rijschoolhoorn.nl
2a00:f10:13f:0:1c00:4fff:fe00:174  Malicious Activity!

URL: http://rijschoolhoorn.nl/de/capone/
Submission: On September 28 via manual from FR — Scanned from NL

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a00:f10:13f:0:1c00:4fff:fe00:174, located in Netherlands and belongs to CLDIN-NL TWS, NL. The main domain is rijschoolhoorn.nl.
This is the only time rijschoolhoorn.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: CapitalOne (Financial)

Domain & IP information

IP Address AS Autonomous System
11 2a00:f10:13f:... 48635 (CLDIN-NL TWS)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
13 3
Apex Domain
Subdomains
Transfer
11 rijschoolhoorn.nl
rijschoolhoorn.nl
147 KB
2 tailwindcss.com
cdn.tailwindcss.com — Cisco Umbrella Rank: 120565
97 KB
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 293
34 KB
13 3
Domain Requested by
11 rijschoolhoorn.nl rijschoolhoorn.nl
2 cdn.tailwindcss.com 1 redirects rijschoolhoorn.nl
1 ajax.googleapis.com rijschoolhoorn.nl
13 3

This site contains no links.

Subject Issuer Validity Valid
upload.video.google.com
GTS CA 1C3
2022-09-05 -
2022-11-28
3 months crt.sh

This page contains 1 frames:

Primary Page: http://rijschoolhoorn.nl/de/capone/
Frame ID: 4D602D44E4B29F4E01FAB70469CFC64E
Requests: 13 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

8 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

278 kB
Transfer

558 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://cdn.tailwindcss.com/ HTTP 302
  • https://cdn.tailwindcss.com/3.1.8

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
rijschoolhoorn.nl/de/capone/
5 KB
5 KB
Document
General
Full URL
http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
ffa20e77a5363b578599b8b9b1d23d311cd3b127a4e632814f01647af73a3679
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Connection
Upgrade, Keep-Alive
Content-Length
4751
Content-Type
text/html
Date
Wed, 28 Sep 2022 07:39:52 GMT
Keep-Alive
timeout=5, max=100
Last-Modified
Mon, 19 Sep 2022 03:34:10 GMT
Server
Apache
Upgrade
h2,h2c
X-Content-Type-Options
nosniff
3.1.8
cdn.tailwindcss.com/
Redirect Chain
  • https://cdn.tailwindcss.com/
  • https://cdn.tailwindcss.com/3.1.8
319 KB
97 KB
Script
General
Full URL
https://cdn.tailwindcss.com/3.1.8
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
H2
Server
2606:4700:20::681a:95b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 07:39:53 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Fri, 05 Aug 2022 17:01:21 GMT
x-vercel-id
syd1::iad1::5cswb-1659718880314-e36b19295c12
age
4631910
x-vercel-cache
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2eaoZ4lGq8lo3B59%2B2r98zcCSelGR0b5DyCs1fUnQ5J71rrT3SI4bjnlw5XcyMdCPsOrV%2FPQcBeVzh%2FyOrnQeRD9Y54fHjPUkmkaozpqT9%2FdzHmQPbyjY%2FRHOGXeMOqGaLMRGfxnNL9Iu61b3x0dHY%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cache-control
max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=63072000
cf-ray
751ad3ea394d9b55-FRA
server
cloudflare

