dkbappslog.scoutsrupelmonde.be Open in urlscan Pro
2a0b:7280:100:0:416:eeff:fe00:214d Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://dkbappslog.scoutsrupelmonde.be/web/index.php?status=checked&authId=6741099a991e45fdc197674c048b6f5b6c1f69fa
Effective URL:
https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
Submission: On December 16 via api (December 16th 2022, 2:25:20 pm UTC) from IE — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a0b:7280:100:0:416:eeff:fe00:214d, located in Netherlands and belongs to CLDIN-NL TWS, NL. The main domain is dkbappslog.scoutsrupelmonde.be.
TLS certificate: Issued by R3 on December 15th 2022. Valid for: 3 months.

This is the only time dkbappslog.scoutsrupelmonde.be was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 11	2a0b:7280:100... 2a0b:7280:100:0:416:eeff:fe00:214d	48635 (CLDIN-NL TWS) (CLDIN-NL TWS)
2	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:811::200a	15169 (GOOGLE) (GOOGLE)
13	4

11 2a0b:7280:100:0:416:eeff:fe00:214d (Netherlands) 1 redirects

ASN48635 (CLDIN-NL TWS, NL)

dkbappslog.scoutsrupelmonde.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	scoutsrupelmonde.be 1 redirects dkbappslog.scoutsrupelmonde.be	247 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 381	141 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	961 B
13	3

	Domain	Requested by
11	dkbappslog.scoutsrupelmonde.be	1 redirects dkbappslog.scoutsrupelmonde.be
2	cdn.jsdelivr.net	dkbappslog.scoutsrupelmonde.be cdn.jsdelivr.net
1	fonts.googleapis.com	cdn.jsdelivr.net
13	3

This site contains no links.

Subject Issuer	Validity	Valid
dkbappslog.scoutsrupelmonde.be R3	`2022-12-15` - `2023-03-15`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
Frame ID: 4CF4776B6BCF02451F31512D6F9B848E
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Willkommen,

Page URL History Show full URLs

https://dkbappslog.scoutsrupelmonde.be/web/index.php?status=checked&authId=6741099a991e45fdc197674c048b6f5b6c1f69fa HTTP 302
https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8 Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Semantic UI (UI frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]+semantic(?:\.min)\.css"

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

429 kB
Transfer

1615 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://dkbappslog.scoutsrupelmonde.be/web/index.php?status=checked&authId=6741099a991e45fdc197674c048b6f5b6c1f69fa HTTP 302
https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login.php Show response
dkbappslog.scoutsrupelmonde.be/web/
Redirect Chain

https://dkbappslog.scoutsrupelmonde.be/web/index.php?status=checked&authId=6741099a991e45fdc197674c048b6f5b6c1f69fa
https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

8 KB
2 KB

2792ms
2792ms

Document
text/html

2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 / PHP/8.0.21

Resource Hash

fa128b18a0e50ea68e98d9abcbbaab2f8336eebee05c15d8f6ec41962a011a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: nl-NL,nl;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 1987
content-type: text/html; charset-UTF-8;charset=UTF-8
date: Fri, 16 Dec 2022 14:25:13 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
server: Apache/2
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-powered-by: PHP/8.0.21
x-robots-tag: noindex, nofollow
x-ua-compatible: IE=edge

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 380
content-type: text/html; charset-UTF-8;charset=UTF-8
date: Fri, 16 Dec 2022 14:25:10 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
pragma: no-cache
server: Apache/2
vary: Accept-Encoding,User-Agent
x-content-type-options: nosniff
x-powered-by: PHP/8.0.21
x-robots-tag: noindex, nofollow
x-ua-compatible: IE=edge

