zap619162-1.plesk12.zap-webspace.com
Open in
urlscan Pro
185.223.31.153
Malicious Activity!
Public Scan
Effective URL: https://zap619162-1.plesk12.zap-webspace.com/kmb0/
Submission: On November 17 via manual from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on November 16th 2020. Valid for: 3 months.
This is the only time zap619162-1.plesk12.zap-webspace.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Knab (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 125.209.210.90 125.209.210.90 | 23576 (NHN-AS-KR...) (NHN-AS-KR NBP) | |
1 | 45.126.59.196 45.126.59.196 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
1 1 | 2606:4700:303... 2606:4700:3037::681c:927 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
23 | 185.223.31.153 185.223.31.153 | 30823 (COMBAHTON...) (COMBAHTON combahton GmbH) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 2 | 2a00:1450:400... 2a00:1450:4001:81a::200e | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:400c:c00::9d | 15169 (GOOGLE) (GOOGLE) | |
1 1 | 2a00:1450:400... 2a00:1450:4001:819::2004 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:820::2003 | 15169 (GOOGLE) (GOOGLE) | |
29 | 6 |
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id |
ASN30823 (COMBAHTON combahton GmbH, DE)
zap619162-1.plesk12.zap-webspace.com |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
zap-webspace.com
zap619162-1.plesk12.zap-webspace.com |
2 MB |
2 |
google-analytics.com
1 redirects
www.google-analytics.com |
19 KB |
1 |
google.de
www.google.de |
505 B |
1 |
google.com
1 redirects
www.google.com |
369 B |
1 |
doubleclick.net
1 redirects
stats.g.doubleclick.net |
177 B |
1 |
googletagmanager.com
www.googletagmanager.com |
35 KB |
1 |
tny.sh
1 redirects
tny.sh |
788 B |
1 |
s.id
s.id analytics.s.id Failed |
2 KB |
1 |
me2.do
1 redirects
me2.do |
297 B |
0 |
knab.nl
Failed
eum.knab.nl Failed |
|
29 | 10 |
Domain | Requested by | |
---|---|---|
23 | zap619162-1.plesk12.zap-webspace.com |
s.id
zap619162-1.plesk12.zap-webspace.com |
2 | www.google-analytics.com |
1 redirects
www.googletagmanager.com
|
1 | www.google.de |
zap619162-1.plesk12.zap-webspace.com
|
1 | www.google.com | 1 redirects |
1 | stats.g.doubleclick.net | 1 redirects |
1 | www.googletagmanager.com |
zap619162-1.plesk12.zap-webspace.com
|
1 | tny.sh | 1 redirects |
1 | s.id | |
1 | me2.do | 1 redirects |
0 | eum.knab.nl Failed |
zap619162-1.plesk12.zap-webspace.com
|
0 | analytics.s.id Failed |
s.id
|
29 | 11 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.knab.nl |
crowdfunding.knab.nl |
play.google.com |
itunes.apple.com |
persoonlijk.knab.nl |
knab.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s.id Let's Encrypt Authority X3 |
2020-09-08 - 2020-12-07 |
3 months | crt.sh |
zap619162-1.plesk12.zap-webspace.com Let's Encrypt Authority X3 |
2020-11-16 - 2021-02-14 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
www.google.de GTS CA 1O1 |
2020-10-28 - 2021-01-20 |
3 months | crt.sh |
This page contains 2 frames:
Primary Page:
https://zap619162-1.plesk12.zap-webspace.com/kmb0/
Frame ID: 3C572873A0814AB14082C78629C0A7D7
Requests: 23 HTTP requests in this frame
Frame:
https://zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/frame.html
Frame ID: 2957BD41BBBC8FF76163BDCB01A55806
Requests: 6 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://me2.do/FkpD40oW
HTTP 307
https://s.id/knab-relatie Page URL
-
https://tny.sh/hJ7Nbq6
HTTP 302
https://zap619162-1.plesk12.zap-webspace.com/kmb0/ Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
AngularJS (JavaScript Frameworks) Expand
Detected patterns
- script /angular.*\.js/i
RequireJS (JavaScript Frameworks) Expand
Detected patterns
- script /require.*\.js/i
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Crowdfunding
Search URL Search Domain Scan URL
Title: Hypotheken
Search URL Search Domain Scan URL
Title: Â
Search URL Search Domain Scan URL
Title: Â
Search URL Search Domain Scan URL
Title: Gebruikersnaam vergeten?