Redirect headers

date
Wed, 28 Sep 2022 07:39:53 GMT
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id
syd1::iad1::twkmr-1664350088658-065dd7da3894
age
128
x-vercel-cache
MISS
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LnSbw6RbK3o0fVle2BcGV9Yg920l%2FeAE5dXuTJYPZqXoVBn9hBXdKb0Iu0jRe6AdJyjKMJdlEuoEWtuBcLELCCUPyYzRH4iJ25xCvLSQaUZusP4jgJBcuDnX6CQVhRSaESTGa1lahCcJHCkDVbUC5OI%3D"}],"group":"cf-nel","max_age":604800}
location
/3.1.8
cache-control
max-age=14400
strict-transport-security
max-age=63072000
cf-ray
751ad3ea08f19b55-FRA
content-length
0
server
cloudflare
style.css
rijschoolhoorn.nl/de/capone/
2 KB
2 KB
Stylesheet
General
Full URL
http://rijschoolhoorn.nl/de/capone/style.css
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
0eba33e8035992dab1521cc62151435ae61e9f2bdc6afe2108da74e39a4bbc10
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 07:28:39 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2161
capital-one-logo.svg
rijschoolhoorn.nl/de/capone/assets/
4 KB
4 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/capital-one-logo.svg
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
57dfca5b95599a613da940f4a49ab6378fcf0586366a47cae679796930bf0eed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 00:07:32 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
3971
1.png
rijschoolhoorn.nl/de/capone/assets/
8 KB
8 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/1.png
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
3390c6c4cbdbcf09a17ac77050aca96495522735e5f303a04c73f821740de109
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 05:18:16 GMT
Server
Apache
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
8409
icon-user.svg
rijschoolhoorn.nl/de/capone/assets/
584 B
889 B
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/icon-user.svg
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
32f101709eb4240f21b330c854ed3bd539c0dc9001f08bf51d4e6a5b6bf641c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 00:07:47 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=100
Content-Length
584
user.svg
rijschoolhoorn.nl/de/capone/assets/
1 KB
2 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/user.svg
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
b4567ffa170c9600acbf01052800d38c9abd799848f809ce00a36f989b3111f8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 05:40:37 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=100
Content-Length
1325
locked.svg
rijschoolhoorn.nl/de/capone/assets/
2 KB
2 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/locked.svg
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
19715a997a01d5bf6905a35482874ab22cad47a4ff0aff0dc53bea6a1f6db588
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 06:19:08 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=5, max=100
Content-Length
1774
footer.png
rijschoolhoorn.nl/de/capone/assets/
30 KB
30 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/footer.png
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
f7325912d7dc5bb1ac470e72f08d0aae2a87369baa90aca8592572d7ae1b2447
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 07:33:48 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=5, max=100
Content-Length
30886
footerm.png
rijschoolhoorn.nl/de/capone/assets/
37 KB
37 KB
Image
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/footerm.png
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
057eb4474ddfc39f0803abd5ad5537e29910e65b9b42e22155a5a4dd36e75bc4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/de/capone/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 07:33:48 GMT
Server
Apache
Upgrade
h2,h2c
Connection
Upgrade, Keep-Alive
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=5, max=100
Content-Length
37582
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/
95 KB
34 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400d:80a::200a , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
http://rijschoolhoorn.nl/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 04:14:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
12297
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33951
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 28 Sep 2023 04:14:56 GMT
Optimist_W_Rg.woff2
rijschoolhoorn.nl/de/capone/assets/
28 KB
28 KB
Font
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/Optimist_W_Rg.woff2
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/style.css
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
9b98e19f831844b3dae8e1fd65b6802bc778446fbdacac8203e34bbc02eacbcd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://rijschoolhoorn.nl/de/capone/style.css
Origin
http://rijschoolhoorn.nl
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 05:18:01 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
28388
Optimist_W_Lt.woff2
rijschoolhoorn.nl/de/capone/assets/
27 KB
27 KB
Font
General
Full URL
http://rijschoolhoorn.nl/de/capone/assets/Optimist_W_Lt.woff2
Requested by
Host: rijschoolhoorn.nl
URL: http://rijschoolhoorn.nl/de/capone/style.css
Protocol
HTTP/1.1
Server
2a00:f10:13f:0:1c00:4fff:fe00:174 , Netherlands, ASN48635 (CLDIN-NL TWS, NL),
Reverse DNS
Software
Apache /
Resource Hash
902c5a9d8ad932630fb2021fe1a1a7f4f06513b19e8d073866178ee65ff33fe9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://rijschoolhoorn.nl/de/capone/style.css
Origin
http://rijschoolhoorn.nl
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Wed, 28 Sep 2022 07:39:52 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sat, 17 Sep 2022 05:18:01 GMT
Server
Apache
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
27852

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: CapitalOne (Financial)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch object| navigation object| tailwind string| /template.html function| $ function| jQuery

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff