dev.rugcentrumgent.be Open in urlscan Pro
78.41.69.106 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/?dispatch=?+echo+US.=.6767299547792._.f...
Effective URL:
http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/index1.php
Submission Tags: 6753270
Submission: On September 03 via api (September 3rd 2020, 11:30:16 pm UTC) from US

Summary HTTP 64 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 7 countries across 20 domains to perform 64 HTTP transactions. The main IP is 78.41.69.106, located in Kruibeke, Belgium and belongs to BENESOL-BACKBONE International Backbone, BE. The main domain is dev.rugcentrumgent.be.

This is the only time dev.rugcentrumgent.be was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Microsoft (Consumer)

Domain & IP information

	IP Address	AS Autonomous System
2	78.41.69.106 78.41.69.106	8368 (BENESOL-B...) (BENESOL-BACKBONE International Backbone)
20	23.40.113.185 23.40.113.185	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:26f0:f1:... 2a02:26f0:f1:28f::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.16.186.18 2.16.186.18	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	40.77.226.250 40.77.226.250	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a02:26f0:f1:... 2a02:26f0:f1:28f::37	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba1b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	52.76.0.165 52.76.0.165	16509 (AMAZON-02) (AMAZON-02)
3	2a02:26f0:2b0... 2a02:26f0:2b00:491::356e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	40.90.22.183 40.90.22.183	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	20.190.129.24 20.190.129.24	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	52.114.132.20 52.114.132.20	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2606:4700::68... 2606:4700::6810:5d53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:800::200e	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:43b0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:14bf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:d4cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	173.208.239.244 173.208.239.244	32097 (WII) (WII)
1	152.199.23.37 152.199.23.37	15133 (EDGECAST) (EDGECAST)
3	2a00:1450:400... 2a00:1450:4001:821::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
64	24

2 78.41.69.106 (Kruibeke, Belgium)

ASN8368 (BENESOL-BACKBONE International Backbone, BE)
PTR: 78-41-69-106.powered-by.benesol.be

dev.rugcentrumgent.be	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 23.40.113.185 (Netherlands)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a23-40-113-185.deploy.static.akamaitechnologies.com

blobs.officehome.msocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:f1:28f::356e (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

www.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.18 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)
PTR: a2-16-186-18.deploy.static.akamaitechnologies.com

statics-marketingsites-eus-ms-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 40.77.226.250 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

web.vortex.data.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:f1:28f::37 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

mem.gfx.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00::210:ba1b (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

img-prod-cms-rt-microsoft-com.akamaized.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.76.0.165 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-76-0-165.ap-southeast-1.compute.amazonaws.com

www.apacciooutlook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:2b00:491::356e (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

c.s-microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 40.90.22.183 (San Jose, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.live.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.190.129.24 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

login.microsoftonline.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c1.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.114.132.20 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

browser.pipe.aria.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:5d53 (United States)

ASN13335 (CLOUDFLARENET, US)

static.npmjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.208.239.244 (Kansas City, United States)

ASN32097 (WII, US)
PTR: mta5.drunkrevok.com

www.pinclipart.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.23.37 (United States)

ASN15133 (EDGECAST, US)

aadcdn.msftauth.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:821::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
20	msocdn.com blobs.officehome.msocdn.com	3 MB
13	microsoft.com 1 redirects www.microsoft.com web.vortex.data.microsoft.com c1.microsoft.com browser.pipe.aria.microsoft.com	77 KB
5	npmjs.com static.npmjs.com	521 KB
3	googleapis.com fonts.googleapis.com	2 KB
3	s-microsoft.com c.s-microsoft.com	92 KB
3	gfx.ms mem.gfx.ms	57 KB
2	gstatic.com fonts.gstatic.com	26 KB
2	google-analytics.com www.google-analytics.com	20 KB
2	akamaized.net statics-marketingsites-eus-ms-com.akamaized.net img-prod-cms-rt-microsoft-com.akamaized.net	5 KB
2	rugcentrumgent.be dev.rugcentrumgent.be	55 KB
1	hubspot.com track.hubspot.com	528 B
1	msftauth.net aadcdn.msftauth.net	2 KB
1	pinclipart.com www.pinclipart.com	72 KB
1	hs-scripts.com js.hs-scripts.com	834 B
1	hs-banner.com js.hs-banner.com	12 KB
1	hs-analytics.net js.hs-analytics.net	23 KB
1	bing.com 1 redirects c.bing.com	530 B
1	microsoftonline.com login.microsoftonline.com
1	live.com login.live.com
1	apacciooutlook.com www.apacciooutlook.com	69 KB
64	20

	Domain	Requested by
20	blobs.officehome.msocdn.com	dev.rugcentrumgent.be
6	web.vortex.data.microsoft.com	dev.rugcentrumgent.be blobs.officehome.msocdn.com
5	static.npmjs.com	dev.rugcentrumgent.be
3	fonts.googleapis.com	static.npmjs.com
3	c.s-microsoft.com	www.microsoft.com
3	mem.gfx.ms	dev.rugcentrumgent.be
3	www.microsoft.com	dev.rugcentrumgent.be www.microsoft.com
2	fonts.gstatic.com	fonts.googleapis.com
2	www.google-analytics.com	dev.rugcentrumgent.be
2	browser.pipe.aria.microsoft.com	blobs.officehome.msocdn.com
2	c1.microsoft.com	1 redirects
2	dev.rugcentrumgent.be
1	track.hubspot.com
1	aadcdn.msftauth.net	dev.rugcentrumgent.be
1	www.pinclipart.com	dev.rugcentrumgent.be
1	js.hs-scripts.com	dev.rugcentrumgent.be
1	js.hs-banner.com	dev.rugcentrumgent.be
1	js.hs-analytics.net	dev.rugcentrumgent.be
1	c.bing.com	1 redirects
1	login.microsoftonline.com	blobs.officehome.msocdn.com
1	login.live.com	blobs.officehome.msocdn.com
1	www.apacciooutlook.com	dev.rugcentrumgent.be
1	img-prod-cms-rt-microsoft-com.akamaized.net	dev.rugcentrumgent.be
1	statics-marketingsites-eus-ms-com.akamaized.net	dev.rugcentrumgent.be
64	24

This site contains no links.

