waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net Open in urlscan Pro
20.54.174.254 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Submission: On May 04 via api (May 4th 2024, 10:36:21 am UTC) from US — Scanned from NL

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 10 domains to perform 11 HTTP transactions. The main IP is 20.54.174.254, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net.
TLS certificate: Issued by QuoVadis Global SSL ICA G2 on June 21st 2023. Valid for: a year.

This is the only time waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coöperatie VGZ (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
2	20.54.174.254 20.54.174.254	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
6	13.80.147.7 13.80.147.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
11	5

2 20.54.174.254 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.80.147.7 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.vgz.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.iza.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.izzdoorvgz.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.vgzbewuzt.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
services.mijnunivezorg.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
services.mijnzorgzaam.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	trafficmanager.net waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net	39 KB
1	gstatic.com fonts.gstatic.com	31 KB
1	mijnzorgzaam.nl services.mijnzorgzaam.nl	6 KB
1	mijnunivezorg.nl services.mijnunivezorg.nl	4 KB
1	vgzbewuzt.nl www.vgzbewuzt.nl	14 KB
1	izzdoorvgz.nl www.izzdoorvgz.nl	18 KB
1	iza.nl www.iza.nl	9 KB
1	vgz.nl www.vgz.nl	12 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
0	umczorgverzekering.nl Failed www.umczorgverzekering.nl Failed
11	10

	Domain	Requested by
2	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	fonts.gstatic.com	fonts.googleapis.com
1	services.mijnzorgzaam.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	services.mijnunivezorg.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	www.vgzbewuzt.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	www.izzdoorvgz.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	www.iza.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	www.vgz.nl	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
1	fonts.googleapis.com	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
0	www.umczorgverzekering.nl Failed	waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
11	10

This site contains no links.

Subject Issuer	Validity	Valid
mijn.vgzbewuzt.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh
mijn.vgz.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijn.iza.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijn.izzdoorvgz.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijnunivezorg.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijnzorgzaam.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-04-16` - `2024-07-09`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Frame ID: 8E2FF8DA7A3954DC0592F368906434F8
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sorry, de website is niet bereikbaar

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

11
Requests

73 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

5
IPs

2
Countries

134 kB
Transfer

130 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 404 Primary Request / Show response
waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ 20 KB
20 KB 139ms
29ms Document
text/html 20.54.174.254
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.54.174.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ab4d0dad0d0af5389d6ec581e1f5693f6c498809a09a9a693559a04aca344ca7

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 88ms
33ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700,700i

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d1d96d5546da46bfd618f570fb86265991d41e04f153b028567a82292b73010f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 04 May 2024 10:36:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 04 May 2024 10:36:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 04 May 2024 10:36:14 GMT

GET
H/1.1 200
OK header-logo-vgz.png
www.vgz.nl/-/media/Project/Websites/VGZ/VGZ-website/site-images/logos/ 10 KB
12 KB 215ms
110ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vgz.nl/-/media/Project/Websites/VGZ/VGZ-website/site-images/logos/header-logo-vgz.png?h=110&w=150&hash=6DB3885EC3CFED0E03C9243F2CCEA444

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

81aa14acb204f43ed49a42e940da4f96b9fb62fd83d6eaa8f5c98fcba7222003

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:14 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-vgz.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="429013865"
Content-Length: 10476
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Nov 2021 07:55:21 GMT
ETag: ee078958da08489d86d27e29c1e8c20f
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK header-logo-iza.png
www.iza.nl/-/media/project/websites/iza/iza-website/site-images/logos/ 7 KB
9 KB 208ms
99ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.iza.nl/-/media/project/websites/iza/iza-website/site-images/logos/header-logo-iza.png?h=100&w=200&hash=3C1C672AC9DA1B2190F3E857526EB06C

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

eaee1e4dd77680e5eb3ad89385db2a48837800b5d9c54f395a1913ea8eb42bff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:13 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-iza.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1999231165"
Content-Length: 7443
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 01 Jun 2023 08:11:02 GMT
ETag: aec717bd9f7f461a85201f11c89286f1
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK logo-header.png
www.izzdoorvgz.nl/-/media/project/websites/vgz-voor-de-zorg/vgz-voor-de-zorg-website/site-images/logos/ 16 KB
18 KB 234ms
103ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.izzdoorvgz.nl/-/media/project/websites/vgz-voor-de-zorg/vgz-voor-de-zorg-website/site-images/logos/logo-header.png?h=109&iar=0&w=500&hash=9782FD4CB8ABCCFF3601738C5B5843DE

