buronrm.nl Open in urlscan Pro
192.245.157.71 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://9520116922.mrsaalk.com/
Effective URL:
https://buronrm.nl/ec/dkb/index.html
Submission Tags: 7682725
Submission: On August 23 via api (August 23rd 2022, 3:32:54 pm UTC) from CH — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 4 domains to perform 18 HTTP transactions. The main IP is 192.245.157.71, located in United States and belongs to NETACTUATE, US. The main domain is buronrm.nl.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 16th 2022. Valid for: 3 months.

This is the only time buronrm.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: DKB (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.86.125.98 167.86.125.98	51167 (CONTABO) (CONTABO)
16	192.245.157.71 192.245.157.71	394344 (NETACTUATE) (NETACTUATE)
1 2	2606:4700:20:... 2606:4700:20::681a:95b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400e:80f::200a	15169 (GOOGLE) (GOOGLE)
18	3

1 167.86.125.98 (Nuremberg, Germany) 1 redirects

ASN51167 (CONTABO, DE)
PTR: ip-98-125-86-167.static.contabo.net

9520116922.mrsaalk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 192.245.157.71 (United States)

ASN394344 (NETACTUATE, US)
PTR: rssd4723.webaccountserver.com

buronrm.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:95b (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cdn.tailwindcss.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:80f::200a (Ireland)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	buronrm.nl buronrm.nl	329 KB
2	tailwindcss.com 1 redirects cdn.tailwindcss.com — Cisco Umbrella Rank: 130305	97 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 286	34 KB
1	mrsaalk.com 1 redirects 9520116922.mrsaalk.com	245 B
18	4

	Domain	Requested by
16	buronrm.nl	buronrm.nl
2	cdn.tailwindcss.com	1 redirects buronrm.nl
1	ajax.googleapis.com	buronrm.nl
1	9520116922.mrsaalk.com	1 redirects
18	4

This site contains no links.

Subject Issuer	Validity	Valid
buronrm.nl cPanel, Inc. Certification Authority	`2022-06-16` - `2022-09-14`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-08-08` - `2022-10-31`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://buronrm.nl/ec/dkb/index.html
Frame ID: D396268C4B7EEC85A3DAE4F539A84580
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DKB - Deutsche Kreditbank AG - Internet Banking

Page URL History Show full URLs

http://9520116922.mrsaalk.com/ HTTP 302
https://buronrm.nl/ec/dkb/index.html Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

18
Requests

94 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

459 kB
Transfer

747 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://9520116922.mrsaalk.com/ HTTP 302
https://buronrm.nl/ec/dkb/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://cdn.tailwindcss.com/ HTTP 302
https://cdn.tailwindcss.com/3.1.8

18 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request index.html Show response
buronrm.nl/ec/dkb/
Redirect Chain

http://9520116922.mrsaalk.com/
https://buronrm.nl/ec/dkb/index.html

6 KB
2 KB

523ms
102ms

Document
text/html

192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to

Full URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: f39534829a3275d74c0f812a9b81cce497d92667f7343f24ef34ea36bdeddd13

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding: br
content-length: 1371
content-type: text/html
date: Tue, 23 Aug 2022 15:32:49 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 220
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 23 Aug 2022 15:32:49 GMT
Keep-Alive: timeout=5, max=100
Location: https://buronrm.nl/ec/dkb/index.html
Server: Apache

GET
H2

200

3.1.8 Show response
cdn.tailwindcss.com/
Redirect Chain

https://cdn.tailwindcss.com/
https://cdn.tailwindcss.com/3.1.8

319 KB
97 KB

30ms
29ms

Script
text/javascript

2606:4700:20::681a:95b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tailwindcss.com/3.1.8

