abn-verificatie.com Open in urlscan Pro
94.156.79.24 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://abn-verificatie.com/vernieuwen
Effective URL:
https://abn-verificatie.com/pay/664dfee984feb
Submission: On May 28 via manual (May 28th 2024, 5:26:40 pm UTC) from CA — Scanned from CA

Summary HTTP 9 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 94.156.79.24, located in Bulgaria and belongs to NETRESEARCH, GB. The main domain is abn-verificatie.com.
TLS certificate: Issued by R3 on May 22nd 2024. Valid for: 3 months.

This is the only time abn-verificatie.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: ABN Amro (Banking)

Domain & IP information

	IP Address	AS Autonomous System
1 5	94.156.79.24 94.156.79.24	215240 (NETRESEARCH) (NETRESEARCH)
1	23.205.106.76 23.205.106.76	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	3

5 94.156.79.24 (Bulgaria) 1 redirects

ASN215240 (NETRESEARCH, GB)

abn-verificatie.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.205.106.76 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-76.deploy.static.akamaitechnologies.com

www.abnamro.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
5	abn-verificatie.com 1 redirects abn-verificatie.com	582 KB
1	abnamro.nl www.abnamro.nl — Cisco Umbrella Rank: 58818	1 KB
0	google.nl Failed www.google.nl Failed
9	3

	Domain	Requested by
5	abn-verificatie.com	1 redirects abn-verificatie.com
1	www.abnamro.nl
0	www.google.nl Failed	abn-verificatie.com
9	3

This site contains links to these domains. Also see Links.

Domain
www.ideal.nl
www.abnamro.nl

Subject Issuer	Validity	Valid
abn-verificatie.com R3	`2024-05-22` - `2024-08-20`	3 months	crt.sh
www.abnamro.nl Entrust Certification Authority - L1M	`2023-08-10` - `2024-08-10`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://abn-verificatie.com/pay/664dfee984feb
Frame ID: 5C1834BB92468AFED10DB954056DF5CB
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Ideal - ABN AMRO

Page URL History Show full URLs

https://abn-verificatie.com/vernieuwen HTTP 301
https://abn-verificatie.com/public/vernieuwen/ Page URL
https://abn-verificatie.com/pay/664dfee984feb Page URL

Page Statistics

9
Requests

56 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

583 kB
Transfer

1625 kB
Size

1
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ideal.nl/betalen/

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/veilig-bankieren/index.html
Title: Veiligheid

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/disclaimer.html
Title: Disclaimer

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/index.html
Title: Privacy en Cookies

Search URL Search Domain Scan URL

URL: https://www.abnamro.nl/nl/prive/abnamro/privacy/cookie-statement.html
Title: cookie statement

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://abn-verificatie.com/vernieuwen HTTP 301
https://abn-verificatie.com/public/vernieuwen/ Page URL
https://abn-verificatie.com/pay/664dfee984feb Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://abn-verificatie.com/vernieuwen HTTP 301
https://abn-verificatie.com/public/vernieuwen/

Request Chain 1

https://abn-verificatie.com/favicon.ico HTTP 302
https://www.google.nl/

Request Chain 2

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2 HTTP 302
https://www.google.nl/

Request Chain 3

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2 HTTP 302
https://www.google.nl/

Request Chain 4

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2 HTTP 302
https://www.google.nl/

9 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

/ Show response
abn-verificatie.com/public/vernieuwen/
Redirect Chain

https://abn-verificatie.com/vernieuwen
https://abn-verificatie.com/public/vernieuwen/

180 B
413 B

134ms
134ms

Document
text/html

94.156.79.24
NETRESEARCH

General

Check archive.org

Show headers Download Go to

Full URL: https://abn-verificatie.com/public/vernieuwen/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.79.24 , Bulgaria, ASN215240 (NETRESEARCH, GB),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: f78caf6cdc0bb1be67e0cf3785f0446e7c8b8db5d80a690735c6d42bc04073b4

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 162
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 May 2024 17:26:34 GMT
Keep-Alive: timeout=5, max=99
Server: Apache/2.4.41 (Ubuntu)
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 340
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 28 May 2024 17:26:34 GMT
Keep-Alive: timeout=5, max=100
Location: https://abn-verificatie.com/public/vernieuwen/
Server: Apache/2.4.41 (Ubuntu)

GET
H/1.1 200
OK Primary Request 664dfee984feb Show response
abn-verificatie.com/pay/ 2 MB
578 KB 307ms
169ms Document
text/html 94.156.79.24
NETRESEARCH