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e4cd954e8d18bf3066dc54c08246aad199d45fbed27b931a1b688b37d632ee6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:14 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="logo-header.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="475457061"
Content-Length: 16492
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Nov 2021 08:53:28 GMT
ETag: 225eb60c0330482da67631c3b1f6e545
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK header-logo-vgzbewuzt.png
www.vgzbewuzt.nl/-/media/project/websites/bewuzt/bewuzt-website/site-images/logos/ 12 KB
14 KB 323ms
113ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vgzbewuzt.nl/-/media/project/websites/bewuzt/bewuzt-website/site-images/logos/header-logo-vgzbewuzt.png?h=85&iar=0&w=250&hash=9BE695D5190CF74B31B8CC7813749BC7

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

06269b9fa4cca7e7172667ffba1959d938d74bcf7fb0e63b63dc9516cac96a5a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:13 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-vgzbewuzt.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1558306685"
Content-Length: 12432
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 15 Sep 2022 06:55:20 GMT
ETag: 10686bcb58a14d529ae6ae76a937d69d
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET logo-umc-zorgverzekering-header.png
www.umczorgverzekering.nl/-/media/project/websites/umc-website/site-images/logos/ 0
0

GET
H/1.1 200
OK unive_logo.svg
services.mijnunivezorg.nl/-/media/project/websites/unive/zorgzoeker/ 2 KB
4 KB 170ms
56ms Image
image/svg+xml 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.mijnunivezorg.nl/-/media/project/websites/unive/zorgzoeker/unive_logo.svg

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2b218e0d4cb2cafd88eb7a17f7800fe6048e464063a94715791d557cd24b735

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:13 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="unive_logo.svg"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1694173347"
Content-Length: 2078
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 15 Apr 2020 11:16:46 GMT
ETag: dd61d7855b3a4b53a297496bfe079237
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=591660
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK zorgzaam_logo_klein.png
services.mijnzorgzaam.nl/-/media/project/websites/zorgzaam/zorgzaam-website/logo/ 4 KB
6 KB 275ms
107ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.mijnzorgzaam.nl/-/media/project/websites/zorgzaam/zorgzaam-website/logo/zorgzaam_logo_klein.png?h=82&w=245&hash=852F3FF93D49A6E7B3A9C4777D941AE1

Requested by

Host: waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

58969d9e1827f49fce993aca79b6bbed95c3bc75dc6a8ea64d48741966a6c3b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 04 May 2024 10:36:14 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="zorgzaam_logo_klein.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1421878067"
Content-Length: 4157
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 27 Oct 2021 09:31:29 GMT
ETag: 11fe3808e25649d882d8a88c4ee70a73
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H2 200 pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 30 KB
31 KB 107ms
22ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Mon, 29 Apr 2024 17:14:36 GMT
x-content-type-options: nosniff
age: 408098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31052
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:27:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Apr 2025 17:14:36 GMT

GET
H2 404 favicon.ico
waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ 20 KB
20 KB 40ms
39ms Other
text/html 20.54.174.254
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/favicon.ico
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 20.54.174.254 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e6b7fe263e6f6873885feda36cc66692b1938dc5a5e0f1048d9be7478732e9f4

