be.fortis-internetportal.com Open in urlscan Pro
213.160.71.154 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&...
Effective URL:
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
Submission: On December 15 via api (December 15th 2019, 1:16:33 pm UTC) from BE

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 3 countries across 6 domains to perform 14 HTTP transactions. The main IP is 213.160.71.154, located in Germany and belongs to ROUTING Franzstr. 51, 52064 Aachen, DE. The main domain is be.fortis-internetportal.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on December 13th 2019. Valid for: 3 months.

This is the only time be.fortis-internetportal.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: BNP Paribas (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 1	185.151.204.7 185.151.204.7	61273 (ADJUST-NL) (ADJUST-NL)
1	2a00:1450:400... 2a00:1450:4001:81e::2001	15169 (GOOGLE) (GOOGLE - Google LLC)
4 13	213.160.71.154 213.160.71.154	12574 (ROUTING F...) (ROUTING Franzstr. 51)
2	2a04:4e42:3::621 2a04:4e42:3::621	54113 (FASTLY) (FASTLY - Fastly)
1	2a00:1450:400... 2a00:1450:4001:825::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700:30:... 2606:4700:30::681b:b2ec	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	6

1 185.151.204.7 (Germany) 1 redirects

ASN61273 (ADJUST-NL, DE)

app.adjust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

ref3920.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 213.160.71.154 (Germany) 4 redirects

ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE)

www.be.fortis-internetportal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
be.fortis-internetportal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:3::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:825::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:30::681b:b2ec (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

json.geoiplookup.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	fortis-internetportal.com 4 redirects www.be.fortis-internetportal.com be.fortis-internetportal.com	291 KB
2	jsdelivr.net cdn.jsdelivr.net	128 KB
1	geoiplookup.io json.geoiplookup.io	819 B
1	googleapis.com fonts.googleapis.com	578 B
1	blogspot.com ref3920.blogspot.com	15 KB
1	adjust.com 1 redirects app.adjust.com	512 B
14	6

	Domain	Requested by
12	be.fortis-internetportal.com	3 redirects ref3920.blogspot.com be.fortis-internetportal.com
2	cdn.jsdelivr.net	be.fortis-internetportal.com
1	json.geoiplookup.io	be.fortis-internetportal.com
1	fonts.googleapis.com	be.fortis-internetportal.com
1	www.be.fortis-internetportal.com	1 redirects
1	ref3920.blogspot.com
1	app.adjust.com	1 redirects
14	7

This site contains no links.

Subject Issuer	Validity	Valid
*.googleusercontent.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
be.fortis-internetportal.com Let's Encrypt Authority X3	`2019-12-13` - `2020-03-12`	3 months	crt.sh
f3.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-05-29` - `2020-04-23`	a year	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
sni216841.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-09-12` - `2020-03-20`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
Frame ID: 321C1B6209D3F4B48144665FBE481597
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=G... HTTP 302
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ Page URL
https://www.be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
http://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
https://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/index.php?valid=true&id=54392268 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326 Page URL

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Semantic-ui (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+semantic(?:\.min)\.css"/i

OpenGSE (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /GSE/i

Page Statistics

14
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

495 kB
Transfer

1463 kB
Size

5
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&site=webde&country=de&mediaID=31718796&mpID=03&haID=fde756c3b7dfe1636fa285466fc51813&BL=9366370&WP=6929794&email&utm_source=united-internet&meco=de&utm_campaign=uid_ipa_tmg_web_desktop_adreplacement_immo HTTP 302
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ Page URL
https://www.be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
http://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 301
https://be.fortis-internetportal.com/openbaar/?id=241757 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/index.php?valid=true&id=54392268 HTTP 302
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&site=webde&country=de&mediaID=31718796&mpID=03&haID=fde756c3b7dfe1636fa285466fc51813&BL=9366370&WP=6929794&email&utm_source=united-internet&meco=de&utm_campaign=uid_ipa_tmg_web_desktop_adreplacement_immo HTTP 302
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ

14 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

/
ref3920.blogspot.com/
Redirect Chain

https://app.adjust.com/gw9lrys?fallback=https://ref3920.blogspot.com/?id=JSn4PscWOi?id=GVZ&NV=GK&RKZMM=164&site=webde&country=de&mediaID=31718796&mpID=03&haID=fde756c3b7...
https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ

71 KB
15 KB

421ms
382ms

Document
text/html

2a00:1450:4001:81e::2001
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

GSE /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: ref3920.blogspot.com
:scheme: https
:path: /?id=JSn4PscWOi&id=GVZ
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
content-type: text/html; charset=UTF-8
expires: Sun, 15 Dec 2019 13:16:12 GMT
date: Sun, 15 Dec 2019 13:16:12 GMT
cache-control: private, max-age=0
last-modified: Sat, 14 Dec 2019 19:06:29 GMT
etag: W/"f392a09d7484adeecf9017e1313bcaa0dd661a3b5560a8fdb00f5dff45a0f903"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 14558
server: GSE
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000

Redirect headers

Content-Type: text/html; charset=utf-8
Location: https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ
Set-Cookie: 8e8d90400aba5de16ceec4a6bdb22351=cT4TgSSEDPamM; Path=/; Domain=adjust.com; Max-Age=2 8e8d90400aba5de16ceec4a6bdb22351=cT4TgSSEDPamM; Path=/; Domain=adjust.io; Max-Age=2 8e8d90400aba5de16ceec4a6bdb22351=cT4TgSSEDPamM; Path=/; Domain=adj.st; Max-Age=2
Date: Sun, 15 Dec 2019 13:16:12 GMT
Content-Length: 77
Connection: close
X-Robots-Tag: noindex

GET
H2

200

Primary Request login Show response
be.fortis-internetportal.com/openbaar/web/
Redirect Chain

https://www.be.fortis-internetportal.com/openbaar/?id=241757
http://be.fortis-internetportal.com/openbaar/?id=241757
https://be.fortis-internetportal.com/openbaar/?id=241757
https://be.fortis-internetportal.com/openbaar/web/index.php?valid=true&id=54392268
https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

6 KB
2 KB

40ms
39ms

Document
text/html

213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to

Full URL

https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Requested by

Host: ref3920.blogspot.com
URL: https://ref3920.blogspot.com/?id=JSn4PscWOi&id=GVZ

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

7b84042dfe240c9de2266eb187e11f84ecebfc45d57cfbe6cd562c80a6c0ea80

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: be.fortis-internetportal.com
:scheme: https
:path: /openbaar/web/login?id=87612326
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
cookie: PHPSESSID=ac202bdf470619e805201540f10fe113
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sun, 15 Dec 2019 13:16:13 GMT
content-type: text/html; charset-UTF-8;charset=UTF-8
content-length: 1412
server: Apache/2.4.39 (Unix)
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow

Redirect headers

status: 302
date: Sun, 15 Dec 2019 13:16:13 GMT
content-type: text/html; charset-UTF-8;charset=UTF-8
server: Apache/2.4.39 (Unix)
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
location: ./login?id=87612326
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-robots-tag: noindex, nofollow

GET
H2 200 semantic.min.css
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/ 614 KB
101 KB 6ms
5ms Stylesheet
text/css 2a04:4e42:3::621
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
x-cache: HIT, HIT
status: 200
date: Sun, 15 Dec 2019 13:16:13 GMT
content-length: 103063
x-served-by: cache-ams21024-AMS, cache-fra19166-FRA
etag: W/"99738-xBtVnjRc5piOJZyFKbhk0QxxYOQ"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 main.css
be.fortis-internetportal.com/openbaar/web/layout/css/ 17 KB
4 KB 48ms
47ms Stylesheet
text/css 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/css/main.css

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

8d5f2beb16c3b2d1db3100947928bab8f62c784926b57d18a6584a8abd1ebb22

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 10 Dec 2019 16:08:57 GMT
server: Apache/2.4.39 (Unix)
vary: Accept-Encoding
content-type: text/css; charset=utf-8
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 3597
expires: Mon, 14 Dec 2020 13:16:13 GMT