GET
H2 200 semantic.min.css
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/ 614 KB
101 KB 96ms
41ms Stylesheet
text/css 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4438371
x-jsd-version: 2.4.2
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19173-FRA, cache-yyz4540-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"99738-xBtVnjRc5piOJZyFKbhk0QxxYOQ"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QdmQkho2dARJcq%2Brrcg%2FtYekrm3JLUp8YB%2BuyNkfR7ETkaaWYJ5CIIAJkrF%2FVVouZOQNOvLio81l69Zq5zIb8nQKcJ1D2ouKEvn0xwBVJQZKSxtqbaZrKRe%2B%2BjV6xE8rDSyew4jvzszEb39B07s%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 77a8165d7f010a63-AMS

GET
H2 200 main.css
dkbappslog.scoutsrupelmonde.be/web/layout/css/ 11 KB
2 KB 28ms
27ms Stylesheet
text/css 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/css/main.css

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

fa295dc1cfa80e81335e66cef5dfba30a471373c422c611d27f2c9c5f321ab90

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Jun 2022 13:19:04 GMT
server: Apache/2
vary: Accept-Encoding,User-Agent
content-type: text/css; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 2176
expires: Sat, 16 Dec 2023 14:25:16 GMT

GET
H2 200 main.js Show response
dkbappslog.scoutsrupelmonde.be/web/layout/js/ 837 KB
179 KB 44ms
43ms Script
application/javascript 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/js/main.js

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

bab7919e0149a370a98daf257d95a2d5839d21bfe04bb2fb6a7671983c7530de

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 01 Jul 2022 05:14:42 GMT
server: Apache/2
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
expires: Sat, 16 Dec 2023 14:25:16 GMT

GET
H2 200 logo.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 1 KB
1 KB 28ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/logo.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

14b35e728a11ebaa486217f6c05103335902d1bdcbe2e7640a6df44f8b7f936a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:56 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 1029
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 search.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 650 B
684 B 27ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/search.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

e78a7546181abd93801044ffa526b2716da93bfdf3062f68ebf51fb7327dd6ef

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:56 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 650
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 aside_1.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 4 KB
4 KB 27ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/aside_1.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

69d23c696ace7e88ea64474450d8cc42f27fe298e268c60a4c0f9e4d375a45c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:00 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 3843
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 banner_1.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 9 KB
9 KB 30ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/banner_1.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

96ecab11ca4a18e2fa96a9b5683187ad779b2762f1ae904ed65aebe0d7247cc2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:18 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 8908
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 keyboard.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 315 B
372 B 27ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/keyboard.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

09347f6a4e4d4863e0a665b0bff9c9d17a5b022b4fff6ceb185c3dde0f087494

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:54 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 315
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 aside_2.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 34 KB
34 KB 28ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/aside_2.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

51dd2d5cd058a7c9eecae574a2896089032ee1e7c35adf3b0a9dfa2549e7fe5d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:16 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 34401
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 footer.png
dkbappslog.scoutsrupelmonde.be/web/layout/img/ 14 KB
14 KB 28ms
27ms Image
image/png 2a0b:7280:100:0:416:eeff:fe00:214d
CLDIN-NL TWS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dkbappslog.scoutsrupelmonde.be/web/layout/img/footer.png

Requested by

Host: dkbappslog.scoutsrupelmonde.be
URL: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a0b:7280:100:0:416:eeff:fe00:214d , Netherlands, ASN48635 (CLDIN-NL TWS, NL),

Reverse DNS

Software

Apache/2 /

Resource Hash

2362595d4adabb5a7119d6ac37ab03d9e39ffc5ed49bd41adfbc0ffddc14b7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://dkbappslog.scoutsrupelmonde.be/web/login.php?authId=7f039f45e7f9450b24f4f5e769943042be1aeda8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
x-content-type-options: nosniff
last-modified: Mon, 20 Jun 2022 22:06:34 GMT
server: Apache/2
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 14375
expires: Sun, 15 Jan 2023 14:25:16 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
961 B 200ms
70ms Stylesheet
text/css 2a00:1450:4001:811::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: nl-NL,nl;q=0.9
Referer: https://cdn.jsdelivr.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 16 Dec 2022 14:25:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 16 Dec 2022 12:46:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 16 Dec 2022 14:25:16 GMT

