab.nl/images/Templates/v2/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_tw_1.jpg
email.knab.nl/images/Templates/v2/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_li_1.jpg
email.knab.nl/images/Templates/v2/ |
2 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_com_1.jpg
email.knab.nl/images/Templates/v2/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_logo_part1_1.jpg
email.knab.nl/images/Templates/v2/ |
5 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
footer_logo_part2_1.jpg
email.knab.nl/images/Templates/v2/ |
18 KB 18 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Knab (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
diz.ae
email.knab.nl
falaziwan.nl
knab.persoonlijk-register.xyz
162.214.103.245
194.213.115.75
2a00:4e40:1:1::2:203
69.162.108.66
2335b261f9278c5e4fb637d1d33e94de45d07d2310248ae70539822a9cb44fbc
37ecba4246215361fd628c3b53a0756eb588f83158ba9ee927e7b3b7290eab26
49f6e61117ab5c3b551a1c80f17eef15f42932ddaef0addd0629c28ddfcdc8b3
6c7528f359804d96a73da06ddbc3d6917edb8b02a1f0a9918bfe6b6b6f81c162
75c0b3cec0e6edd0ad63bb2b8a320400835a081640ead0cb29cd5fdc8733c4fa
7bfa050732decb7228e72841f13ed7cfc78ecbb35a4bfbedb8b4d5b65d399eb9
ae12cd0ce50f9c505d476f9536b32bfe5aa45d9f0a5f2075a2e04374585c13e3
ba6cf3976f2c31cc2beebd61f1c4efd7677da8d81530c62e7637640944a7188b
dc4b6805d7a626cbd32bf48a4e8d95753379e0959cf005bf36af412702c9e027
f1502bfa0438dba82f531292f4778805a3fa7ed6bd48cdea1664004fb03ed545