Threat overview
Aggregated threat-intelligence indicators against keensafeglobalbank.com. All data is FAKE/LAB.
42.7Risk score
8Leaked credentials
6Typosquatting domains
3Impersonation cases
5Active IOCs
Latest detections
| When | Feed | Sev | Asset | Evidence |
|---|---|---|---|---|
| 2026-05-02T08:00:00Z | typosquatting | high | keensafeglobalbank.com | keensaffeglobalbank.com (registered 2026-04-30, NS=ns1.suspicious-host.tld) |
| 2026-05-02T07:18:00Z | iocs | high | perimeter / SOC | keensafe-secure-login.com (phishing landing) |
| 2026-05-02T07:05:00Z | iocs | high | perimeter | 198.51.100.42 — phishing kit C2 |
| 2026-05-02T01:10:00Z | darkweb-mentions | high | Keensafe Global Bank | Forum 'CryptBB' — actor 'silent_finch' offering 'EU bank initial-access broker, Keensafe target' for 1.4 BTC. |
| 2026-05-01T19:00:00Z | brand-impersonation | high | Keensafe Global Bank brand | X / Twitter handle @KeensafeGlobalSupport (created 2026-04-28) impersonating customer support, asking customers to DM seed phrases. |
| 2026-05-01T15:30:00Z | typosquatting | high | keensafeglobalbank.com | keensafe-globabank.com (registered 2026-04-29, hosting on phishing-known IP 198.51.100.42) |
| 2026-05-01T10:30:00Z | pastes | high | internal hosts list | https://pastebin.com/abcd1234 — internal_hosts.txt: jenkins.internal.keensafeglobalbank.com, vault.internal.keensafeglobalbank.com, kafka01.internal.keensafeglobalbank.com |
| 2026-04-30T22:11:00Z | github-leaks | critical | git.keensafeglobalbank.com / partner SDK | https://github.com/ext-partner/keensafe-payouts/blob/c0ffee/src/.env — AKIAFAKEKEYONLY12345 / FAKEsecret/Lab+OnlyDoNotUseInProductionAA |
Severity breakdown
critical
3
high
14
medium
13
low
2
Top affected users
vpn.user@keensafeglobalbank.com1
devops@keensafeglobalbank.com1
employee1@keensafeglobalbank.com1
support.user@keensafeglobalbank.com1
customer1@keensafeglobalbank.com1
Active IOCs (most recent)
| Type | Indicator | Severity | Confidence | Source |
|---|---|---|---|---|
| domain | keensafe-secure-login.com (phishing landing) | high | 90% | Open-source feed (LAB) |
| ipv4 | 198.51.100.42 — phishing kit C2 | high | 88% | AbuseIPDB-like (LAB) |
| sha256 | f1e2d3c4b5a6978899aabbccddeeff00112233445566778899aabbccddeeff00 (FAKE) — banker payload | high | 92% | VirusTotal-like (LAB) |
| domain | keensaffeglobalbank.com | medium | 80% | MISP-like (LAB) |
| ipv4 | 203.0.113.66 — scanner / brute-force source | medium | 70% | Open-source feed (LAB) |
Available JSON feeds
/feeds/leaked-credentials— 8 record(s)/feeds/typosquatting— 6 record(s)/feeds/github-leaks— 4 record(s)/feeds/pastes— 3 record(s)/feeds/darkweb-mentions— 3 record(s)/feeds/iocs— 5 record(s)/feeds/brand-impersonation— 3 record(s)/feeds/all— aggregated