verzoek.online-gelijk.xyz Open in urlscan Pro
31.220.29.65 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://verzoek.online-gelijk.xyz/pay
Submission Tags: @jcybersec_
Submission: On June 16 via api (June 16th 2020, 1:56:32 pm UTC) from GB

Summary HTTP 9 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 31.220.29.65, located in Tirana, Albania and belongs to BANDWIDTH-AS, GB. The main domain is verzoek.online-gelijk.xyz.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 16th 2020. Valid for: 3 months.

This is the only time verzoek.online-gelijk.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ING Group (Banking)

Domain & IP information

	IP Address		AS Autonomous System
9	31.220.29.65 31.220.29.65		25369 (BANDWIDTH-AS) (BANDWIDTH-AS)
9	1

9 31.220.29.65 (Tirana, Albania)

ASN25369 (BANDWIDTH-AS, GB)
PTR: hosting.albahost.net

verzoek.online-gelijk.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	online-gelijk.xyz verzoek.online-gelijk.xyz	169 KB
9	1

	Domain	Requested by
9	verzoek.online-gelijk.xyz	verzoek.online-gelijk.xyz
9	1

This site contains links to these domains. Also see Links.

Domain
www.ing.jobs
www.facebook.com
twitter.com
instagram.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
verzoek.online-gelijk.xyz Let's Encrypt Authority X3	`2020-06-16` - `2020-09-14`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://verzoek.online-gelijk.xyz/pay
Frame ID: B305D0968E5AC55CEDC1E3F27B663647
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

169 kB
Transfer

861 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ing.jobs/Nederland/Home.htm
Title: Werken bij ING

Search URL Search Domain Scan URL

URL: https://www.facebook.com/ingbankbelgie
Title: ING op Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/ingbelgie
Title: ING op Twitter

Search URL Search Domain Scan URL

URL: https://instagram.com/ingbelgium/
Title: ING op Instagram

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/ingbelgium
Title: ING op LinkedIn

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/ingbelgie
Title: ING op Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set pay Show response
verzoek.online-gelijk.xyz/ 23 KB
5 KB 205ms
101ms Document
text/html 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://verzoek.online-gelijk.xyz/pay

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

hosting.albahost.net

Software

nginx/1.18.0 /

Resource Hash

b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Host: verzoek.online-gelijk.xyz
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Server: nginx/1.18.0
Date: Tue, 16 Jun 2020 13:56:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=jp5g2tmlv7t8r4cpoirr9gtprh; path=/
X-Cache: HIT from Backend
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Encoding: gzip

GET
H/1.1 200
OK style.css
verzoek.online-gelijk.xyz/public/verzoek/css/ 651 KB
66 KB 66ms
65ms Stylesheet
text/css 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css

Requested by

Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

hosting.albahost.net

Software

nginx/1.18.0 /

Resource Hash

80f705db087ae0810b0e69fa34e3f9f86caf425912a68d22b9df8c6ec0c440d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://verzoek.online-gelijk.xyz/pay
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 13:56:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jul 2019 12:44:22 GMT
Server: nginx/1.18.0
ETag: W/"5d2c7526-a2a26"
Strict-Transport-Security: max-age=31536000
X-Cache: HIT from Backend
Content-Type: text/css
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK gBetaalverzoek-algemeen.svg
verzoek.online-gelijk.xyz/public/verzoek/img/ 9 KB
5 KB 154ms
51ms Image
image/svg+xml 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verzoek.online-gelijk.xyz/public/verzoek/img/gBetaalverzoek-algemeen.svg

Requested by

Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

hosting.albahost.net

Software

nginx/1.18.0 /

Resource Hash

fe17c85838590018104a44464eb8db80f843d7c152f4a1c34438c0fad626c22a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://verzoek.online-gelijk.xyz/pay
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 13:56:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jul 2019 12:44:36 GMT
Server: nginx/1.18.0
ETag: W/"5d2c7534-2498"
Strict-Transport-Security: max-age=31536000
X-Cache: HIT from Backend
Content-Type: image/svg+xml
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK gBetaalverzoek-ideal.svg
verzoek.online-gelijk.xyz/public/verzoek/img/ 18 KB
7 KB 155ms
52ms Image
image/svg+xml 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://verzoek.online-gelijk.xyz/public/verzoek/img/gBetaalverzoek-ideal.svg

