crlanagentschap.pw
Open in
urlscan Pro
5.157.82.10
Malicious Activity!
Public Scan
Effective URL: https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/
Submission: On October 13 via api from BE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 13th 2019. Valid for: 3 months.
This is the only time crlanagentschap.pw was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Crelan (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 6 | 5.157.82.10 5.157.82.10 | 48635 (ASTRALUS) (ASTRALUS) | |
1 | 2a00:1450:400... 2a00:1450:4001:817::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
2 | 45.60.14.43 45.60.14.43 | 19551 (INCAPSULA) (INCAPSULA - Incapsula Inc) | |
1 | 194.0.205.129 194.0.205.129 | 9166 (CEGEKA-HA...) (CEGEKA-HASSELT) | |
4 | 2a00:1450:400... 2a00:1450:4001:81d::2003 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
11 | 6 |
ASN48635 (ASTRALUS, NL)
PTR: crlanagentschap.pw
crlanagentschap.pw |
ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
6 |
crlanagentschap.pw
3 redirects
crlanagentschap.pw |
59 KB |
4 |
gstatic.com
fonts.gstatic.com |
45 KB |
3 |
crelan.be
www.crelan.be mycrelan.crelan.be |
20 KB |
1 |
googleapis.com
fonts.googleapis.com |
881 B |
11 | 4 |
Domain | Requested by | |
---|---|---|
6 | crlanagentschap.pw |
3 redirects
crlanagentschap.pw
|
4 | fonts.gstatic.com |
crlanagentschap.pw
|
2 | www.crelan.be |
crlanagentschap.pw
|
1 | mycrelan.crelan.be |
crlanagentschap.pw
|
1 | fonts.googleapis.com |
crlanagentschap.pw
|
11 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.crelan.be |
Subject Issuer | Validity | Valid | |
---|---|---|---|
crlanagentschap.pw Let's Encrypt Authority X3 |
2019-10-13 - 2020-01-11 |
3 months | crt.sh |
*.googleapis.com GTS CA 1O1 |
2019-10-03 - 2019-12-26 |
3 months | crt.sh |
incapsula.com GlobalSign CloudSSL CA - SHA256 - G3 |
2019-05-14 - 2020-05-14 |
a year | crt.sh |
mycrelan.crelan.be Thawte EV RSA CA 2018 |
2019-01-25 - 2021-02-22 |
2 years | crt.sh |
*.google.com GTS CA 1O1 |
2019-09-17 - 2019-12-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/
Frame ID: 368A8E40565658E5DE218DA4C0D70A06
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://crlanagentschap.pw/?5sPFCDVC5msxHOthh=f6F2untltMOm1NNNGGa
HTTP 302
https://crlanagentschap.pw/kcie.php HTTP 302
https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8 HTTP 301
https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/ Page URL
Detected technologies
Ubuntu (Operating Systems) ExpandDetected patterns
- headers server /Ubuntu/i
Angular (JavaScript Frameworks) Expand
Detected patterns
- html /<[^>]+ ng-version="([\d.]+)"/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Page Statistics
2 Outgoing links
These are links going to different origins than the main page.
Title: Klant worden
Search URL Search Domain Scan URL
Title: Aanmelden
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://crlanagentschap.pw/?5sPFCDVC5msxHOthh=f6F2untltMOm1NNNGGa
HTTP 302
https://crlanagentschap.pw/kcie.php HTTP 302
https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8 HTTP 301
https://crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/ Redirect Chain
|
33 KB 19 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
11 KB 881 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base-04a9aa55b7.css
www.crelan.be/css/ |
90 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arc.css
crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/ |
77 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jm.js
crlanagentschap.pw/Q84NCKACLLX84N29VNB4KAC8/ |
85 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
my-crelan.280492e682f575beaa08.svg
mycrelan.crelan.be/portalserver/app/ |
4 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
616 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
603 B 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
barley-corn-8d577bde7e.svg
www.crelan.be/images/ |
1013 B 738 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_cJD3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
JTURjIg1_i6t8kCHKm45_bZF3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v14/ |
13 KB 13 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ |
9 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Crelan (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
crlanagentschap.pw
fonts.googleapis.com
fonts.gstatic.com
mycrelan.crelan.be
www.crelan.be
194.0.205.129
2a00:1450:4001:817::200a
2a00:1450:4001:81d::2003
45.60.14.43
5.157.82.10
03b52a1594b643f27fdfc0ad86291bf36368dde44df9f07e1206b6fd3563bcab
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
2603a2871db33f5a04a662c189ea4cffec16ab348d889a38ed0723a0f8b08cae
2c8049d8cd67c2168695231ec2b244100c30a725891b655a27ef727f698c3331
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
8db7766cc9bbb29201072e6b29f2b448384925bda79e1af67def9a9ada5331dd
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a6de304c233a1b4d07424cb88ba16dc46fb015b3f659cdb2b2357e96af161082
aa74c9a2afffd7ce806209dc896a935f908853edde4942c198e42e56b56c1d8e
b524e73959054d877a53e536aedfba2d44921fa5edb7fe4cec6ace1ff935ce8b
b6a2dba1caa6af38b4f16f3ce58dac2e5e4e72b8b7b4a8acd993cc51c1c1b16e
cfc5fe4916db54fe69fd7afd7b3df7625880ffe3632a3da549aec2e74f753f8b
de8b89a9667868707d0c9951f3758721aff8be6339763edc7026cf411671027e
ed218ab516a959f0db52d5df2884791a446d69e5d46b661387a6eae7bdf9cb57
f48caaa2ac2968ab68fb247b937c46ee6ed141e8fae55eb06000d6f41fa30966
fbf29a0480a181d21e6e5ca0bb638e6f3cefdcff4a6b42587f688e7b69cc8d29