![](/screenshots/d652ee18-bfd7-45b6-b5f0-7253b49c18f9.png)
buronrm.nl
Open in
urlscan Pro
192.245.157.71
Malicious Activity!
Public Scan
Effective URL: https://buronrm.nl/ec/dkb/index.html
Submission Tags: 7682725
Submission: On August 23 via api from CH — Scanned from DE
Summary
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 16th 2022. Valid for: 3 months.
This is the only time buronrm.nl was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DKB (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 167.86.125.98 167.86.125.98 | 51167 (CONTABO) (CONTABO) | |
16 | 192.245.157.71 192.245.157.71 | 394344 (NETACTUATE) (NETACTUATE) | |
1 2 | 2606:4700:20:... 2606:4700:20::681a:95b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:400e:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
18 | 3 |
ASN51167 (CONTABO, DE)
PTR: ip-98-125-86-167.static.contabo.net
9520116922.mrsaalk.com |
ASN394344 (NETACTUATE, US)
PTR: rssd4723.webaccountserver.com
buronrm.nl |
Apex Domain Subdomains |
Transfer | |
---|---|---|
16 |
buronrm.nl
buronrm.nl |
329 KB |
2 |
tailwindcss.com
1 redirects
cdn.tailwindcss.com — Cisco Umbrella Rank: 130305 |
97 KB |
1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 286 |
34 KB |
1 |
mrsaalk.com
1 redirects
9520116922.mrsaalk.com |
245 B |
18 | 4 |
Domain | Requested by | |
---|---|---|
16 | buronrm.nl |
buronrm.nl
|
2 | cdn.tailwindcss.com |
1 redirects
buronrm.nl
|
1 | ajax.googleapis.com |
buronrm.nl
|
1 | 9520116922.mrsaalk.com | 1 redirects |
18 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
buronrm.nl cPanel, Inc. Certification Authority |
2022-06-16 - 2022-09-14 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2022-08-08 - 2022-10-31 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://buronrm.nl/ec/dkb/index.html
Frame ID: D396268C4B7EEC85A3DAE4F539A84580
Requests: 18 HTTP requests in this frame
Screenshot
![](/screenshots/d652ee18-bfd7-45b6-b5f0-7253b49c18f9.png)
Page Title
DKB - Deutsche Kreditbank AG - Internet BankingPage URL History Show full URLs
-
http://9520116922.mrsaalk.com/
HTTP 302
https://buronrm.nl/ec/dkb/index.html Page URL
Detected technologies
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://9520116922.mrsaalk.com/
HTTP 302
https://buronrm.nl/ec/dkb/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://cdn.tailwindcss.com/ HTTP 302
- https://cdn.tailwindcss.com/3.1.8
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
index.html
buronrm.nl/ec/dkb/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3.1.8
cdn.tailwindcss.com/ Redirect Chain
|
319 KB 97 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
style.css
buronrm.nl/ec/dkb/ |
385 B 214 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nav.png
buronrm.nl/ec/dkb/assets/imgs/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nanav.png
buronrm.nl/ec/dkb/assets/imgs/ |
30 KB 30 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
left.png
buronrm.nl/ec/dkb/assets/imgs/ |
24 KB 24 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
png.png
buronrm.nl/ec/dkb/assets/imgs/ |
56 KB 56 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bar.png
buronrm.nl/ec/dkb/assets/imgs/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iinfomob.png
buronrm.nl/ec/dkb/assets/imgs/ |
10 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pad.svg
buronrm.nl/ec/dkb/assets/imgs/ |
948 B 464 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fleshinput.svg
buronrm.nl/ec/dkb/assets/imgs/ |
208 B 238 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iinfo.png
buronrm.nl/ec/dkb/assets/imgs/ |
17 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
go.svg
buronrm.nl/ec/dkb/assets/imgs/ |
846 B 643 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
right.png
buronrm.nl/ec/dkb/assets/imgs/ |
33 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer.png
buronrm.nl/ec/dkb/assets/imgs/ |
65 KB 66 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-m1.png
buronrm.nl/ec/dkb/assets/imgs/ |
38 KB 38 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
footer-m2.png
buronrm.nl/ec/dkb/assets/imgs/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.4/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DKB (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| tailwind string| /template.html function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
9520116922.mrsaalk.com
ajax.googleapis.com
buronrm.nl
cdn.tailwindcss.com
167.86.125.98
192.245.157.71
2606:4700:20::681a:95b
2a00:1450:400e:80f::200a
0fe9650923b3c4d5d1b829c47a2a4eb9b6931a06132036a02c570e355f53ec87
1630431b6b3ad65f048a3e6cae88a7336569b5abfc3f3cc7c5e1a8a57c520b51
278f9d63c22d9b5c23091e479027cc377ae68dcfa900333493e326a9d5d002ab
2d6e7e5263fa38ed2725e4be49d49fdca61aa60f92ffc1edbd0c3b47dc8c9e2b
3192ba93cb31f7fecf507ab899b4279ced7d91716f9fd5e3b200410375a6cbf0
37a61861004f4bbbedd396450b12d5faa92d8f70d5421b9812ff24bd105a195e
3a532d5cda28ea94c4a3634d0921f2e832ed5a366f53e6fc2d796c0436f5496b
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404
72e1af139f74424d56589a3d06474355afb141c3bd72a38d141c19f851bbc2ca
7d4859ae1ba464748cdc4e084943cbdd8a934852152eb49deb09d17e9643f917
7f9eca50ecffdd5466518a057399c4fa22f5dacd7d76be9027c2a06e4ff7d17d
b089c9907a35a5c7b9254bed982876d4e9b8c24a80d9da033e427dce89ed218b
c852a4e48b10219db744799f9b6b612cdbaeba7f28de89e7e8df23932dfb48ce
d20c3c98985c8d46516c484ad47606a297c2609c2ed1126b19585f5135804fd1
d73cd332ebbd828ae74d96bc731e103358c6ad146219ab12b3eeeda5c02f1870
def871ad3f73cae4748d6966896f1be7153be000929d84c2016db216fa474c37
df86f968e7ffa3e1da50ae0e1912f6a156fdb395bdd41a31f0b95bbcf6a200e5
f39534829a3275d74c0f812a9b81cce497d92667f7343f24ef34ea36bdeddd13