Search URL Search Domain Scan URL
Title: Wachtwoord vergeten?
Search URL Search Domain Scan URL
Title: Klant worden
Search URL Search Domain Scan URL
Title: hier
Search URL Search Domain Scan URL
Title: https://persoonlijk.knab.nl
Search URL Search Domain Scan URL
Title: phishing
Search URL Search Domain Scan URL
Title: Veiligheid
Search URL Search Domain Scan URL
Title: Privacybeleid
Search URL Search Domain Scan URL
Title: Belangenbeleid
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://me2.do/FkpD40oW
HTTP 307
https://s.id/knab-relatie Page URL
-
https://tny.sh/hJ7Nbq6
HTTP 302
https://zap619162-1.plesk12.zap-webspace.com/kmb0/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://me2.do/FkpD40oW HTTP 307
- https://s.id/knab-relatie
- https://www.google-analytics.com/r/collect?v=1&_v=j79&aip=1&a=297121401&t=pageview&_s=1&dl=https%3A%2F%2Fzap619162-1.plesk12.zap-webspace.com%2Fkmb0%2Fbestanden%2Fframe.html&dp=%2Finloggen&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=&je=0&_u=aEBAAUABE~&jid=265067922&gjid=713208170&cid=2135887426.1605624181&tid=UA-30995594-5&_gid=1382939766.1605624181&_r=1>m=2wgb41TM75DJK&z=1144527294 HTTP 302
- https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-30995594-5&cid=2135887426.1605624181&jid=265067922&_gid=1382939766.1605624181&gjid=713208170&_v=j79&z=1144527294 HTTP 302
- https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-30995594-5&cid=2135887426.1605624181&jid=265067922&_v=j79&z=1144527294 HTTP 302
- https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-30995594-5&cid=2135887426.1605624181&jid=265067922&_v=j79&z=1144527294&slf_rd=1&random=3279786393
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
knab-relatie
s.id/ Redirect Chain
|
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
piwik.js
analytics.s.id/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
zap619162-1.plesk12.zap-webspace.com/kmb0/ Redirect Chain
|
31 KB 7 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
plx.check.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
365 B 417 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum-ext.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
47 KB 47 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
adrum.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
44 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles-rem.css
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
353 KB 353 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
require.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
16 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
requireconfig.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
1 MB 1 MB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
angular-locale_nl.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
3 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
859 B 602 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main_002.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
9 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cookiecheckifset.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
122 B 332 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logon-qr.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
923 B 548 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cardreader_login_new.png
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
frame.html
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ Frame 2957 |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blob-color-bar.svg
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pt_sans-web-regular-webfont.woff2
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
24 KB 24 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
intro_bold.woff2
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
20 KB 20 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
photos-loginscreen_03_2.png
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
44 KB 44 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
blob-footer.svg
