dh-btlnet.xyz
Open in
urlscan Pro
80.66.64.62
Malicious Activity!
Public Scan
Effective URL: https://dh-btlnet.xyz/be/index.html
Submission: On June 04 via api from IE — Scanned from DE
Summary
TLS certificate: Issued by R3 on June 4th 2022. Valid for: 3 months.
This is the only time dh-btlnet.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Belgian Government (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.223.31.112 185.223.31.112 | 30823 (COMBAHTON...) (COMBAHTON combahton GmbH) | |
19 | 80.66.64.62 80.66.64.62 | 57416 (SANNIKOV) (SANNIKOV) | |
1 | 2a06:98c1:312... 2a06:98c1:3121::3 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:813::2016 | 15169 (GOOGLE) (GOOGLE) | |
27 | 5 |
ASN30823 (COMBAHTON combahton GmbH, DE)
PTR: plesk11.zap-webspace.com
bneizndse.icu |
ASN15169 (GOOGLE, US)
play-lh.googleusercontent.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
dh-btlnet.xyz
dh-btlnet.xyz |
277 KB |
1 |
googleusercontent.com
play-lh.googleusercontent.com — Cisco Umbrella Rank: 447 |
27 KB |
1 |
pngegg.com
e7.pngegg.com — Cisco Umbrella Rank: 49248 |
|
1 |
bneizndse.icu
bneizndse.icu |
140 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
27 | 5 |
Domain | Requested by | |
---|---|---|
19 | dh-btlnet.xyz |
dh-btlnet.xyz
|
1 | play-lh.googleusercontent.com |
dh-btlnet.xyz
|
1 | e7.pngegg.com |
dh-btlnet.xyz
|
1 | bneizndse.icu | |
0 | csam.localhost Failed |
dh-btlnet.xyz
|
27 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
csam.localhost |
www.belgium.be |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bneizndse.icu R3 |
2022-06-04 - 2022-09-02 |
3 months | crt.sh |
dh-btlnet.xyz R3 |
2022-06-04 - 2022-09-02 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2021-07-17 - 2022-07-16 |
a year | crt.sh |
edgestatic.com GTS CA 1C3 |
2022-05-09 - 2022-08-01 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://dh-btlnet.xyz/be/index.html
Frame ID: 047E3A34EE1C7BECC53DD51E2FBD8C5F
Requests: 27 HTTP requests in this frame
Screenshot
Page Title
DHLDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Page Statistics
16 Outgoing links
These are links going to different origins than the main page.
Title: Settings
Search URL Search Domain Scan URL
Title: nl
Search URL Search Domain Scan URL
Title: fr
Search URL Search Domain Scan URL
Title: de
Search URL Search Domain Scan URL
Title: en
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Menu
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Klantenservice
Search URL Search Domain Scan URL
Title: Diensten
Search URL Search Domain Scan URL
Title: Mijn digitale sleutels
Search URL Search Domain Scan URL
Title: Beheer der Toegangs- beheerders
Search URL Search Domain Scan URL
Title: Beheer van de mandaten
Search URL Search Domain Scan URL
Title: Contact
Search URL Search Domain Scan URL
Title: Gebruikersovereenkomst
Search URL Search Domain Scan URL
Title: Privacy
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
27 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bneizndse.icu/ |
0 140 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
index.html
dh-btlnet.xyz/be/ |
10 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css
dh-btlnet.xyz/be/CSAM_files/ |
5 KB 5 KB |
Stylesheet
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mmenu.css
dh-btlnet.xyz/be/CSAM_files/ |
47 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
font-awesome.min.css
dh-btlnet.xyz/be/CSAM_files/ |
23 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
master.css
dh-btlnet.xyz/be/CSAM_files/ |
18 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo-be.png
dh-btlnet.xyz/be/CSAM_files/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
png-clipart-dhl-express-dhl-global-forwarding-logistics-freight-forwarding-agency-chief-executive-others-miscellaneous-company-thumbnail.png
e7.pngegg.com/pngimages/128/300/ |