Requested by

Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

hosting.albahost.net

Software

nginx/1.18.0 /

Resource Hash

4d44e96e620584c1588fd60045508c88cd0a8ed6f6e3d9c9105b7ec803045e8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://verzoek.online-gelijk.xyz/pay
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Tue, 16 Jun 2020 13:56:15 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jul 2019 12:44:36 GMT
Server: nginx/1.18.0
ETag: W/"5d2c7534-489e"
Strict-Transport-Security: max-age=31536000
X-Cache: HIT from Backend
Content-Type: image/svg+xml
Cache-Control: max-age=315360000
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK INGMeWeb-Bold.woff
verzoek.online-gelijk.xyz/public/verzoek/font/ 23 KB
4 KB 104ms
104ms Font
text/html 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://verzoek.online-gelijk.xyz/public/verzoek/font/INGMeWeb-Bold.woff
Requested by: Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),
Reverse DNS: hosting.albahost.net
Software: nginx/1.18.0 /
Resource Hash: b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css
Origin: https://verzoek.online-gelijk.xyz

Response headers

Pragma: no-cache
Date: Tue, 16 Jun 2020 13:56:16 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK INGMeWeb-Regular.woff
verzoek.online-gelijk.xyz/public/verzoek/font/ 23 KB
4 KB 104ms
104ms Font
text/html 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://verzoek.online-gelijk.xyz/public/verzoek/font/INGMeWeb-Regular.woff
Requested by: Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),
Reverse DNS: hosting.albahost.net
Software: nginx/1.18.0 /
Resource Hash: b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css
Origin: https://verzoek.online-gelijk.xyz

Response headers

Pragma: no-cache
Date: Tue, 16 Jun 2020 13:56:16 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK ing-icons-v4-6.woff
verzoek.online-gelijk.xyz/public/verzoek/font/ 68 KB
69 KB 62ms
61ms Font
font/woff 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://verzoek.online-gelijk.xyz/public/verzoek/font/ing-icons-v4-6.woff

Requested by

Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),

Reverse DNS

hosting.albahost.net

Software

nginx/1.18.0 /

Resource Hash

3b5249aa62da52d9853ebd8a7c8f43ed84b3941f10bd6cd7eff0619889daa2d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css
Origin: https://verzoek.online-gelijk.xyz

Response headers

Date: Tue, 16 Jun 2020 13:56:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Jul 2019 12:44:18 GMT
Server: nginx/1.18.0
ETag: "5d2c7522-110d4"
Strict-Transport-Security: max-age=31536000
X-Cache: HIT from Backend
Content-Type: font/woff
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 69844
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK INGMeWeb-Bold.ttf
verzoek.online-gelijk.xyz/public/verzoek/font/ 23 KB
4 KB 140ms
139ms Font
text/html 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://verzoek.online-gelijk.xyz/public/verzoek/font/INGMeWeb-Bold.ttf
Requested by: Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),
Reverse DNS: hosting.albahost.net
Software: nginx/1.18.0 /
Resource Hash: b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css
Origin: https://verzoek.online-gelijk.xyz

Response headers

Pragma: no-cache
Date: Tue, 16 Jun 2020 13:56:16 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK INGMeWeb-Regular.ttf
verzoek.online-gelijk.xyz/public/verzoek/font/ 23 KB
4 KB 100ms
100ms Font
text/html 31.220.29.65
BANDWIDTH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://verzoek.online-gelijk.xyz/public/verzoek/font/INGMeWeb-Regular.ttf
Requested by: Host: verzoek.online-gelijk.xyz
URL: https://verzoek.online-gelijk.xyz/pay
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 31.220.29.65 Tirana, Albania, ASN25369 (BANDWIDTH-AS, GB),
Reverse DNS: hosting.albahost.net
Software: nginx/1.18.0 /
Resource Hash: b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://verzoek.online-gelijk.xyz/public/verzoek/css/style.css
Origin: https://verzoek.online-gelijk.xyz

Response headers

Pragma: no-cache
Date: Tue, 16 Jun 2020 13:56:16 GMT
Content-Encoding: gzip
Server: nginx/1.18.0
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ING Group (Banking)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			verzoek.online-gelijk.xyz/	1969-12-31 23:59:59	Name: PHPSESSID Value: jp5g2tmlv7t8r4cpoirr9gtprh

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

verzoek.online-gelijk.xyz
31.220.29.65
3b5249aa62da52d9853ebd8a7c8f43ed84b3941f10bd6cd7eff0619889daa2d2
4d44e96e620584c1588fd60045508c88cd0a8ed6f6e3d9c9105b7ec803045e8b
80f705db087ae0810b0e69fa34e3f9f86caf425912a68d22b9df8c6ec0c440d4
b3aea53b8e6c1bba6a6f65340faecf79f4b704770ce55fd6f26c4cefb47609a7
fe17c85838590018104a44464eb8db80f843d7c152f4a1c34438c0fad626c22a

verzoek.online-gelijk.xyz Open in urlscan Pro 31.220.29.65 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

9 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

169 kBTransfer

861 kBSize

1 Cookies

6 Outgoing links

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

verzoek.online-gelijk.xyz Open in urlscan Pro
31.220.29.65 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

169 kB
Transfer

861 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!