Requested by

Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html

Protocol

Server

2606:4700:20::681a:95b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:49 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1549882
last-modified: Fri, 05 Aug 2022 17:01:21 GMT
server: cloudflare
x-vercel-id: syd1::iad1::5cswb-1659718880314-e36b19295c12
x-vercel-cache: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63072000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VGc%2By5lF4BX5McqZF%2BvosDlnwN4VulrFbhvVXpvpSviupWaltfloTb0MDgc294rF8ARJexSK%2BdFeUuTAhGQRBfYkVXNbVOec784yent3OxSCRiyjG9jFxvQIwE5oEIyK7GomXbyD0rQL3BYsE8H0id0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=31536000
cf-ray: 73f4e7342dd59bbf-FRA

Redirect headers

date: Tue, 23 Aug 2022 15:32:49 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-vercel-id: syd1::iad1::cmxnd-1661268096911-b7510755309e
age: 366
x-vercel-cache: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2cHWd3wUwz4ZAyWgcpqVcBaHnLzxcyGWOCRToV5R3KBoxa4ERmuCyovDWCGsxo3Al7age5Ifw%2BwGSjoaLSKN5JdKbApyW9La%2FtorYAxby7zbfre5BmrSL0H4gHyfLFmWn4zXOOaC%2FwDuZqPkkYwZL8w%3D"}],"group":"cf-nel","max_age":604800}
location: /3.1.8
cache-control: max-age=14400
strict-transport-security: max-age=63072000
cf-ray: 73f4e733fd8a9bbf-FRA
content-length: 0
server: cloudflare

GET
H2 200 style.css
buronrm.nl/ec/dkb/ 385 B
214 B 105ms
105ms Stylesheet
text/css 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to

Full URL: https://buronrm.nl/ec/dkb/style.css
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: c852a4e48b10219db744799f9b6b612cdbaeba7f28de89e7e8df23932dfb48ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:49 GMT
content-encoding: br
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 134
expires: Tue, 30 Aug 2022 15:32:49 GMT

GET
H2 200 nav.png
buronrm.nl/ec/dkb/assets/imgs/ 15 KB
15 KB 203ms
202ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/nav.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: d73cd332ebbd828ae74d96bc731e103358c6ad146219ab12b3eeeda5c02f1870

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 14979
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 nanav.png
buronrm.nl/ec/dkb/assets/imgs/ 30 KB
30 KB 204ms
202ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/nanav.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: df86f968e7ffa3e1da50ae0e1912f6a156fdb395bdd41a31f0b95bbcf6a200e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 31150
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 left.png
buronrm.nl/ec/dkb/assets/imgs/ 24 KB
24 KB 304ms
302ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/left.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 7d4859ae1ba464748cdc4e084943cbdd8a934852152eb49deb09d17e9643f917

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 24117
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 png.png
buronrm.nl/ec/dkb/assets/imgs/ 56 KB
56 KB 304ms
303ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/png.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: b089c9907a35a5c7b9254bed982876d4e9b8c24a80d9da033e427dce89ed218b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 57086
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 bar.png
buronrm.nl/ec/dkb/assets/imgs/ 10 KB
10 KB 305ms
303ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/bar.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: d20c3c98985c8d46516c484ad47606a297c2609c2ed1126b19585f5135804fd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10383
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 iinfomob.png
buronrm.nl/ec/dkb/assets/imgs/ 10 KB
10 KB 305ms
304ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/iinfomob.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: def871ad3f73cae4748d6966896f1be7153be000929d84c2016db216fa474c37

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 10182
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 pad.svg
buronrm.nl/ec/dkb/assets/imgs/ 948 B
464 B 306ms
305ms Image
image/svg+xml 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/pad.svg
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
content-encoding: br
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 420
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 fleshinput.svg
buronrm.nl/ec/dkb/assets/imgs/ 208 B
238 B 404ms
403ms Image
image/svg+xml 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/fleshinput.svg
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 208
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 iinfo.png
buronrm.nl/ec/dkb/assets/imgs/ 17 KB
17 KB 307ms
306ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/iinfo.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 278f9d63c22d9b5c23091e479027cc377ae68dcfa900333493e326a9d5d002ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 17739
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 go.svg
buronrm.nl/ec/dkb/assets/imgs/ 846 B
643 B 306ms
305ms Image
image/svg+xml 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/go.svg
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
content-encoding: br
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 611
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 right.png
buronrm.nl/ec/dkb/assets/imgs/ 33 KB
33 KB 307ms
306ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/right.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 37a61861004f4bbbedd396450b12d5faa92d8f70d5421b9812ff24bd105a195e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 34045
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 footer.png
buronrm.nl/ec/dkb/assets/imgs/ 65 KB
66 KB 305ms
304ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/footer.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 3a532d5cda28ea94c4a3634d0921f2e832ed5a366f53e6fc2d796c0436f5496b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 67033
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 footer-m1.png
buronrm.nl/ec/dkb/assets/imgs/ 38 KB
38 KB 307ms
306ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/footer-m1.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 1630431b6b3ad65f048a3e6cae88a7336569b5abfc3f3cc7c5e1a8a57c520b51

