urlscan.io logo urlscan.io
SecurityTrails logo

www.ritualst.freaze.eu Open in urlscan Pro
2a03:3a60:a1:7::1  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://klechts.com/wait/bezet.php
Effective URL: http://www.ritualst.freaze.eu/moks/index.php
Submission: On March 02 via api from BE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 3 HTTP transactions. The main IP is 2a03:3a60:a1:7::1, located in Netherlands and belongs to I3DNET, NL. The main domain is www.ritualst.freaze.eu.
This is the only time www.ritualst.freaze.eu was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Crelan (Banking)

Domain & IP information

IP Address AS Autonomous System
1 2a02:2350:5:1... 51468 (ONECOM)
1 2a02:26f0:eb:... 20940 (AKAMAI-ASN1)
1 2a03:3a60:a1:... 49544 (I3DNET)
3 4
Apex Domain
Subdomains		 Transfer
1 freaze.eu
www.ritualst.freaze.eu
159 KB
1 mzstatic.com
is1-ssl.mzstatic.com
11 KB
1 klechts.com
klechts.com
593 B
3 3
Domain Requested by
1 www.ritualst.freaze.eu
1 is1-ssl.mzstatic.com klechts.com
1 klechts.com
3 3

This site contains links to these domains. Also see Links.

Domain
mycrelan.crelan.be
www.crelan.be
Subject Issuer Validity Valid
itunes.apple.com
DigiCert SHA2 Extended Validation Server CA-3		 2020-01-24 -
2021-01-24		 a year crt.sh

This page contains 1 frames:

Primary Page: http://www.ritualst.freaze.eu/moks/index.php
Frame ID: 75710B2F91E108E4F726A99B656670FC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://klechts.com/wait/bezet.php Page URL
  2. http://www.ritualst.freaze.eu/moks/index.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

3
Requests

33 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

235 kB
Transfer

710 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://klechts.com/wait/bezet.php Page URL
  2. http://www.ritualst.freaze.eu/moks/index.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
bezet.php
klechts.com/wait/ 		327 B
593 B 		Document
General
Check archive.org
Download Go to
Full URL
http://klechts.com/wait/bezet.php
Protocol
HTTP/1.1
Server
2a02:2350:5:102:6040:0:c002:b05a Copenhagen, Denmark, ASN51468 (ONECOM, DK),
Reverse DNS
Software
Apache / PHP/7.3.15
Resource Hash
78d655c8b6054f1e0d9d00136285c673f8e886ab593d378ce8ce5a89f0778b08

Request headers

Host
klechts.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 02 Mar 2020 21:30:11 GMT
Server
Apache
X-Powered-By
PHP/7.3.15
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Length
279
Content-Type
text/html; charset=UTF-8
X-Varnish
222800136
Age
0
Via
1.1 varnish (Varnish/6.3)
Accept-Ranges
bytes
Connection
keep-alive
246x0w.jpg
is1-ssl.mzstatic.com/image/thumb/Purple118/v4/dc/20/b9/dc20b9f6-adf5-6e8d-3d4e-3959b27555a5/mzl.pehbfnlp.png/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://is1-ssl.mzstatic.com/image/thumb/Purple118/v4/dc/20/b9/dc20b9f6-adf5-6e8d-3d4e-3959b27555a5/mzl.pehbfnlp.png/246x0w.jpg
Requested by
Host: klechts.com
URL: http://klechts.com/wait/bezet.php
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:eb:181::2a1 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
daiquiri/3.0.0 /
Resource Hash
dc1a0a89c99a520a8beb56f3b0eab560ed6f5f1bf666873cace9078b5c631582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
http://klechts.com/wait/bezet.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

x-apple-jingle-correlation-key
FDNXMFENSY4NNST6JTBAXUMP
strict-transport-security
max-age=31536000; includeSubDomains
x-cache-remote
TCP_MISS from a2-22-50-158.deploy.akamaitechnologies.com (AkamaiGHost/9.9.0.2.1-28735203) (-)
x-daiquiri-instance
daiquiri:13624002:mr85p00it-hyhk03094901:7987:20B36
status
200
date
Mon, 02 Mar 2020 21:30:11 GMT
last-modified
Fri, 28 Feb 2020 08:29:08 GMT
x-cache
TCP_MISS from a2-20-190-184.deploy.akamaitechnologies.com (AkamaiGHost/9.9.0.2.1-28735203) (-)
content-length
10411
cache-control
no-transform, max-age=14994665
apple-tk
false
server
daiquiri/3.0.0
apple-seq
0.0
etag
"msPJt9ekpskM4Sc5S+ssYg=="
apple-originating-system
UnknownOriginatingSystem
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
x-apple-request-uuid
28db7614-8d96-38d6-ca7e-4cc20bd18f
Primary Request Cookie set index.php
www.ritualst.freaze.eu/moks/ 		630 KB
159 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://www.ritualst.freaze.eu/moks/index.php
Protocol
HTTP/1.1
Server
2a03:3a60:a1:7::1 , Netherlands, ASN49544 (I3DNET, NL),
Reverse DNS
Software
Apache/2 / PHP/5.6.40
Resource Hash
6dc057c1ed968af5d03f70f816b51f2646a5fcafc62bfffed26021927a26d913

Request headers

Host
www.ritualst.freaze.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer
http://klechts.com/wait/bezet.php
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
http://klechts.com/wait/bezet.php

Response headers

Date
Mon, 02 Mar 2020 21:30:12 GMT
Server
Apache/2
X-Powered-By
PHP/5.6.40
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=l10o9cs3ook9dompvudvm231j0; path=/
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
Keep-Alive
timeout=2, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f48caaa2ac2968ab68fb247b937c46ee6ed141e8fae55eb06000d6f41fa30966

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4bca7a25da80f6581bff6df88f752a9307a9e9c10d52ce2005394fb7c3168f32

Request headers

Origin
http://www.ritualst.freaze.eu
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/x-font-woff
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
665cee58d2071e0e388f39feefc398b9458305fdb6ee996011763880331b2c7b

Request headers

Origin
http://www.ritualst.freaze.eu
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/x-font-woff
truncated
/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
149e46018323b17a4f10356c3fe48dc787e3e063fc377b5dbb64cc9c9f0aedeb

Request headers

Origin
http://www.ritualst.freaze.eu
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
application/x-font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Crelan (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| savepage_PageLoader

1 Cookies

Domain/Path Name / Value
www.ritualst.freaze.eu/ Name: PHPSESSID
Value: l10o9cs3ook9dompvudvm231j0