worklog.dev.midis.eu Open in urlscan Pro
217.199.100.106  Malicious Activity! Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. http://worklog.dev.midis.eu/rbbm.mce/pnnrcc.php Page URL
2. http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	pnnrcc.php worklog.dev.midis.eu/rbbm.mce/	14 KB 2 KB	2151ms 2107ms	Document text/html	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/pnnrcc.php Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 28 Jan 2023 20:00:28 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx-rc Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	Primary Request signin.php Show response worklog.dev.midis.eu/rbbm.mce/	23 KB 4 KB	207ms 207ms	Document text/html	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/pnnrcc.php Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash fd8933bb20a91fc43d70edd0cfdcaa25d5530e3fbcc944aa5e0972ea31519a80 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Referer http://worklog.dev.midis.eu/rbbm.mce/pnnrcc.php Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Sat, 28 Jan 2023 20:00:29 GMT Server nginx-rc Transfer-Encoding chunked Vary Accept-Encoding X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-XSS-Protection 1; mode=block
GET H/1.1	200 OK	tea.css worklog.dev.midis.eu/rbbm.mce/theme/	14 KB 4 KB	301ms 300ms	Stylesheet text/css	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/theme/tea.css Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash 081ac22e84a0e65d7ab21e84192ac118505f2ba258137123a1af83e62cda184f Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sat, 28 Jan 2023 20:00:29 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Wed, 18 Jan 2023 13:57:56 GMT Server nginx-rc ETag W/"63c7fae4-3911" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000, public Connection keep-alive X-XSS-Protection 1; mode=block Expires Mon, 27 Feb 2023 20:00:29 GMT
GET H/1.1	200 OK	ionic.bundle.css worklog.dev.midis.eu/rbbm.mce/theme/	19 KB 4 KB	128ms 84ms	Stylesheet text/css	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/theme/ionic.bundle.css Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash 3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sat, 28 Jan 2023 20:00:29 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Wed, 18 Jan 2023 13:57:56 GMT Server nginx-rc ETag W/"63c7fae4-4a2b" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000, public Connection keep-alive X-XSS-Protection 1; mode=block Expires Mon, 27 Feb 2023 20:00:29 GMT
GET H/1.1	200 OK	sbg.css worklog.dev.midis.eu/rbbm.mce/theme/	25 KB 5 KB	356ms 312ms	Stylesheet text/css	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/theme/sbg.css Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash 2ad56c16942ae8b05ad83d4e7c044b1e7df97846e3ddc3cf9ce9d5ca179b70f0 Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sat, 28 Jan 2023 20:00:29 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Wed, 18 Jan 2023 13:57:56 GMT Server nginx-rc ETag W/"63c7fae4-6475" Transfer-Encoding chunked Vary Accept-Encoding Content-Type text/css X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000, public Connection keep-alive X-XSS-Protection 1; mode=block Expires Mon, 27 Feb 2023 20:00:29 GMT
GET H/1.1	200 OK	jquery-2.2.3.js Show response worklog.dev.midis.eu/rbbm.mce/theme/	253 KB 77 KB	130ms 86ms	Script application/javascript	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Full URL http://worklog.dev.midis.eu/rbbm.mce/theme/jquery-2.2.3.js Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash 95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sat, 28 Jan 2023 20:00:29 GMT Content-Encoding gzip X-Content-Type-Options nosniff Last-Modified Wed, 18 Jan 2023 13:57:56 GMT Server nginx-rc ETag W/"63c7fae4-3f258" Transfer-Encoding chunked Vary Accept-Encoding Content-Type application/javascript X-Frame-Options SAMEORIGIN Cache-Control max-age=2592000, public Connection keep-alive X-XSS-Protection 1; mode=block Expires Mon, 27 Feb 2023 20:00:29 GMT
GET H/1.1	200 OK	sbg.png worklog.dev.midis.eu/rbbm.mce/theme/	3 KB 4 KB	113ms 70ms	Image image/png	217.199.100.106 BALTKOM-AS
General Check archive.org Show headers Download Go to Show image Full URL http://worklog.dev.midis.eu/rbbm.mce/theme/sbg.png Requested by Host: worklog.dev.midis.eu URL: http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login Protocol HTTP/1.1 Server 217.199.100.106 , Latvia, ASN20910 (BALTKOM-AS, LV), Reverse DNS Software nginx-rc / Resource Hash 1a3aac076d48e18c6bd7547ca190a9b705f78d38cfc61e5a00f391b642c5adab Security Headers Name Value X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers accept-language de-DE,de;q=0.9 Referer http://worklog.dev.midis.eu/rbbm.mce/signin.php?authorization.oauth2?client_id=K1w4n9Sf5ctb1iv1RFH3QIS8FdvLzQqjSXog6gvbtZnuhTw8ydcoV5xAi2mSTMcLJA1QQx1jwpONikWR&response_type=code&scope=openid%20profile%20email%20device%20ost.all%20sbg-card.all%20sbg-corecustomerplatform.all%20sbg-forex.all%20sbg-payment.all%20sbg-platform.all%20sbg-systems.all%20urn:pingidentity:directory-api&redirect_uri=https://onlinebanking.standardbank.co.za/auth/prompt=login User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36 Response headers Date Sat, 28 Jan 2023 20:00:29 GMT X-Content-Type-Options nosniff Last-Modified Wed, 18 Jan 2023 13:57:56 GMT Server nginx-rc ETag "63c7fae4-dae" X-Frame-Options SAMEORIGIN Content-Type image/png Cache-Control max-age=2592000, public Connection keep-alive Accept-Ranges bytes Content-Length 3502 X-XSS-Protection 1; mode=block Expires Mon, 27 Feb 2023 20:00:29 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Standard Bank (Banking)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange function| $ function| jQuery function| tryit function| check function| showit

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			worklog.dev.midis.eu/	1969-12-31 23:59:59	Name: PHPSESSID Value: vt2a9mgbjeqdkf9l4kpel00q55

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

worklog.dev.midis.eu
217.199.100.106
081ac22e84a0e65d7ab21e84192ac118505f2ba258137123a1af83e62cda184f
1a3aac076d48e18c6bd7547ca190a9b705f78d38cfc61e5a00f391b642c5adab
2ad56c16942ae8b05ad83d4e7c044b1e7df97846e3ddc3cf9ce9d5ca179b70f0
3789296a3c60f4cfa82fd3c139d1d7ef968a06a4bab871f679562121a5869b44
95a5d6b46c9da70a89f0903e5fdc769a2c266a22a19fcb5598e5448a044db4fe
fd8933bb20a91fc43d70edd0cfdcaa25d5530e3fbcc944aa5e0972ea31519a80