abn-verificatie.com
Open in
urlscan Pro
94.156.79.24
Malicious Activity!
Public Scan
URL:
https://abn-verificatie.com/pay/664dfee984feb
Submission: On May 29 via automatic, source openphish — Scanned from DE
Submission: On May 29 via automatic, source openphish — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 7 HTTP transactions.
The main IP is 94.156.79.24, located in
Bulgaria and
belongs to NETRESEARCH, GB.
The main domain is abn-verificatie.com.
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.
This is the only time abn-verificatie.com was scanned on urlscan.io!
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.
This is the only time abn-verificatie.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABN Amro (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 3 | 94.156.79.24 94.156.79.24 | 215240 (NETRESEARCH) (NETRESEARCH) | |
| 1 | 2a02:26f0:e30... 2a02:26f0:e300::5f64:921a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 7 | 3 |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 3 |
abn-verificatie.com
abn-verificatie.com |
581 KB |
| 1 |
abnamro.nl
www.abnamro.nl — Cisco Umbrella Rank: 58818 |
1 KB |
| 0 |
google.nl
Failed
www.google.nl Failed |
|
| 7 | 3 |
| Domain | Requested by | |
|---|---|---|
| 3 | abn-verificatie.com |
abn-verificatie.com
|
| 1 | www.abnamro.nl | |
| 0 | www.google.nl Failed |
abn-verificatie.com
|
| 7 | 3 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.ideal.nl |
| www.abnamro.nl |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| abn-verificatie.com R3 |
2024-05-22 - 2024-08-20 |
3 months | crt.sh |
| www.abnamro.nl Entrust Certification Authority - L1M |
2023-08-10 - 2024-08-10 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://abn-verificatie.com/pay/664dfee984feb
Frame ID: 866D0F15BF007A45EE5772E8EF7FBB16
Requests: 10 HTTP requests in this frame
5 Outgoing links
These are links going to different origins than the main page.
URL: https://www.ideal.nl/betalen/
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/veilig-bankieren/index.html
Title: Veiligheid
Title: Veiligheid
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/disclaimer.html
Title: Disclaimer
Title: Disclaimer
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/index.html
Title: Privacy en Cookies
Title: Privacy en Cookies
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/cookie-statement.html
Title: cookie statement
Title: cookie statement
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2 HTTP 302
- https://www.google.nl/
- https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2 HTTP 302
- https://www.google.nl/
- https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2 HTTP 302
- https://www.google.nl/
7 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
664dfee984feb
abn-verificatie.com/pay/ |
2 MB 578 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
www.google.nl/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
www.google.nl/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
www.google.nl/ Redirect Chain
|
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
abn_slotje.svg
abn-verificatie.com/img/ |
3 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
4 KB 0 |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
332 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
www.abnamro.nl/nl/retail/pr/static/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
online
abn-verificatie.com/user/ |
2 B 0 |
Fetch
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.google.nl
- URL
- https://www.google.nl/
- Domain
- www.google.nl
- URL
- https://www.google.nl/
- Domain
- www.google.nl
- URL
- https://www.google.nl/
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABN Amro (Banking)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| abn-verificatie.com/ | Name: PHPSESSID Value: jdcpujk833cun976roaeee097t |
9 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
abn-verificatie.com
www.abnamro.nl
www.google.nl
www.google.nl
2a02:26f0:e300::5f64:921a
94.156.79.24
01bc948b5680da4b23ecfc7d56077f5e4b714816b8156aac020da134a2afc0f7
60b81a5fdacc9d71fe261050a1085f0550151cf284163908a741fb7a59ca83d9
6426d7ac1ac4842dc60ae32a2cba277ba2946d01bcd8e9a21e10677207f31309
830b4946e4d60c0f36d93a90ffa22130e0579ac3b386fa8d5b8a0cbe3151f37e
b6aeac15b0019afd66c02fa6efe6bfeef95047788db5483820c721a1eaae940d
bc102b53d2c262f985eee0f0ee3f76cd98773ba933ccab71fb92c62086249580