![](/screenshots/9f3bc5c7-d920-4f77-b049-1dba02b77e9a.png)
www.ritualst.freaze.eu
Open in
urlscan Pro
2a03:3a60:a1:7::1
Malicious Activity!
Public Scan
Effective URL: http://www.ritualst.freaze.eu/moks/index.php
Submission: On March 02 via api from BE
Summary
This is the only time www.ritualst.freaze.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Crelan (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a02:2350:5:1... 2a02:2350:5:102:6040:0:c002:b05a | 51468 (ONECOM) (ONECOM) | |
1 | 2a02:26f0:eb:... 2a02:26f0:eb:181::2a1 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a03:3a60:a1:... 2a03:3a60:a1:7::1 | 49544 (I3DNET) (I3DNET) | |
3 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
1 |
freaze.eu
www.ritualst.freaze.eu |
159 KB |
1 |
mzstatic.com
is1-ssl.mzstatic.com |
11 KB |
1 |
klechts.com
klechts.com |
593 B |
3 | 3 |
Domain | Requested by | |
---|---|---|
1 | www.ritualst.freaze.eu | |
1 | is1-ssl.mzstatic.com |
klechts.com
|
1 | klechts.com | |
3 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
mycrelan.crelan.be |
www.crelan.be |
Subject Issuer | Validity | Valid | |
---|---|---|---|
itunes.apple.com DigiCert SHA2 Extended Validation Server CA-3 |
2020-01-24 - 2021-01-24 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
http://www.ritualst.freaze.eu/moks/index.php
Frame ID: 75710B2F91E108E4F726A99B656670FC
Requests: 7 HTTP requests in this frame
Screenshot
![](/screenshots/9f3bc5c7-d920-4f77-b049-1dba02b77e9a.png)
Page URL History Show full URLs
- http://klechts.com/wait/bezet.php Page URL
- http://www.ritualst.freaze.eu/moks/index.php Page URL
Detected technologies
Detected patterns
- url /\.php(?:$|\?)/i
Detected patterns
- headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: Aanvraag nieuwe digipas 1/4
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Title: Reglement myCrelan
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://klechts.com/wait/bezet.php Page URL
- http://www.ritualst.freaze.eu/moks/index.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
3 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
bezet.php
klechts.com/wait/ |
327 B 593 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
246x0w.jpg
is1-ssl.mzstatic.com/image/thumb/Purple118/v4/dc/20/b9/dc20b9f6-adf5-6e8d-3d4e-3959b27555a5/mzl.pehbfnlp.png/ |
10 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
![]() www.ritualst.freaze.eu/moks/ |
630 KB 159 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 22 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 22 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
22 KB 22 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Crelan (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| savepage_PageLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
www.ritualst.freaze.eu/ | Name: PHPSESSID Value: l10o9cs3ook9dompvudvm231j0 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
is1-ssl.mzstatic.com
klechts.com
www.ritualst.freaze.eu
2a02:2350:5:102:6040:0:c002:b05a
2a02:26f0:eb:181::2a1
2a03:3a60:a1:7::1
149e46018323b17a4f10356c3fe48dc787e3e063fc377b5dbb64cc9c9f0aedeb
4bca7a25da80f6581bff6df88f752a9307a9e9c10d52ce2005394fb7c3168f32
665cee58d2071e0e388f39feefc398b9458305fdb6ee996011763880331b2c7b
6dc057c1ed968af5d03f70f816b51f2646a5fcafc62bfffed26021927a26d913
78d655c8b6054f1e0d9d00136285c673f8e886ab593d378ce8ce5a89f0778b08
dc1a0a89c99a520a8beb56f3b0eab560ed6f5f1bf666873cace9078b5c631582
f48caaa2ac2968ab68fb247b937c46ee6ed141e8fae55eb06000d6f41fa30966