GET
H2 200 main.js Show response
be.fortis-internetportal.com/openbaar/web/layout/js/ 648 KB
267 KB 60ms
59ms Script
application/javascript 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/js/main.js

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

8866f12a085f6c9c363487076e2b7fa463a8a5c826e817ce26ac8eca942d291a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sat, 14 Dec 2019 16:24:48 GMT
server: Apache/2.4.39 (Unix)
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
expires: Mon, 14 Dec 2020 13:16:13 GMT

GET
H2 200 lg.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 3 KB
4 KB 39ms
38ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/lg.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

0f56b0904d225ee8b59d1d84803f50f56bb0310d35a9fcd000e493d69f78a488

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Dec 2019 17:40:31 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 3351
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 lgs.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 1 KB
2 KB 42ms
41ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/lgs.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

688198123e877988c839b1f50aae3dac1941c0e40b9bb97af37c59d8f753694a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Dec 2019 20:40:37 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 1403
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 hdng1.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 4 KB
5 KB 59ms
58ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/hdng1.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

fe6f88d0ec70aa77334b513e4e862d53516d7d479fe20e240eb477e57b96706d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Dec 2019 18:21:43 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 4487
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 inf.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 657 B
890 B 64ms
64ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/inf.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

4998683c57a91c66b8585a66b9b5196fd0b288364fd1baec635279c2b1d440e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Dec 2019 18:32:51 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 657
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 chck.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 2 KB
2 KB 42ms
41ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/chck.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

7d20ae0a8ef47548bfe058ab82ea2b830ed94ab7969effb392ebe8c37ae2e2a7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 08 Dec 2019 01:08:41 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 1713
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 ask.png
be.fortis-internetportal.com/openbaar/web/layout/img/ 5 KB
5 KB 171ms
170ms Image
image/png 213.160.71.154
ROUTING Franzstr. 51

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://be.fortis-internetportal.com/openbaar/web/layout/img/ask.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

213.160.71.154 , Germany, ASN12574 (ROUTING Franzstr. 51, 52064 Aachen, DE),

Reverse DNS

Software

Apache/2.4.39 (Unix) /

Resource Hash

972b381e2c35aef40fc5f054229d8fd852fe8300caa9fe883c1ccb2ec25d8e8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
x-content-type-options: nosniff
last-modified: Sat, 07 Dec 2019 19:24:00 GMT
server: Apache/2.4.39 (Unix)
content-type: image/png
status: 200
cache-control: max-age=2592000
accept-ranges: bytes
x-robots-tag: noindex, nofollow
content-length: 4919
expires: Tue, 14 Jan 2020 13:16:13 GMT

GET
H2 200 css
fonts.googleapis.com/ 3 KB
578 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:825::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:400,700,400italic,700italic&subset=latin

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sun, 15 Dec 2019 13:16:13 GMT
server: ESF
access-control-allow-origin: *
date: Sun, 15 Dec 2019 13:16:13 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sun, 15 Dec 2019 13:16:13 GMT

GET
H2 200 flags.png
cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/images/ 27 KB
28 KB 6ms
6ms Image
image/png 2a04:4e42:3::621
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/themes/default/assets/images/flags.png

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42:3::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Resource Hash

94d5c7f1661301c4a6dc491d72dd559a0620cd917a826f0df1b023bb96ea9ddd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdn.jsdelivr.net/npm/semantic-ui@2.4.2/dist/semantic.min.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-allow-origin: *
etag: W/"6ddb-SlUuyxI97VBA3doB1iYQPMZdsFU"
vary: Accept-Encoding
x-cache: HIT, HIT
content-type: image/png
status: 200
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
date: Sun, 15 Dec 2019 13:16:13 GMT
accept-ranges: bytes
timing-allow-origin: *
content-length: 28123
x-served-by: cache-ams21041-AMS, cache-fra19166-FRA

GET
DATA 200
OK truncated
/ 60 KB
60 KB Font
application/font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c94ff28961e5f2c6dca55a87fc911fa3e70a07cf7b27fdff4e39fa4512fff744

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Origin: https://be.fortis-internetportal.com

