cursist01.nr30.nl Open in urlscan Pro
86.89.240.114 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/3v9yGnJ
Effective URL:
https://cursist01.nr30.nl/wp-content/themes/su/payment.php
Submission: On April 12 via manual (April 12th 2022, 9:11:58 am UTC) from CH — Scanned from DE

Summary HTTP 20 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 2 countries across 3 domains to perform 20 HTTP transactions. The main IP is 86.89.240.114, located in Breukelen, Netherlands and belongs to KPN KPN National, NL. The main domain is cursist01.nr30.nl.
TLS certificate: Issued by R3 on March 16th 2022. Valid for: 3 months.

This is the only time cursist01.nr30.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Saudi Post (Government)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.11 67.199.248.11	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	2606:4700:10:... 2606:4700:10::6816:1e8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 22	86.89.240.114 86.89.240.114	1136 (KPN KPN N...) (KPN KPN National)
20	1

1 67.199.248.11 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:1e8 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cutt.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 86.89.240.114 (Breukelen, Netherlands) 2 redirects

ASN1136 (KPN KPN National, NL)
PTR: 86-89-240-114.fixed.kpn.net

cursist01.nr30.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
22	nr30.nl 2 redirects cursist01.nr30.nl	526 KB
1	cutt.ly 1 redirects cutt.ly — Cisco Umbrella Rank: 67961	454 B
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 4275	337 B
20	3

	Domain	Requested by
22	cursist01.nr30.nl	2 redirects cursist01.nr30.nl
1	cutt.ly	1 redirects
1	bit.ly	1 redirects
20	3

This site contains no links.

Subject Issuer	Validity	Valid
cursist01.nr30.nl R3	`2022-03-16` - `2022-06-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://cursist01.nr30.nl/wp-content/themes/su/payment.php
Frame ID: BCBE82A22B49D1DA2F8F42B79F5500F2
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Saudi Post - Simple & Trusted Payments

Page URL History Show full URLs

http://bit.ly/3v9yGnJ HTTP 301
https://cutt.ly/wFnPs9I HTTP 301
https://cursist01.nr30.nl/wp-content/themes/su HTTP 301
https://cursist01.nr30.nl/wp-content/themes/su/ HTTP 302
https://cursist01.nr30.nl/wp-content/themes/su/payment.php Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css

