wijzijnnederland.eu
Open in
urlscan Pro
2a01:7c8:eb:0:149:210:209:133
Malicious Activity!
Public Scan
URL:
https://wijzijnnederland.eu/01DC9F9589177AADA5F3989D674A9667/verifieren.php
Submission: On June 30 via manual from NL
Submission: On June 30 via manual from NL
Summary
This website contacted 4 IPs
in 2 countries
across 4 domains to perform 12 HTTP transactions.
The main IP is 2a01:7c8:eb:0:149:210:209:133, located in
Netherlands and
belongs to TRANSIP-AS Amsterdam, the Netherlands, NL.
The main domain is wijzijnnederland.eu.
TLS certificate: Issued by Let's Encrypt Authority X3 on June 21st 2020. Valid for: 3 months.
This is the only time wijzijnnederland.eu was scanned on urlscan.io!
TLS certificate: Issued by Let's Encrypt Authority X3 on June 21st 2020. Valid for: 3 months.
This is the only time wijzijnnederland.eu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABN Amro (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 2a01:7c8:eb:0... 2a01:7c8:eb:0:149:210:209:133 | 20857 (TRANSIP-A...) (TRANSIP-AS Amsterdam) | |
| 1 | 13.74.40.157 13.74.40.157 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 1 | 99.80.110.198 99.80.110.198 | 16509 (AMAZON-02) (AMAZON-02) | |
| 12 | 4 |
1
2a01:7c8:eb:0:149:210:209:133
(Netherlands)
ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
ASN20857 (TRANSIP-AS Amsterdam, the Netherlands, NL)
| wijzijnnederland.eu |
1
99.80.110.198
(Dublin, Ireland)
ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-110-198.eu-west-1.compute.amazonaws.com
ASN16509 (AMAZON-02, US)
PTR: ec2-99-80-110-198.eu-west-1.compute.amazonaws.com
| w.usabilla.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 1 |
usabilla.com
w.usabilla.com |
14 KB |
| 1 |
voya.ie
www.voya.ie |
45 KB |
| 1 |
wijzijnnederland.eu
wijzijnnederland.eu |
1 MB |
| 0 |
abnamro.nl
Failed
www.abnamro.nl Failed |
|
| 12 | 4 |
| Domain | Requested by | |
|---|---|---|
| 1 | w.usabilla.com |
srcdoc
|
| 1 | www.voya.ie |
wijzijnnederland.eu
|
| 1 | wijzijnnederland.eu | |
| 0 | www.abnamro.nl Failed |
wijzijnnederland.eu
|
| 12 | 4 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| www.abnamro.nl |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| *.wijzijnnederland.eu Let's Encrypt Authority X3 |
2020-06-21 - 2020-09-19 |
3 months | crt.sh |
| voya.ie Sectigo RSA Domain Validation Secure Server CA |
2019-10-04 - 2020-10-22 |
a year | crt.sh |
| w.usabilla.com Amazon |
2020-04-10 - 2021-05-10 |
a year | crt.sh |
This page contains 7 frames:
Primary Page:
https://wijzijnnederland.eu/01DC9F9589177AADA5F3989D674A9667/verifieren.php
Frame ID: 0A8677C05C93065E35D698CC6E7B1E06
Requests: 19 HTTP requests in this frame
Frame:
https://w.usabilla.com/3fdfb3d605e5.js?lv=1
Frame ID: 63E30858E3720601324172CA893E400A
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 3DAE5B00FB048DAD5363FB897921765A
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 3F69DD4449D656E82C315EA16130B177
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: A0AC430A81804DD7114488BB59AE3AA0
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: 4FB0DEBCA43ACB7BD5FB1401170769AC
Requests: 1 HTTP requests in this frame
Frame:
data://truncated
Frame ID: D321443DDEC60916460626EE789FCC47
Requests: 1 HTTP requests in this frame
Screenshot
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- url /\.php(?:$|\?)/i
Apache
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Tealium
(Advertising Networks)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
14 Outgoing links
These are links going to different origins than the main page.
