openstaande-omgeving.gq
Open in
urlscan Pro
89.203.250.232
Malicious Activity!
Public Scan
Submission Tags: @andsyn1 phishing malicious Search All
Submission: On October 21 via api from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 21st 2020. Valid for: 3 months.
This is the only time openstaande-omgeving.gq was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ING Group (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 89.203.250.232 89.203.250.232 | 25512 (CDT-AS Th...) (CDT-AS The Czech Republic) | |
2 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
1 | 2606:4700::68... 2606:4700::6811:4f6b | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
11 | 4 |
ASN25512 (CDT-AS The Czech Republic, CZ)
PTR: 232-250-203-89.hicoria.com
openstaande-omgeving.gq |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
openstaande-omgeving.gq
openstaande-omgeving.gq |
138 KB |
2 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
32 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
7 KB |
1 |
jquery.com
code.jquery.com |
24 KB |
11 | 4 |
Domain | Requested by | |
---|---|---|
7 | openstaande-omgeving.gq |
openstaande-omgeving.gq
|
2 | maxcdn.bootstrapcdn.com |
openstaande-omgeving.gq
|
1 | cdnjs.cloudflare.com |
openstaande-omgeving.gq
|
1 | code.jquery.com |
openstaande-omgeving.gq
|
11 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
inlogcodes.mijn.ing.nl |
www.ing.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
openstaande-omgeving.gq Let's Encrypt Authority X3 |
2020-10-21 - 2021-01-19 |
3 months | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
jquery.org Sectigo RSA Domain Validation Secure Server CA |
2020-10-06 - 2021-10-16 |
a year | crt.sh |
cdnjs.cloudflare.com DigiCert ECC Secure Server CA |
2020-08-12 - 2022-08-17 |
2 years | crt.sh |
This page contains 1 frames:
Primary Page:
https://openstaande-omgeving.gq/lng/verifieren.php
Frame ID: 479088F4F559B5E08AFD65A02040C19C
Requests: 11 HTTP requests in this frame
Screenshot
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- url /\.php(?:$|\?)/i
Ubuntu (Operating Systems) Expand
Detected patterns
- headers server /Ubuntu/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
4 Outgoing links
These are links going to different origins than the main page.
Title: Hulp nodig?
Search URL Search Domain Scan URL
Title: Veilig bankieren
Search URL Search Domain Scan URL
Title: Privacy en cookies
Search URL Search Domain Scan URL
Title: Disclaimer
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
11 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
verifieren.php
openstaande-omgeving.gq/lng/ |
4 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/css/ |
124 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
style.css
openstaande-omgeving.gq/lng/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo1.png
openstaande-omgeving.gq/lng/ |
62 KB 62 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow-chevron-open-right.svg
openstaande-omgeving.gq/lng/ |
373 B 662 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.2.1.slim.min.js
code.jquery.com/ |
68 KB 24 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popper.min.js
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.3/umd/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.2/js/ |
49 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bg.png
openstaande-omgeving.gq/lng/ |
286 B 286 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ing.ttf
openstaande-omgeving.gq/lng/ |
70 KB 70 KB |
Font
application/font-sfnt |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
checkbox.svg
openstaande-omgeving.gq/lng/ |
285 B 573 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ING Group (Banking)9 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| $ function| jQuery function| Popper object| bootstrap function| removeDiv0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
maxcdn.bootstrapcdn.com
openstaande-omgeving.gq
2001:4de0:ac19::1:b:2a
2001:4de0:ac19::1:b:2b
2606:4700::6811:4f6b
89.203.250.232
1886bc561dec7c44a7541d82377ad81a40ff32496f32ad259884f0790c44d6a5
2f3bd101622b80b58bf0cd3714742b23d0e63775de7a770685e68880d366b49e
414caa66bb79bc88c1ba6a2a415d2333c0a01aab1c15f74684dfa7542a97d2f7
4660e3da26ee1cca9ff90b3ad94fa57ff2b7083558980456c562dd43948d52f1
585017a10de219258180ee632773ef1d8faf339ef98ce8b74e279eb39196860e
753715f3d281b57d2df1a9f7163eb448e7d727e30172a9fe7e5bcc11fc4e9677
8e95b881702116fa860c3e41ef7ebaac83c3ecf0db026aaae023b46671db74ce
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398
ca67948c28f25ecfb740b335c2e6ae57ccee923a9ebbcd98e3f962679ca28b54
eb967c8a3dcd5a27e55cb9db9cc1f7566087ab2e3a7c60258cacbe3684a48976
f8fae559510a02744c8e9f90d74b454bcf418aa7bc8eed65ebbd91174b77605c