Page Statistics

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

526 kB
Transfer

945 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/3v9yGnJ HTTP 301
https://cutt.ly/wFnPs9I HTTP 301
https://cursist01.nr30.nl/wp-content/themes/su HTTP 301
https://cursist01.nr30.nl/wp-content/themes/su/ HTTP 302
https://cursist01.nr30.nl/wp-content/themes/su/payment.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request payment.php Show response cursist01.nr30.nl/wp-content/themes/su/ Redirect Chain http://bit.ly/3v9yGnJ https://cutt.ly/wFnPs9I https://cursist01.nr30.nl/wp-content/themes/su https://cursist01.nr30.nl/wp-content/themes/su/ https://cursist01.nr30.nl/wp-content/themes/su/payment.php	17 KB 5 KB	19ms 19ms	Document text/html	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `b6bb08c3c5a2b946db2e05533d00018224ab9a3c1952838eab66498b17fefe00` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Length 4587 Content-Type text/html; charset=UTF-8 Date Tue, 12 Apr 2022 09:11:53 GMT Keep-Alive timeout=5, max=98 Server Apache Vary Accept-Encoding Redirect headers Connection Keep-Alive Content-Length 0 Content-Type text/html; charset=UTF-8 Date Tue, 12 Apr 2022 09:11:53 GMT Keep-Alive timeout=5, max=99 Location payment.php Server Apache
GET H/1.1	200 OK	bootstrap.css cursist01.nr30.nl/wp-content/themes/su/files/	140 KB 20 KB	26ms 25ms	Stylesheet text/css	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/bootstrap.css Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `e3ac3b8c4a13f2f0ae8c1ae1ecffa93f7f3528c05d440141f83cfea940132d6d` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "23027-5dc4e22b30509-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 20303
GET H/1.1	200 OK	custom.css cursist01.nr30.nl/wp-content/themes/su/files/	12 KB 3 KB	54ms 18ms	Stylesheet text/css	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/custom.css Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `1027cddddbd69edd1f84013d8f86a9bafa415503b104e5e1fb003b70e5362e3b` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "2f05-5dc4e22b30509-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3062
GET H/1.1	200 OK	style.css cursist01.nr30.nl/wp-content/themes/su/files/	2 KB 927 B	53ms 17ms	Stylesheet text/css	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/style.css Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `68b7e9302357f948488decd18e467a578a663902ec7b18773f680eca120e8cd9` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "6f6-5dc4e22b314aa-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 607
GET H/1.1	200 OK	opensans.css cursist01.nr30.nl/wp-content/themes/su/files/	1 KB 642 B	65ms 17ms	Stylesheet text/css	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `7b813b380d5e99d9d7ae94501469895cb3658f7b45d91ac6cfdfaa3665388112` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "4a9-5dc4e22b30509-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 323
GET H/1.1	200 OK	intlTelInput.css cursist01.nr30.nl/wp-content/themes/su/build/css/	25 KB 3 KB	73ms 19ms	Stylesheet text/css	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/build/css/intlTelInput.css Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "62a6-5dc4e22b2c688-gzip" Vary Accept-Encoding Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 3157
GET H/1.1	200 OK	loading_payment.gif cursist01.nr30.nl/wp-content/themes/su/files/	11 KB 11 KB	25ms 19ms	Image image/gif	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/loading_payment.gif Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `5432b59decde382eae206cbe12dee7dd05ca9dcacb67f027a59b6a97a4379f07` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "2a43-5dc4e22b30509" Content-Type image/gif Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 10819
GET H/1.1	200 OK	62617_1589791686.png cursist01.nr30.nl/wp-content/themes/su/files/	12 KB 12 KB	32ms 22ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/62617_1589791686.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `16893732c1d56cff7778f74e569a833e345cc0f0fb0c3226380d7bcf414f51fe` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "2f60-5dc4e22b2f569" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 12128
GET H/1.1	200 OK	58482363cef1014c0b5e49c1.png cursist01.nr30.nl/wp-content/themes/su/files/	80 KB 81 KB	32ms 22ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/58482363cef1014c0b5e49c1.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `60fc37f80886700e21b2f04c04bf880087a5a69d87a530e33d11e4eaea5ac67c` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "141d3-5dc4e22b2f569" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 82387
GET H/1.1	200 OK	58482354cef1014c0b5e49c0.png cursist01.nr30.nl/wp-content/themes/su/files/	37 KB 38 KB	17ms 17ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/58482354cef1014c0b5e49c0.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `750ac8d2bd2d0168a404a67733239d84262902c0dc2f231fff66182436a6e0c4` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "9531-5dc4e22b2f569" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=95 Content-Length 38193
GET H/1.1	200 OK	intlTelInput.js Show response cursist01.nr30.nl/wp-content/themes/su/build/js/	87 KB 21 KB	77ms 23ms	Script application/javascript	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/build/js/intlTelInput.js Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `1bc2d5be2d753eaf2f6c0e91bdb24a95a9e20d19e1d76edcbf1a0bb13818643f` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "15cfa-5dc4e22b2e5c9-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 20976
GET H/1.1	200 OK	cards.png cursist01.nr30.nl/wp-content/themes/su/files/	18 KB 18 KB	19ms 19ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/cards.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `0434701192cc2fbfad32f66624b56676a8f416d3d94b259fa1eb1aaa60f6ad39` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "46c6-5dc4e22b30509" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 18118
GET H/1.1	200 OK	cards1.png cursist01.nr30.nl/wp-content/themes/su/files/	17 KB 17 KB	22ms 21ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/cards1.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `186c8713eeaa90ab36660a4ae84f95e51aa3730dd3543c5ce18e776108a75b60` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "4364-5dc4e22b30509" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 17252
GET H/1.1	200 OK	trust-removebg-preview.png cursist01.nr30.nl/wp-content/themes/su/files/	132 KB 133 KB	26ms 26ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/trust-removebg-preview.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `4f1bf1cc5ae0cd0c356965fd378e4e9c30268533949d65349c2d4315852627a0` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "210ff-5dc4e22b314aa" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 135423
GET H/1.1	200 OK	express-checkout.png cursist01.nr30.nl/wp-content/themes/su/files/	37 KB 37 KB	30ms 30ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/express-checkout.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/payment.php Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `1a84a7da15921a85f7a8bd195b2eee6310715e1d9afa14bf75b2ce6fd7bfd52d` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "9448-5dc4e22b30509" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 37960
GET H/1.1	404 Not Found	mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 cursist01.nr30.nl/wp-content/themes/su/files/	0 0	406ms 388ms	Font text/html	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash Request headers Referer https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Origin https://cursist01.nr30.nl accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://cursist01.nr30.nl/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=97 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	mem8YaGs126MiZpBA-UFVZ0b.woff2 cursist01.nr30.nl/wp-content/themes/su/files/	0 0	1108ms 1093ms	Font text/html	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/mem8YaGs126MiZpBA-UFVZ0b.woff2 Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash Request headers Referer https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Origin https://cursist01.nr30.nl accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://cursist01.nr30.nl/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=98 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	404 Not Found	mem5YaGs126MiZpBA-UNirkOUuhp.woff2 cursist01.nr30.nl/wp-content/themes/su/files/	0 0	1534ms 1530ms	Font text/html	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/files/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash Request headers Referer https://cursist01.nr30.nl/wp-content/themes/su/files/opensans.css Origin https://cursist01.nr30.nl accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Server Apache Transfer-Encoding chunked Content-Type text/html; charset=UTF-8 Cache-Control no-cache, must-revalidate, max-age=0 Connection Keep-Alive Link <https://cursist01.nr30.nl/wp-json/>; rel="https://api.w.org/" Keep-Alive timeout=5, max=94 Expires Wed, 11 Jan 1984 05:00:00 GMT
GET H/1.1	200 OK	flags.png cursist01.nr30.nl/wp-content/themes/su/build/img/	69 KB 69 KB	52ms 27ms	Image image/png	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Show image Full URL https://cursist01.nr30.nl/wp-content/themes/su/build/img/flags.png Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/build/css/intlTelInput.css Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/build/css/intlTelInput.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:53 GMT Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "114c9-5dc4e22b2d629" Content-Type image/png Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 70857
GET H/1.1	200 OK	utils.js Show response cursist01.nr30.nl/wp-content/themes/su/build/js/	248 KB 56 KB	68ms 67ms	Script application/javascript	86.89.240.114 KPN KPN National
General Check archive.org Show headers Download Go to Full URL https://cursist01.nr30.nl/wp-content/themes/su/build/js/utils.js Requested by Host: cursist01.nr30.nl URL: https://cursist01.nr30.nl/wp-content/themes/su/build/js/intlTelInput.js Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 86.89.240.114 Breukelen, Netherlands, ASN1136 (KPN KPN National, NL), Reverse DNS 86-89-240-114.fixed.kpn.net Software Apache / Resource Hash `aeb6bc2ecd957d24b8bb08c9ebd6248835fbf6bbed3eeb1ac61d403eed193f56` Request headers accept-language de-DE,de;q=0.9 Referer https://cursist01.nr30.nl/wp-content/themes/su/payment.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36 Response headers Date Tue, 12 Apr 2022 09:11:55 GMT Content-Encoding gzip Last-Modified Sun, 10 Apr 2022 15:03:51 GMT Server Apache ETag "3e07f-5dc4e22b2e5c9-gzip" Vary Accept-Encoding Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 57237

