be.fortis-internetportal.com
Open in
urlscan Pro
213.160.71.154
Malicious Activity!
Public Scan
Effective URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
Submission: On December 15 via api from BE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on December 13th 2019. Valid for: 3 months.
This is the only time be.fortis-internetportal.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: BNP Paribas (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 185.151.204.7 185.151.204.7 | 61273 (ADJUST-NL) (ADJUST-NL) | |
1 | 2a00:1450:400... 2a00:1450:4001:81e::2001 | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
4 13 | 213.160.71.154 213.160.71.154 | 12574 (ROUTING F...) (ROUTING Franzstr. 51) | |
2 | 2a04:4e42:3::621 2a04:4e42:3::621 | 54113 (FASTLY) (FASTLY - Fastly) | |
1 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
1 | 2606:4700:30:... 2606:4700:30::681b:b2ec | 13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare) | |
14 | 6 |
ASN15169 (GOOGLE - Google LLC, US)
ref3920.blogspot.com |
ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE)
www.be.fortis-internetportal.com | |
be.fortis-internetportal.com |
ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com |
ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
json.geoiplookup.io |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
fortis-internetportal.com
4 redirects
www.be.fortis-internetportal.com be.fortis-internetportal.com |
291 KB |
2 |
jsdelivr.net
cdn.jsdelivr.net |
128 KB |
1 |
geoiplookup.io
json.geoiplookup.io |
819 B |
1 |
googleapis.com
fonts.googleapis.com |
578 B |
1 |
blogspot.com
ref3920.blogspot.com |
15 KB |
1 |
adjust.com
1 redirects
app.adjust.com |
512 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
12 | be.fortis-internetportal.com |
3 redirects
ref3920.blogspot.com
be.fortis-internetportal.com |
2 | cdn.jsdelivr.net |
be.fortis-internetportal.com
|
1 | json.geoiplookup.io |
be.fortis-internetportal.com
|
1 | fonts.googleapis.com |
be.fortis-internetportal.com
|
1 | www.be.fortis-internetportal.com | 1 redirects |
1 | ref3920.blogspot.com | |
1 | app.adjust.com | 1 redirects |
14 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.googleusercontent.com GTS CA 1O1 |
2019-11-13 - 2020-02-05 |
3 months | crt.sh |
be.fortis-internetportal.com Let's Encrypt Authority X3 |
2019-12-13 - 2020-03-12 |
3 months | crt.sh |
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3 |
2019-05-29 - 2020-04-23 |
a year | crt.sh |
*.storage.googleapis.com GTS CA 1O1 |
2019-11-13 - 2020-02-05 |
3 months | crt.sh |
sni216841.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2 |
2019-09-12 - 2020-03-20 |
6 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
Frame ID: 321C1B6209D3F4B48144665FBE481597
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=G...
HTTP 302
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ Page URL
-
https://www.be.fortis-internetportal.com/openbaar/?id=241757
HTTP 301
http://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
https://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/index.php?valid=true&id=54392268 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326 Page URL
Detected technologies
Java (Programming Languages) ExpandDetected patterns
- headers server /GSE/i
Semantic-ui (Web Frameworks) Expand
Detected patterns
- html /<link[^>]+semantic(?:\.min)\.css"/i
OpenGSE (Web Servers) Expand
Detected patterns
- headers server /GSE/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&site=webde&country=de&mediaID=31718796&mpID=03&haID=fde756c3b7dfe1636fa285466fc51813&BL=9366370&WP=6929794&email&utm_source=united-internet&meco=de&utm_campaign=uid_ipa_tmg_web_desktop_adreplacement_immo
HTTP 302
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ Page URL
-
https://www.be.fortis-internetportal.com/openbaar/?id=241757
HTTP 301
http://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
https://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/index.php?valid=true&id=54392268 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&site=webde&country=de&mediaID=31718796&mpID=03&haID=fde756c3b7dfe1636fa285466fc51813&BL=9366370&WP=6929794&email&utm_source=united-internet&meco=de&utm_campaign=uid_ipa_tmg_web_desktop_adreplacement_immo HTTP 302
- https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
ref3920.blogspot.com/ Redirect Chain
|
71 KB 15 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
login
be.fortis-internetportal.com/openbaar/web/ Redirect Chain
|
6 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
semantic.min.css
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/ |
614 KB 101 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.css
be.fortis-internetportal.com/openbaar/web/layout/css/ |
17 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
main.js
be.fortis-internetportal.com/openbaar/web/layout/js/ |
648 KB 267 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lg.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
3 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
lgs.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
1 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
hdng1.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
4 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
inf.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
657 B 890 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chck.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
2 KB 2 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ask.png
be.fortis-internetportal.com/openbaar/web/layout/img/ |
5 KB 5 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 578 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
flags.png
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/images/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
60 KB 60 KB |
Font
application/font-woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
json.geoiplookup.io/ |
599 B 819 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: BNP Paribas (Banking)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate string| userId string| token string| requestURL object| head object| Modernizr function| $ function| jQuery string| get string| set5 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
be.fortis-internetportal.com/ | Name: appCodeName Value: Mozilla |
|
be.fortis-internetportal.com/ | Name: platform Value: Linux x86_64 |
|
be.fortis-internetportal.com/ | Name: userAgent Value: Mozilla/5.0 (Macintosh |
|
be.fortis-internetportal.com/ | Name: userIP Value: 2a01:4f8:192:5414::2 |
|
be.fortis-internetportal.com/ | Name: PHPSESSID Value: ac202bdf470619e805201540f10fe113 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
X-Content-Type-Options | nosniff |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
app.adjust.com
be.fortis-internetportal.com
cdn.jsdelivr.net
fonts.googleapis.com
json.geoiplookup.io
ref3920.blogspot.com
www.be.fortis-internetportal.com
185.151.204.7
213.160.71.154
2606:4700:30::681b:b2ec
2a00:1450:4001:81e::2001
2a00:1450:4001:825::200a
2a04:4e42:3::621
0f56b0904d225ee8b59d1d84803f50f56bb0310d35a9fcd000e493d69f78a488
4998683c57a91c66b8585a66b9b5196fd0b288364fd1baec635279c2b1d440e9
5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124
688198123e877988c839b1f50aae3dac1941c0e40b9bb97af37c59d8f753694a
7b84042dfe240c9de2266eb187e11f84ecebfc45d57cfbe6cd562c80a6c0ea80
7d20ae0a8ef47548bfe058ab82ea2b830ed94ab7969effb392ebe8c37ae2e2a7
8866f12a085f6c9c363487076e2b7fa463a8a5c826e817ce26ac8eca942d291a
8d5f2beb16c3b2d1db3100947928bab8f62c784926b57d18a6584a8abd1ebb22
90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f
94d5c7f1661301c4a6dc491d72dd559a0620cd917a826f0df1b023bb96ea9ddd
972b381e2c35aef40fc5f054229d8fd852fe8300caa9fe883c1ccb2ec25d8e8e
c94ff28961e5f2c6dca55a87fc911fa3e70a07cf7b27fdff4e39fa4512fff744
d26b3d586aff78feca2f029cba24c5513b1c146d85db832cb1dacb4f3a6271d6
fe6f88d0ec70aa77334b513e4e862d53516d7d479fe20e240eb477e57b96706d