www.znuk.ch
Open in
urlscan Pro
149.126.4.47
Malicious Activity!
Public Scan
Effective URL: http://www.znuk.ch/email/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289...
Submission: On June 19 via manual from AU
Summary
This is the only time www.znuk.ch was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic Email (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
2 2 | 186.202.153.217 186.202.153.217 | 27715 (Locaweb S...) (Locaweb Serviços de Internet S/A) | |
2 9 | 149.126.4.47 149.126.4.47 | 47302 (CYON) (CYON) | |
1 | 2a00:1450:400... 2a00:1450:4001:821::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 69.89.31.230 69.89.31.230 | 46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1 - Unified Layer) | |
9 | 3 |
ASN27715 (Locaweb Serviços de Internet S/A, BR)
PTR: hm8615.locaweb.com.br
www.ttueventos.com.br |
ASN15169 (GOOGLE - Google LLC, US)
ajax.googleapis.com |
ASN46606 (UNIFIEDLAYER-AS-1 - Unified Layer, US)
PTR: box430.bluehost.com
smallenvelop.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
znuk.ch
2 redirects
www.znuk.ch |
24 KB |
2 |
ttueventos.com.br
2 redirects
www.ttueventos.com.br |
408 B |
1 |
smallenvelop.com
smallenvelop.com |
|
1 |
googleapis.com
ajax.googleapis.com |
29 KB |
9 | 4 |
Domain | Requested by | |
---|---|---|
9 | www.znuk.ch |
2 redirects
www.znuk.ch
|
2 | www.ttueventos.com.br | 2 redirects |
1 | smallenvelop.com |
www.znuk.ch
|
1 | ajax.googleapis.com |
www.znuk.ch
|
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleapis.com Google Internet Authority G3 |
2019-05-21 - 2019-08-13 |
3 months | crt.sh |
1970-01-01 - 1970-01-01 |
a few seconds | crt.sh | |
smallenvelop.com Let's Encrypt Authority X3 |
2019-04-22 - 2019-07-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.znuk.ch/email/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email=
Frame ID: 212D85722087AE6E6240F9ADBCE1A519
Requests: 9 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://www.ttueventos.com.br/redirect
HTTP 301
http://www.ttueventos.com.br/redirect/ HTTP 302
http://www.znuk.ch/email HTTP 301
http://www.znuk.ch/email/ HTTP 302
http://www.znuk.ch/email/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1... Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.ttueventos.com.br/redirect
HTTP 301
http://www.ttueventos.com.br/redirect/ HTTP 302
http://www.znuk.ch/email HTTP 301
http://www.znuk.ch/email/ HTTP 302
http://www.znuk.ch/email/login.php?l=_JeHFUq_VJOXK0QWHtoGYDw1774256418&fid.13InboxLight.aspxn.1774256418&fid.125289964252813InboxLight99642_Product-email&email= Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
login.php
www.znuk.ch/email/ Redirect Chain
|
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/ |
84 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m2.png
www.znuk.ch/email/images/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m3.png
www.znuk.ch/email/images/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m4.png
www.znuk.ch/email/images/ |
404 B 719 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m5.png
www.znuk.ch/email/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
m7.png
www.znuk.ch/email/images/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
vfr.png
www.znuk.ch/email/images/ |
881 B 1 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Preloader_11.gif
smallenvelop.com/wp-content/uploads/2014/08/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic Email (Online)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask function| $ function| jQuery function| count0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
smallenvelop.com
www.ttueventos.com.br
www.znuk.ch
149.126.4.47
186.202.153.217
2a00:1450:4001:821::200a
69.89.31.230
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
6692224e053c24a3b03fbff5ad23f88f6fa199e8c9844c68df9cb2f72a2ae305
6dafe6dd45900db8e5e99701145479fcfa4fd5faddd4fcdcdfdb095345cc2dbb
bf2a8ea944d8f895de0d9317b0644e8d5fee857b684875b3cccfac3fb2bae6bc
c2fb7ac000a74ac46c7e209b4cc65244f152ec93c7fb609312a4fdcd562188e9
c69aa9809ce8cab622c22f9bd5727d5375f5074d234effd3b5d98dd41a7512cc
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e52c6d02f89b87e13fe6dd5a8521fa58dbd25e009775a3896af9c34057624875
f6e8e5e72ce41545d0eac54648536802b7f75d3b910aae4b4603369e4a02e59d