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Saudi Post (Government)

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

2 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-20 06:35:06	Name: _bit Value: m3c9bR-f2d44916370da45654-003
			cutt.ly/	1969-12-31 23:59:59	Name: PHPSESSID Value: q1ud3lrub7lvnhhom1ss8viunh

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cursist01.nr30.nl/wp-content/themes/su/files/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cursist01.nr30.nl/wp-content/themes/su/files/mem8YaGs126MiZpBA-UFVZ0b.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)
network	error	URL: https://cursist01.nr30.nl/wp-content/themes/su/files/mem5YaGs126MiZpBA-UNirkOUuhp.woff2 Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
cursist01.nr30.nl
cutt.ly
2606:4700:10::6816:1e8
67.199.248.11
86.89.240.114
0434701192cc2fbfad32f66624b56676a8f416d3d94b259fa1eb1aaa60f6ad39
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55
1027cddddbd69edd1f84013d8f86a9bafa415503b104e5e1fb003b70e5362e3b
16893732c1d56cff7778f74e569a833e345cc0f0fb0c3226380d7bcf414f51fe
186c8713eeaa90ab36660a4ae84f95e51aa3730dd3543c5ce18e776108a75b60
1a84a7da15921a85f7a8bd195b2eee6310715e1d9afa14bf75b2ce6fd7bfd52d
1bc2d5be2d753eaf2f6c0e91bdb24a95a9e20d19e1d76edcbf1a0bb13818643f
4f1bf1cc5ae0cd0c356965fd378e4e9c30268533949d65349c2d4315852627a0
5432b59decde382eae206cbe12dee7dd05ca9dcacb67f027a59b6a97a4379f07
60fc37f80886700e21b2f04c04bf880087a5a69d87a530e33d11e4eaea5ac67c
68b7e9302357f948488decd18e467a578a663902ec7b18773f680eca120e8cd9
750ac8d2bd2d0168a404a67733239d84262902c0dc2f231fff66182436a6e0c4
7b813b380d5e99d9d7ae94501469895cb3658f7b45d91ac6cfdfaa3665388112
ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491
aeb6bc2ecd957d24b8bb08c9ebd6248835fbf6bbed3eeb1ac61d403eed193f56
b6bb08c3c5a2b946db2e05533d00018224ab9a3c1952838eab66498b17fefe00
e3ac3b8c4a13f2f0ae8c1ae1ecffa93f7f3528c05d440141f83cfea940132d6d

cursist01.nr30.nl Open in urlscan Pro 86.89.240.114 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

20 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

1 IPs

2 Countries

526 kBTransfer

945 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

20 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

14 JavaScript Global Variables

2 Cookies

3 Console Messages

Indicators

cursist01.nr30.nl Open in urlscan Pro
86.89.240.114 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

20
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

1
IPs

2
Countries

526 kB
Transfer

945 kB
Size

2
Cookies

20 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!