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

cache-control: no-store, no-cache, must-revalidate
content-type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.umczorgverzekering.nl
URL: https://www.umczorgverzekering.nl/-/media/project/websites/umc-website/site-images/logos/logo-umc-zorgverzekering-header.png?h=114&w=300&hash=1759944BCF42A5905D2D11A4A2E1F7B6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coöperatie VGZ (Healthcare)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.www.iza.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 488a5bbc0c2c02bfb933773d26f6b1001b933bb450c6c892990564e8ce836f4a
.www.iza.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: gE1hp7VHwpteow8bzRJHuhYzKD4DcLPW7RYnLOq2+UQHiUHqYynSJcNoldUVLQteXaRwN8QtaAbK8evQT6t4E8dD1A9y7ZsvjgsjlURD0CdTgJGTy5YONTnVfKeVeRhxUOLa+mcVPhZm+/WjteEwOw4ehR8wtFGmzjyIryxjkog=
.services.mijnunivezorg.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 488a5bbc0c2c02bfb933773d26f6b1001b933bb450c6c892990564e8ce836f4a
.services.mijnunivezorg.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: RRGOsShgdssbqVNtjyPNtTbJfdN1yqmQ6x0VTW++n4tq+5lnYBp4C5lD5o5/npu4KJQARh04eWWF3ZHhaNvwxLNAUQHlQHPqD9P7l6xzDPgSS0r9v3BGqUOyvkdSZrjG+D0Qqd9xO/x2PEeaNyvHmpVWoneKAppDCYDXDmtL2Ls=
.www.vgz.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: c7f84ee18b05f2103ad33268dc11d480daa7c348981d68e7212727b4f1ac80f5
.www.vgz.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: yvj9N17Aut5HnAIQPIuB2MC7IAXjlWwGoCsq4IVYpj3FTyNHop3V0ES37b1zxoMjxKMPirxUUrJ9HlEC3Rb8Q3WsIQdqrsmwygb4UdS7nIr2wYrXpC2po5nNpz/4cyZxwMUxbMUSn2InXycYbVaN8wHDtazfXpztuiKw8mnfbRQ=
.www.izzdoorvgz.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: c7f84ee18b05f2103ad33268dc11d480daa7c348981d68e7212727b4f1ac80f5
.www.izzdoorvgz.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: nWjaWKrBijSXVOtiLl1SEg09drgQ5Q8h3/JBaVIND6HNvkrtL+mac/drTlrudBPA9TiwAko4y98IjFGGc2UUFBkr6IzjUGttaWAQfEp384KBPwJYf8sOpLg22b2t4ZTjsI8UtarRfUXfpFHOza151YGNAa/sn5KQDh0nYCR39F8=
.services.mijnzorgzaam.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: c7f84ee18b05f2103ad33268dc11d480daa7c348981d68e7212727b4f1ac80f5
.services.mijnzorgzaam.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: s2V32Wm/OZMwcFJPYiY6LMn8XxgI40y4sAs/rsGMDS4bIfKaxrBVHAz8z56m9d5FkYhIAkuWmd1H/Ri8GhwxjV1XokGGsvM+hBOU0LyC5xEwPPQgEHv+hgG16/H7BWFa7fVwpQVJdgHAD46PClKYIZp0bWhqJ9+l7KxlA7tS2HE=
.www.vgzbewuzt.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 488a5bbc0c2c02bfb933773d26f6b1001b933bb450c6c892990564e8ce836f4a
.www.vgzbewuzt.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: YUH658+9ZFwdfL6IbBwFQXcwrfumLbXK54bb2VJLr8w4ZYENxTq/2bWX9UZ4D4FIn+AofidTyRkrMk++7f6Rv829mAVukp8b7uIb5IWr3eGJ3GmLOCtK6moFYlVfloLKeMYv6fPHuSnTeI7shtG06PKCbL0TAEmop7N2aJ6Mi2I=
.www.umczorgverzekering.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 0aba8610b3668e35db799e4265d8ca6f47ce8c287298a576437486a2c7e64c08
.www.umczorgverzekering.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: gcRwX4VtnUBiRxy0skgHQkKg0DhYYfUx3Ml/I9wIBvV3S0F1ceZnoLckIlUXqxBNZZgYTgGqjCyxM+JHgrsCJlx4SUCDAJTAmTUNy1VqCnLbyjQKiJ8fEs/4EmQPVeWTz75nHZJF8GhByyIAyAQ+8uBg0tSscIGlQl+ydmDHprg=

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Failed to load resource: the server responded with a status of 404 ()
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
services.mijnunivezorg.nl
services.mijnzorgzaam.nl
waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net
www.iza.nl
www.izzdoorvgz.nl
www.umczorgverzekering.nl
www.vgz.nl
www.vgzbewuzt.nl
www.umczorgverzekering.nl
13.80.147.7
20.54.174.254
2a00:1450:4001:800::2003
2a00:1450:4001:81c::200a
06269b9fa4cca7e7172667ffba1959d938d74bcf7fb0e63b63dc9516cac96a5a
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
58969d9e1827f49fce993aca79b6bbed95c3bc75dc6a8ea64d48741966a6c3b0
81aa14acb204f43ed49a42e940da4f96b9fb62fd83d6eaa8f5c98fcba7222003
ab4d0dad0d0af5389d6ec581e1f5693f6c498809a09a9a693559a04aca344ca7
d1d96d5546da46bfd618f570fb86265991d41e04f153b028567a82292b73010f
e4cd954e8d18bf3066dc54c08246aad199d45fbed27b931a1b688b37d632ee6a
e6b7fe263e6f6873885feda36cc66692b1938dc5a5e0f1048d9be7478732e9f4
eaee1e4dd77680e5eb3ad89385db2a48837800b5d9c54f395a1913ea8eb42bff
f2b218e0d4cb2cafd88eb7a17f7800fe6048e464063a94715791d557cd24b735

waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net Open in urlscan Pro 20.54.174.254 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

73 %HTTPS

50 %IPv6

10 Domains

10 Subdomains

5 IPs

2 Countries

134 kBTransfer

130 kBSize

14 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

14 Cookies

16 Console Messages

Indicators

waas-prod-app-fd4e6a6d2a84da94ef85df05fc0bdfe2.trafficmanager.net Open in urlscan Pro
20.54.174.254 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

73 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

5
IPs

2
Countries

134 kB
Transfer

130 kB
Size

14
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!