0 0 |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Belfius%20logo%202012%20stacked.png
dh-btlnet.xyz/be/CSAM_files/ |
13 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
303px-KBC_Logo.svg.png
dh-btlnet.xyz/be/CSAM_files/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
266px-AXA_Logo.svg.png
dh-btlnet.xyz/be/CSAM_files/ |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Z7GJVM4p.jpg
dh-btlnet.xyz/be/CSAM_files/ |
12 KB 12 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ing_logo_sq.jpg
dh-btlnet.xyz/be/CSAM_files/ |
34 KB 34 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20131119210819_1_Crelan-Bank-logo-300px.png
dh-btlnet.xyz/be/CSAM_files/ |
37 KB 37 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unnamed.png
dh-btlnet.xyz/be/CSAM_files/ |
15 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
unnamed(1).png
dh-btlnet.xyz/be/CSAM_files/ |
119 KB 120 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Oorgagouy1L60iefnD4AjacHF2cXKQBiRvkzAvndGqH67-447XECxrgnJBsPw6J-TA
play-lh.googleusercontent.com/ |
27 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-1.11.3.min.js
csam.localhost/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mmenu.polyfills.js
csam.localhost/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
mmenu.js
csam.localhost/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
match-height.js
csam.localhost/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
master.js
csam.localhost/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
print.css
dh-btlnet.xyz/be/CSAM_files/ |
786 B 694 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff2
dh-btlnet.xyz/be/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
circle.png
dh-btlnet.xyz/be/CSAM_files/img/puces/ |
276 B 276 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.woff
dh-btlnet.xyz/be/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome-webfont.ttf
dh-btlnet.xyz/be/fonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- csam.localhost
- URL
- https://csam.localhost/js/jquery-1.11.3.min.js
- Domain
- csam.localhost
- URL
- https://csam.localhost/js/mmenu.polyfills.js
- Domain
- csam.localhost
- URL
- https://csam.localhost/js/mmenu.js
- Domain
- csam.localhost
- URL
- https://csam.localhost/js/match-height.js
- Domain
- csam.localhost
- URL
- https://csam.localhost/js/master.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Belgian Government (Government)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
5 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bneizndse.icu
csam.localhost
dh-btlnet.xyz
e7.pngegg.com
play-lh.googleusercontent.com
csam.localhost
185.223.31.112
2a00:1450:4001:813::2016
2a06:98c1:3121::3
80.66.64.62
071dcb9cb3fba66a88f7cc4d58bc0db50c24a8d696ab02ff3452b28d29e47ee1
0799c36d1b03608b74039316f495e8364db7e947ae067d7b26d20f74fecd6bae
09d7f3b331b3de2846eeda054348a0e7110e0c242d1b0828f54562296b33f747
228d57e0f824aa812d5e7314a1408907c74a7043eb64f7b63395bacc00c06233
267b12d3331586114d4683d66c01d1c24dcb1ecea0711d7da2497a24d845f1e8
34c98d5e4f56da9d2ddc38e853a7a7f9fed52584fc52baa363d47347941ee1c1
3b284bb8019b8db0bf0515a31238ee2314eab0683acbccc2a8d06d40ee0e7003
451cadcfc88ac4645079e3cb33e388589c164df7c7e25974c599b3956f0a54f6
541ac58217a8ade1a5e292a65a0661dc9db7a49ae13654943817a4fbc6761afd
5f2e43b0385f0a4cbbdfc5225b9d3abebcfa0390fffdf424064ef61783e0822e
63b4f381fe73f81a33ee0ceab087bbe1f9e2c70b7657e8e5b55eb33e3e5ec568
657231dd849913d013b47217800b7f2100976e02a379daab3d1d9b522dd8a449
65d8f44a8cb66acc1e58127c7360f3507f0363c93917575f57fe3aca88a1777f
9bdf2b71b714fc6cb098b356dc279f25debcf6f2751f57500f0f0795d11db7eb
a8fca6c0b7ed04de5ced6976b61be6cf79e4433257267abc1b0f5df8893a2cd0
cdf6bda14c2bd91fd53897d192e43e7b8227a6d997875b6103ad70ab773b9d6f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0e44d3d60c12b0b1ecaa625a389aa51ef04a1669cad832350a10017a8ae995d