Response headers

Content-Type: application/font-woff2;charset=utf-8

GET
H2 200 / Show response
json.geoiplookup.io/ 599 B
819 B 113ms
80ms Script
application/javascript 2606:4700:30::681b:b2ec
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://json.geoiplookup.io/?callback=jQuery32108308413549392093_1576415773573&_=1576415773574

Requested by

Host: be.fortis-internetportal.com
URL: https://be.fortis-internetportal.com/openbaar/web/layout/js/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:30::681b:b2ec , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare / Octolus

Resource Hash

d26b3d586aff78feca2f029cba24c5513b1c146d85db832cb1dacb4f3a6271d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff, nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://be.fortis-internetportal.com/openbaar/web/login?id=87612326
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sun, 15 Dec 2019 13:16:13 GMT
content-encoding: br
x-content-type-options: nosniff, nosniff
cf-cache-status: MISS
x-powered-by: Octolus
status: 200
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-ratelimit-remaining: 10000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: max-age=31536000
x-ratelimit-limit: 10000
cf-ray: 5458b0d99e265a18-VIE

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: BNP Paribas (Banking)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
be.fortis-internetportal.com/	1969-12-31 23:59:59	Name: appCodeName Value: Mozilla
be.fortis-internetportal.com/	1969-12-31 23:59:59	Name: platform Value: Linux x86_64
be.fortis-internetportal.com/	1969-12-31 23:59:59	Name: userAgent Value: Mozilla/5.0 (Macintosh
be.fortis-internetportal.com/	1969-12-31 23:59:59	Name: userIP Value: 2a01:4f8:192:5414::2
be.fortis-internetportal.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: ac202bdf470619e805201540f10fe113

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.adjust.com
be.fortis-internetportal.com
cdn.jsdelivr.net
fonts.googleapis.com
json.geoiplookup.io
ref3920.blogspot.com
www.be.fortis-internetportal.com
185.151.204.7
213.160.71.154
2606:4700:30::681b:b2ec
2a00:1450:4001:81e::2001
2a00:1450:4001:825::200a
2a04:4e42:3::621
0f56b0904d225ee8b59d1d84803f50f56bb0310d35a9fcd000e493d69f78a488
4998683c57a91c66b8585a66b9b5196fd0b288364fd1baec635279c2b1d440e9
5177ac8b16de2e407f518c554f3ba3fe0837f8b333830026837cc3f82e190124
688198123e877988c839b1f50aae3dac1941c0e40b9bb97af37c59d8f753694a
7b84042dfe240c9de2266eb187e11f84ecebfc45d57cfbe6cd562c80a6c0ea80
7d20ae0a8ef47548bfe058ab82ea2b830ed94ab7969effb392ebe8c37ae2e2a7
8866f12a085f6c9c363487076e2b7fa463a8a5c826e817ce26ac8eca942d291a
8d5f2beb16c3b2d1db3100947928bab8f62c784926b57d18a6584a8abd1ebb22
90bedfa7bbd2bb58b7f47611a77feaf852c117ed7e344885cdb34f7df940658f
94d5c7f1661301c4a6dc491d72dd559a0620cd917a826f0df1b023bb96ea9ddd
972b381e2c35aef40fc5f054229d8fd852fe8300caa9fe883c1ccb2ec25d8e8e
c94ff28961e5f2c6dca55a87fc911fa3e70a07cf7b27fdff4e39fa4512fff744
d26b3d586aff78feca2f029cba24c5513b1c146d85db832cb1dacb4f3a6271d6
fe6f88d0ec70aa77334b513e4e862d53516d7d479fe20e240eb477e57b96706d

be.fortis-internetportal.com Open in urlscan Pro 213.160.71.154 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

67 %IPv6

6 Domains

7 Subdomains

6 IPs

3 Countries

495 kBTransfer

1463 kBSize

5 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

5 Cookies

Security Headers

Indicators

be.fortis-internetportal.com Open in urlscan Pro
213.160.71.154 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

6
IPs

3
Countries

495 kB
Transfer

1463 kB
Size

5
Cookies

14 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!