GET
DATA 200
OK truncated
/ 17 KB
17 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171

Request headers

Referer
Origin: https://dkbappslog.scoutsrupelmonde.be
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H3 200 icons.woff2
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/fonts/ 39 KB
40 KB 62ms
33ms Font
font/woff2 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/fonts/icons.woff2

Requested by

Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
Origin: https://dkbappslog.scoutsrupelmonde.be
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Fri, 16 Dec 2022 14:25:16 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16443652
x-jsd-version: 2.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 40148
x-served-by: cache-fra19164-FRA, cache-itm18845-ITM
x-jsd-version-type: version
server: cloudflare
etag: W/"9cd4-bsbTbLJGS06CHPq7Uy8xC9NCYBw"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYPCUox5dEwDeVKT6Px8l%2FzRnsyTZaGoeRh5YVPj0oE%2FJ8jD0Kt79rn8VTU5NNmpSqC8vNr38UzwsY1CNWkuKthDG7wGOeSDW%2FPbcMPcQEhpzmJsqDaGRqJGJ9yn9Dtm6RCzeUIv2%2FgJgKCnRBE%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 77a8165fab35b980-AMS

GET
DATA 200
OK truncated
/ 23 KB
23 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 20887aa995532d3a50cc4e65454d8e5e0a0ecc7862c465b12a4478972885bed1

Request headers

Referer
Origin: https://dkbappslog.scoutsrupelmonde.be
accept-language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			dkbappslog.scoutsrupelmonde.be/	1969-12-31 23:59:59	Name: PHPSESSID Value: 0894jghlep6ijfn2m5al8ck7po

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
dkbappslog.scoutsrupelmonde.be
fonts.googleapis.com
2606:4700::6810:5514
2a00:1450:4001:811::200a
2a0b:7280:100:0:416:eeff:fe00:214d
09347f6a4e4d4863e0a665b0bff9c9d17a5b022b4fff6ceb185c3dde0f087494
14b35e728a11ebaa486217f6c05103335902d1bdcbe2e7640a6df44f8b7f936a
20887aa995532d3a50cc4e65454d8e5e0a0ecc7862c465b12a4478972885bed1
2362595d4adabb5a7119d6ac37ab03d9e39ffc5ed49bd41adfbc0ffddc14b7ed
434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3
5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124
51dd2d5cd058a7c9eecae574a2896089032ee1e7c35adf3b0a9dfa2549e7fe5d
69d23c696ace7e88ea64474450d8cc42f27fe298e268c60a4c0f9e4d375a45c3
79b6bfed5b8e93eafbc4b6cc1aeb1a66256446899c27bfb099fc336fb59d3171
96ecab11ca4a18e2fa96a9b5683187ad779b2762f1ae904ed65aebe0d7247cc2
aed5ccd9a1464ec082338fd88b0b73b810af66c72b4adffe270607212d4693a2
bab7919e0149a370a98daf257d95a2d5839d21bfe04bb2fb6a7671983c7530de
e78a7546181abd93801044ffa526b2716da93bfdf3062f68ebf51fb7327dd6ef
fa128b18a0e50ea68e98d9abcbbaab2f8336eebee05c15d8f6ec41962a011a22
fa295dc1cfa80e81335e66cef5dfba30a471373c422c611d27f2c9c5f321ab90

dkbappslog.scoutsrupelmonde.be Open in urlscan Pro 2a0b:7280:100:0:416:eeff:fe00:214d Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

100 %IPv6

3 Domains

3 Subdomains

4 IPs

3 Countries

429 kBTransfer

1615 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

6 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

dkbappslog.scoutsrupelmonde.be Open in urlscan Pro
2a0b:7280:100:0:416:eeff:fe00:214d Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

429 kB
Transfer

1615 kB
Size

1
Cookies

13 HTTP transactions
2 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!