URL: https://www.abnamro.nl/nl/prive/index.html
Title: ABNAMRO.nl
Title: ABNAMRO.nl
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/zoeken/index.html
Title: Zoeken
Title: Zoeken
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/portalserver/mijn-abnamro/taken/overzicht/index.html
Title:
Title:
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/betalen/geld-overmaken/periodieke-overboekingen.html
Title: Periodieke overboekingen
Title: Periodieke overboekingen
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/internet-en-mobiel/internet-bankieren/problemen-oplossen/index.html?pos=ib_link1_inloggen
Title: Problemen met Internet Bankieren oplossen
Title: Problemen met Internet Bankieren oplossen
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/betalen/geld-overmaken/geld-overmaken-naar-het-buitenland.html
Title: Geld overboeken naar het buitenland
Title: Geld overboeken naar het buitenland
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html
Title: NL
Title: NL
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/portalserver/my-abnamro/my-overview/overview/index.html
Title: EN
Title: EN
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/index.html
Title: Over ABN AMRO
Title: Over ABN AMRO
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/toegankelijkheid.html
Title: Toegankelijkheid
Title: Toegankelijkheid
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/duurzaamheid/index.html
Title: Duurzaamheid
Title: Duurzaamheid
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/veiligheid.html
Title: Veiligheid
Title: Veiligheid
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/index.html
Title: Privacy en cookies
Title: Privacy en cookies
Search URL Search Domain Scan URL
URL: https://www.abnamro.nl/nl/prive/abnamro/disclaimer.html
Title: Disclaimer
Title: Disclaimer
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
Primary Request
 Cookie set
verifieren.php
wijzijnnederland.eu/01DC9F9589177AADA5F3989D674A9667/ |
1 MB 1 MB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
roboto-regular.woff2
www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
roboto-bold.woff2
www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
roboto-condensed-regular.woff2
www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
LoadingBasketContents.gif
www.voya.ie/Interface/Icons/ |
45 KB 45 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
66 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
91 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
66 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
117 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
15 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
21 KB 0 |
Font
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
246 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
160 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
319 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
656 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
413 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
278 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3fdfb3d605e5.js
w.usabilla.com/ Frame 63E3 |
54 KB 14 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 3DAE |
6 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 3F69 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame A0AC |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame 4FB0 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ Frame D321 |
42 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- www.abnamro.nl
- URL
- https://www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2
- Domain
- www.abnamro.nl
- URL
- https://www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2
- Domain
- www.abnamro.nl
- URL
- https://www.abnamro.nl/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABN Amro (Banking)3 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| savepage_ShadowLoader1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| wijzijnnederland.eu/ | Name: PHPSESSID Value: 8876bde91a5266abd70648ee54e8681d |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
w.usabilla.com
wijzijnnederland.eu
www.abnamro.nl
www.voya.ie
www.abnamro.nl
13.74.40.157
2a01:7c8:eb:0:149:210:209:133
99.80.110.198
04f193d53943327ad065c836558a359f1a8db263ef444613af904210c35d08f4
1134515eaf0373a0ddd9aa9a2662c074b367b43e49e702c44f38a8badad39a50
1bf77a41beab12c2a0df2e92afabd6ab8c6cbd5d8e112a9d5b0280bb42f4d91d
234b2d7861f45404fc06e82b6077536a92c19dbba528a4e71c815c04bf9cca63
24c5aa39e00100099df24ff11e7cffe5c6b3702a9a30b114f8f5638ce5ff613a
2826a167c38ca84f1bd4ceaf548d08dea0a5ad559b75afc4b197bab64f5b4ad7
293680a5c9b05ee7c9c775597a78a96e2326217111b9d8d46689349877dc497c
2a3e35adcac872d3574c615b8b5e33d4d045f6da33e62cacefefdc6760d11658
3fff2cee56a3796393b398492564e47b54af3803b8cce7f55f1a143fe676bb80
44ad606492c593adb173cd8d728fdd5c1ef2971196c18afe58bb8f57851bb580
4aab039eca72b7cad9388164b6d9b6402de36b6fe1d1cd0a38eaa8aa89ecccc9
50d08b72d02afb15bae46d196bb167bf7b75dd558e9e1c644c621a248616258f
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
621f18fe641d405022bf6db951d83e3614ebae5feb03a94c18e1a54e9f2d3a73
64b293e07e5bae0e3c717f0fcbdb1e2f34af65db73d4087ea4052ad13b87dc16
747eade06a2bd97afb0587ba7d83a28a049aa1fbf8ed2d79492ebff2c770e448
818a2c1a54e97d0ddc5ebaa00fc7bc3d5be011f9955cb28598d920b36534fec7
979a47f2e9f7c3c0c347d06566aacb659d75db72f0837c3d72d517a90cade48e
ae9af7f377a9aada858dadb3589a7a655f11972b609c96875cb4befcf31d99de
b17f204b98ade629b8de7d35300179d25916854bce04650510752720e50044e7
c1283521ccf0b82f611949119c350b534932a0f168b551a29750c1afb23a22e3
c2559eef0e26286d8efb79b0573c0ea35c25b2b05e3732fbaf70dd4a35c25ecf
eafc2f0bd2a62addbbf2070b7ad752d90f5e3012c4bedbab0443b075088743e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4d7c09c1e402abcb3280abeccea1b9389a02c61ceaacf30442f00ad04555889