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
3 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Knab-Icon-Font.ttf
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
69 KB 69 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pt_sans-web-bold-webfont.woff2
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/ |
24 KB 25 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/frame_data/ Frame 2957 |
43 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
zap619162-1.plesk12.zap-webspace.com/kmb0/bestanden/frame_data/ Frame 2957 |
77 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gtm.js
www.googletagmanager.com/ Frame 2957 |
98 KB 35 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ Frame 2957 |
46 KB 18 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ga-audiences
www.google.de/ads/ Frame 2957 Redirect Chain
|
42 B 505 B |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
adrum-ext.e2cb5463010d357205cea2144c54cf70.js
eum.knab.nl/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- analytics.s.id
- URL
- https://analytics.s.id/piwik.js
- Domain
- eum.knab.nl
- URL
- https://eum.knab.nl/adrum-ext.e2cb5463010d357205cea2144c54cf70.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Knab (Banking)22 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| PLX number| adrum-start-time object| ADRUM function| requirejs function| require function| define function| duScrollDefaultEasing object| duScroll function| Base function| FlipClock function| qrcode undefined| global function| $ function| jQuery object| angular object| Highcharts object| jQuery11200112204003330862674 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.zap-webspace.com/ | Name: _gat_UA-30995594-5 Value: 1 |
|
.zap-webspace.com/ | Name: _gid Value: GA1.2.1382939766.1605624181 |
|
.zap-webspace.com/ | Name: _ga Value: GA1.2.2135887426.1605624181 |
|
zap619162-1.plesk12.zap-webspace.com/ | Name: PHPSESSID Value: 06425qb0lqg0jeos9gg7h9bfn6 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.s.id
eum.knab.nl
me2.do
s.id
stats.g.doubleclick.net
tny.sh
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
zap619162-1.plesk12.zap-webspace.com
analytics.s.id
eum.knab.nl
125.209.210.90
185.223.31.153
2606:4700:3037::681c:927
2a00:1450:4001:819::2004
2a00:1450:4001:81a::200e
2a00:1450:4001:820::2003
2a00:1450:4001:820::2008
2a00:1450:400c:c00::9d
45.126.59.196
061cfc3a570b21edf31bc34f526829445fbe3b4e44618147488c9fbb22695bfe
0c7b78e9f2fd983d978fff4450143136913bbbfecd3e1b2591d97ec87e4d191b
143792fd8477dbd941d3aa8147a7915af6276fa62c3cb9dca22808bdc465c535
27f71debda1c93697ba870a3c534f3c35cd19b7be19ff87d212b0a95fad740b2
28b84c368af2aea2dac54ae11da3bfc2d569568f3beae1f0cb917bc6da6e64ad
3dcc8261864e5e94b00af96fa3ab9f64f0ffbc92b2a9335681ef586e002430fa
40541e8ed3b52bdbcb04285bf23b63c8591f42ada9eb734176c4d52b95f8833b
4475aa0cb79a663b402f491a265fa958a4746e40289ac536e79d136ffd94a7b3
48c5781ab64a0e938c97dec01089992b3dffba5b6f8ddb49fc115a65377aefa3
5bda493f98caa6ea8a8038b7b323124e5f9fcddfbc44d45aae2118bb32bda441
5f22536b6914480a46b07a9b3bc0bf8894f2d53dc2f7686de2c0bfade33f85b1
69e92ddf5ffcd65ce517ec18dadc8b558b09e795c0090eeff06cbd9f989e0b16
7313d82b5a9200d170d5ee84370dbac3ddbb1d9ecf06ac52d3c3c73da4c2c7e6
737f295284a754ffa5944351723eb102e1bd62677877d22a717c122049be4234
969df28933cad5c85b94bc2014bfb4228a5e4f6dc46394a179b7f2978a124de7
a74da6ffdf4d37fc328f61cbadfa28afd8494702a1c4cd74a5dbb3e6bce48de4
cdb823a8a2e94a5c74a017e0a5175e858c1831257087d871d8fac0a8aeaa0c87
ce2f03346445fae87602a89a618bd33679673fe3130db5b76aed8265ea154604
cee852a289f91d3aebd04518f90fc53600aa36ffcb771de53a6f0e20d89685a6
ceffb57ecd4856e664903af9617fba1b41e58d960adc8c7fe299ecefc829b769
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
de0c18357159934b623fe273e3753952c8584b5d36de2af348fadbff9e012e73
e00715f979f4712f8eed310a932175bfdb35b6fa899c027bcf8e1fb6b63b07f4
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f304f39835db5c92b379d4cc69bb9f05e27c548d783a90b093ece6567e9f8f56
f5be66833c21c33a14ff509b67c013b1eada40030e930afebfdb0d8c6441a53b