Subject Issuer	Validity	Valid
*.officehome.msocdn.com Microsoft IT TLS CA 4	`2019-10-17` - `2021-10-17`	2 years	crt.sh
www.microsoft.com Microsoft IT TLS CA 5	`2019-10-21` - `2021-10-21`	2 years	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2020-07-15` - `2021-09-13`	a year	crt.sh
*.vortex.data.microsoft.com Microsoft IT TLS CA 4	`2020-01-21` - `2022-01-21`	2 years	crt.sh
mem.gfx.ms Microsoft IT TLS CA 2	`2020-01-06` - `2022-01-06`	2 years	crt.sh
*.apacciooutlook.com Go Daddy Secure Certificate Authority - G2	`2020-06-24` - `2021-06-27`	a year	crt.sh
login.live.com DigiCert SHA2 Secure Server CA	`2020-07-07` - `2021-07-07`	a year	crt.sh
stamp2.login.microsoftonline.com DigiCert SHA2 Secure Server CA	`2020-07-20` - `2022-07-20`	2 years	crt.sh
c.msn.com Microsoft IT TLS CA 2	`2020-04-23` - `2022-04-23`	2 years	crt.sh
*.events.data.microsoft.com Microsoft IT TLS CA 1	`2020-05-07` - `2022-05-07`	2 years	crt.sh
npmjs.com Cloudflare Inc ECC CA-3	`2020-07-05` - `2021-07-05`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-03` - `2021-08-03`	a year	crt.sh
pinclipart.com Let's Encrypt Authority X3	`2020-06-25` - `2020-09-23`	3 months	crt.sh
aadcdn.msftauth.net DigiCert SHA2 Secure Server CA	`2020-07-09` - `2021-07-09`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-08-19` - `2020-11-11`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2020-07-27` - `2021-07-27`	a year	crt.sh

This page contains 3 frames:

Primary Page: http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/index1.php
Frame ID: E3B75369643C6693CFBE19166A36AD98
Requests: 72 HTTP requests in this frame

Frame: https://login.live.com/Me.srf?wa=wsignin1.0&wreply=https://www.office.com/
Frame ID: 99CD5DB991080E092C1E1B36DFB7114E
Requests: 1 HTTP requests in this frame

Frame: https://login.microsoftonline.com/savedusers?wreply=https://www.office.com/&appid=4345a7b9-9a63-4910-a426-35363201d503
Frame ID: 1B7D620692E9DF8562713EBA85BCC0C4
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/?dispatch=?+echo+US... Page URL
http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/index1.php Page URL

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

React (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<[^>]+data-react/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Page Statistics

64
Requests

94 %
HTTPS

54 %
IPv6

20
Domains

24
Subdomains

24
IPs

7
Countries

4527 kB
Transfer

6853 kB
Size

2
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/?dispatch=?+echo+US.=.6767299547792._.f1b0ae7ccd6c597c9105ad316486548a.=.United+States;+x? Page URL
http://dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/index1.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 50

http://c1.microsoft.com/c.gif?DI=4050&did=1&t= HTTP 302
https://c.bing.com/c.gif?DI=4050&did=1&t=&CtsSyncId=3C2FA166AAFC432EA34563D809CAB91F&RedC=c1.microsoft.com&MXFR=1C3E43828C9963C738AE4CB8889965B2 HTTP 302
https://c1.microsoft.com/c.gif?DI=4050&did=1&t=&CtsSyncId=3C2FA166AAFC432EA34563D809CAB91F&MUID=2C9E5481334E68660A7E5BBB329C6977

64 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK / Show response
dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756/ 200 KB
26 KB 47ms
33ms Document
text/html 78.41.69.106
BENESOL-BACKBONE ...

General

			Domain/Path	Expires	Name / Value
			dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756	1970-01-19 20:58:31	Name: MicrosoftApplicationsTelemetryFirstLaunchTime Value: 2020-09-03T23:30:00.031Z
			dev.rugcentrumgent.be/wp/wp-content/uploads/1/532c41f2223f75885c77311ee6e4f756	1970-01-19 20:58:31	Name: MicrosoftApplicationsTelemetryDeviceId Value: 66656052-8482-47d7-98e6-5b6599dfdbaf

dev.rugcentrumgent.be Open in urlscan Pro 78.41.69.106 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

64 Requests

94 %HTTPS

54 %IPv6

20 Domains

24 Subdomains

24 IPs

7 Countries

4527 kBTransfer

6853 kBSize

2 Cookies

0 Outgoing links

Page URL History

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

dev.rugcentrumgent.be Open in urlscan Pro
78.41.69.106 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

94 %
HTTPS

54 %
IPv6

20
Domains

24
Subdomains

24
IPs

7
Countries

4527 kB
Transfer

6853 kB
Size

2
Cookies

64 HTTP transactions
10 data transactions