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 38569
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 footer-m2.png
buronrm.nl/ec/dkb/assets/imgs/ 27 KB
27 KB 307ms
307ms Image
image/png 192.245.157.71
NETACTUATE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://buronrm.nl/ec/dkb/assets/imgs/footer-m2.png
Requested by: Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 192.245.157.71 , United States, ASN394344 (NETACTUATE, US),
Reverse DNS: rssd4723.webaccountserver.com
Software: LiteSpeed /
Resource Hash: 7f9eca50ecffdd5466518a057399c4fa22f5dacd7d76be9027c2a06e4ff7d17d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/ec/dkb/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:32:50 GMT
last-modified: Wed, 17 Aug 2022 11:27:34 GMT
server: LiteSpeed
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-length: 27641
expires: Tue, 30 Aug 2022 15:32:50 GMT

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ 95 KB
34 KB 65ms
15ms Script
text/javascript 2a00:1450:400e:80f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

Requested by

Host: buronrm.nl
URL: https://buronrm.nl/ec/dkb/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400e:80f::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://buronrm.nl/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.101 Safari/537.36

Response headers

date: Tue, 23 Aug 2022 15:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1669
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33951
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 23 Aug 2023 15:05:01 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: DKB (Banking)

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

9520116922.mrsaalk.com
ajax.googleapis.com
buronrm.nl
cdn.tailwindcss.com
167.86.125.98
192.245.157.71
2606:4700:20::681a:95b
2a00:1450:400e:80f::200a
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87
1630431b6b3ad65f048a3e6cae88a7336569b5abfc3f3cc7c5e1a8a57c520b51
278f9d63c22d9b5c23091e479027cc377ae68dcfa900333493e326a9d5d002ab
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0
37a61861004f4bbbedd396450b12d5faa92d8f70d5421b9812ff24bd105a195e
3a532d5cda28ea94c4a3634d0921f2e832ed5a366f53e6fc2d796c0436f5496b
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca
7d4859ae1ba464748cdc4e084943cbdd8a934852152eb49deb09d17e9643f917
7f9eca50ecffdd5466518a057399c4fa22f5dacd7d76be9027c2a06e4ff7d17d
b089c9907a35a5c7b9254bed982876d4e9b8c24a80d9da033e427dce89ed218b
c852a4e48b10219db744799f9b6b612cdbaeba7f28de89e7e8df23932dfb48ce
d20c3c98985c8d46516c484ad47606a297c2609c2ed1126b19585f5135804fd1
d73cd332ebbd828ae74d96bc731e103358c6ad146219ab12b3eeeda5c02f1870
def871ad3f73cae4748d6966896f1be7153be000929d84c2016db216fa474c37
df86f968e7ffa3e1da50ae0e1912f6a156fdb395bdd41a31f0b95bbcf6a200e5
f39534829a3275d74c0f812a9b81cce497d92667f7343f24ef34ea36bdeddd13

buronrm.nl Open in urlscan Pro 192.245.157.71 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

18 Requests

94 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

3 IPs

3 Countries

459 kBTransfer

747 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

12 JavaScript Global Variables

0 Cookies

Indicators

buronrm.nl Open in urlscan Pro
192.245.157.71 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

94 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

3
IPs

3
Countries

459 kB
Transfer

747 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!