knab.persoonlijk-register.xyz Open in urlscan Pro
69.162.108.66  Malicious Activity! Public Scan

Submitted URL: http://falaziwan.nl/
Effective URL: https://knab.persoonlijk-register.xyz/RIVM19/
Submission: On December 01 via manual from NL

Summary

This website contacted 2 IPs in 3 countries across 4 domains to perform 10 HTTP transactions. The main IP is 69.162.108.66, located in Fort Worth, United States and belongs to LIMESTONENETWORKS, US. The main domain is knab.persoonlijk-register.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 1st 2020. Valid for: 3 months.
This is the only time knab.persoonlijk-register.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Knab (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2a00:4e40:1:1... 59980 (MIJNDOMEIN)
1 1 162.214.103.245 46606 (UNIFIEDLA...)
1 69.162.108.66 46475 (LIMESTONE...)
9 194.213.115.75 34762 (COMBELL-AS)
10 2
Apex Domain
Subdomains
Transfer
9 knab.nl
email.knab.nl
48 KB
1 persoonlijk-register.xyz
knab.persoonlijk-register.xyz
28 KB
1 diz.ae
diz.ae
587 B
1 falaziwan.nl
falaziwan.nl
199 B
10 4
Domain Requested by
9 email.knab.nl knab.persoonlijk-register.xyz
1 knab.persoonlijk-register.xyz
1 diz.ae 1 redirects
1 falaziwan.nl 1 redirects
10 4

This site contains links to these domains. Also see Links.

Domain
www.knab.nl
email.knab.nl
Subject Issuer Validity Valid
knab.persoonlijk-register.xyz
Let's Encrypt Authority X3
2020-12-01 -
2021-03-01
3 months crt.sh
email.knab.nl
GlobalSign Extended Validation CA - SHA256 - G3
2019-12-30 -
2021-12-30
2 years crt.sh

This page contains 1 frames:

Primary Page: https://knab.persoonlijk-register.xyz/RIVM19/
Frame ID: 6D7CD8003CE18DBF1DDBACCADDA32A20
Requests: 10 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://falaziwan.nl/ HTTP 302
    https://diz.ae/IeLKI HTTP 301
    https://knab.persoonlijk-register.xyz/RIVM19/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

10
Requests

100 %
HTTPS

25 %
IPv6

4
Domains

4
Subdomains

2
IPs

3
Countries

76 kB
Transfer

71 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://falaziwan.nl/ HTTP 302
    https://diz.ae/IeLKI HTTP 301
    https://knab.persoonlijk-register.xyz/RIVM19/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
knab.persoonlijk-register.xyz/RIVM19/
Redirect Chain
  • http://falaziwan.nl/
  • https://diz.ae/IeLKI
  • https://knab.persoonlijk-register.xyz/RIVM19/
28 KB
28 KB
Document
General
Full URL
https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.162.108.66 Fort Worth, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
verso.coinhost.io
Software
nginx / PleskLin
Resource Hash
ba6cf3976f2c31cc2beebd61f1c4efd7677da8d81530c62e7637640944a7188b

Request headers

Host
knab.persoonlijk-register.xyz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server
nginx
Date
Tue, 01 Dec 2020 12:34:51 GMT
Content-Type
text/html
Content-Length
28381
Last-Modified
Tue, 01 Dec 2020 12:24:35 GMT
Connection
keep-alive
ETag
"5fc63603-6edd"
X-Powered-By
PleskLin
Accept-Ranges
bytes

Redirect headers

Date
Tue, 01 Dec 2020 12:34:49 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate
Pragma
no-cache
Content-Encoding
gzip
Vary
Accept-Encoding
Set-Cookie
PHPSESSID=ff27068ad959537fa77be39ae7428614; path=/ short_IeLKI=1; expires=Tue, 01-Dec-2020 13:04:49 GMT; Max-Age=1800; path=/; HttpOnly
Location
https://knab.persoonlijk-register.xyz/RIVM19/
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
spacer.png
email.knab.nl/images/Templates/Knab_template/
3 KB
3 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/Knab_template/spacer.png
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
ae12cd0ce50f9c505d476f9536b32bfe5aa45d9f0a5f2075a2e04374585c13e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Mon, 23 Jan 2017 10:25:42 GMT
ETag
"487fcec6375d21:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/png
Content-Length
2803
X-Xss-Protection
1; mode=block
header_logo_1.jpg
email.knab.nl/images/Templates/v2/
7 KB
8 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/header_logo_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
dc4b6805d7a626cbd32bf48a4e8d95753379e0959cf005bf36af412702c9e027
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Fri, 15 Apr 2016 09:06:53 GMT
ETag
"f4951127f696d11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
7679
X-Xss-Protection
1; mode=block
footer_logo_left_1.jpg
email.knab.nl/images/Templates/v2/
3 KB
3 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_logo_left_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
75c0b3cec0e6edd0ad63bb2b8a320400835a081640ead0cb29cd5fdc8733c4fa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Tue, 15 Mar 2016 11:08:01 GMT
ETag
"a57e8df0aa7ed11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
2778
X-Xss-Protection
1; mode=block
footer_fb_1.jpg
email.knab.nl/images/Templates/v2/
2 KB
3 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_fb_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
f1502bfa0438dba82f531292f4778805a3fa7ed6bd48cdea1664004fb03ed545
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Tue, 15 Mar 2016 11:08:01 GMT
ETag
"66d03ef0aa7ed11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
2281
X-Xss-Protection
1; mode=block
footer_tw_1.jpg
email.knab.nl/images/Templates/v2/
2 KB
3 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_tw_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
6c7528f359804d96a73da06ddbc3d6917edb8b02a1f0a9918bfe6b6b6f81c162
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Tue, 15 Mar 2016 11:08:01 GMT
ETag
"634392f0aa7ed11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
2280
X-Xss-Protection
1; mode=block
footer_li_1.jpg
email.knab.nl/images/Templates/v2/
2 KB
3 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_li_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
7bfa050732decb7228e72841f13ed7cfc78ecbb35a4bfbedb8b4d5b65d399eb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Tue, 15 Mar 2016 11:08:01 GMT
ETag
"a01e4df0aa7ed11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
2367
X-Xss-Protection
1; mode=block
footer_com_1.jpg
email.knab.nl/images/Templates/v2/
2 KB
2 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_com_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
2335b261f9278c5e4fb637d1d33e94de45d07d2310248ae70539822a9cb44fbc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Fri, 23 Dec 2016 08:14:38 GMT
ETag
"ecff19bf45cd21:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
1600
X-Xss-Protection
1; mode=block
footer_logo_part1_1.jpg
email.knab.nl/images/Templates/v2/
5 KB
5 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_logo_part1_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
49f6e61117ab5c3b551a1c80f17eef15f42932ddaef0addd0629c28ddfcdc8b3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Fri, 15 Apr 2016 09:06:53 GMT
ETag
"ba47327f696d11:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
4880
X-Xss-Protection
1; mode=block
footer_logo_part2_1.jpg
email.knab.nl/images/Templates/v2/
18 KB
18 KB
Image
General
Full URL
https://email.knab.nl/images/Templates/v2/footer_logo_part2_1.jpg
Requested by
Host: knab.persoonlijk-register.xyz
URL: https://knab.persoonlijk-register.xyz/RIVM19/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
194.213.115.75 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
webbpp75.emsecure.net
Software
/
Resource Hash
37ecba4246215361fd628c3b53a0756eb588f83158ba9ee927e7b3b7290eab26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://knab.persoonlijk-register.xyz/RIVM19/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Tue, 01 Dec 2020 12:34:51 GMT
Referrer-Policy
strict-origin
Last-Modified
Tue, 25 Jul 2017 08:35:52 GMT
ETag
"6c4b696215d31:0"
Strict-Transport-Security
max-age=31536000; includeSubdomains
Cache-Tag
10770
Accept-Ranges
bytes
Content-Type
image/jpeg
Content-Length
18054
X-Xss-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Knab (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated

0 Cookies