General

Check archive.org

Show headers Download Go to

Full URL: https://abn-verificatie.com/pay/664dfee984feb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.79.24 , Bulgaria, ASN215240 (NETRESEARCH, GB),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: 7215e65452e71133ecc3cad63ac8b93e406721fb1f96b5287a48676c040e90f8

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer: https://abn-verificatie.com/public/vernieuwen/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 May 2024 17:26:34 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=97
Pragma: no-cache
Server: Apache/2.4.41 (Ubuntu)
Transfer-Encoding: chunked
Vary: Accept-Encoding

GET

/
www.google.nl/
Redirect Chain

https://abn-verificatie.com/favicon.ico
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2
https://www.google.nl/

0
0

GET

/
www.google.nl/
Redirect Chain

https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2
https://www.google.nl/

0
0

GET
H/1.1 200
OK abn_slotje.svg
abn-verificatie.com/img/ 3 KB
3 KB 239ms
136ms Image
image/svg+xml 94.156.79.24
NETRESEARCH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://abn-verificatie.com/img/abn_slotje.svg
Requested by: Host: abn-verificatie.com
URL: https://abn-verificatie.com/pay/664dfee984feb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.79.24 , Bulgaria, ASN215240 (NETRESEARCH, GB),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash: bc102b53d2c262f985eee0f0ee3f76cd98773ba933ccab71fb92c62086249580

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://abn-verificatie.com/pay/664dfee984feb
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Tue, 28 May 2024 17:26:35 GMT
Last-Modified: Sun, 19 May 2024 14:22:50 GMT
Server: Apache/2.4.41 (Ubuntu)
ETag: "a3a-618cf51cdc280"
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 2618

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6aeac15b0019afd66c02fa6efe6bfeef95047788db5483820c721a1eaae940d

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6426d7ac1ac4842dc60ae32a2cba277ba2946d01bcd8e9a21e10677207f31309

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 332 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60b81a5fdacc9d71fe261050a1085f0550151cf284163908a741fb7a59ca83d9

Request headers

Accept-Language: en-CA,en;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 favicon.ico
www.abnamro.nl/nl/retail/pr/static/ 1 KB
1 KB 219ms
68ms Other
image/x-icon 23.205.106.76
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.abnamro.nl/nl/retail/pr/static/favicon.ico

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.76 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-76.deploy.static.akamaitechnologies.com

Software

Resource Hash

01bc948b5680da4b23ecfc7d56077f5e4b714816b8156aac020da134a2afc0f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://abn-verificatie.com/
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-application: lz-dda-static
date: Tue, 28 May 2024 17:26:36 GMT
strict-transport-security: max-age=31536000
last-modified: Wed, 28 Jun 2023 11:02:45 GMT
content-md5: y3doaKP3viODPv95++iykQ==
etag: "0x8DB77C73391217F"
content-type: image/x-icon
x-ms-request-id: f922ceda-101e-004a-3c6e-cb0420000000
cache-control: max-age=31536001
x-ms-version: 2018-03-28
accept-ranges: bytes
content-length: 1150

POST
H/1.1 200
OK online
abn-verificatie.com/user/ 2 B
0 174ms
173ms Fetch
text/html 94.156.79.24
NETRESEARCH

General

Check archive.org

Show headers Download Go to

Full URL: https://abn-verificatie.com/user/online
Requested by: Host: abn-verificatie.com
URL: https://abn-verificatie.com/pay/664dfee984feb
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 94.156.79.24 , Bulgaria, ASN215240 (NETRESEARCH, GB),
Reverse DNS
Software: Apache/2.4.41 (Ubuntu) /
Resource Hash

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://abn-verificatie.com/pay/664dfee984feb
Accept-Language: en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarynu7E7QP9wBWwNAck

Response headers

Pragma: no-cache
Date: Tue, 28 May 2024 17:26:38 GMT
Server: Apache/2.4.41 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 2
Expires: Thu, 19 Nov 1981 08:52:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Domain: www.google.nl
URL: https://www.google.nl/

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: ABN Amro (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			abn-verificatie.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 9kjn1nuu4g4s3799i2p2mlaf97

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	error	URL: https://abn-verificatie.com/pay/664dfee984feb Message: Access to font at 'https://www.google.nl/' (redirected from 'https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2') from origin 'https://abn-verificatie.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://abn-verificatie.com/pay/664dfee984feb Message: Access to font at 'https://www.google.nl/' (redirected from 'https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2') from origin 'https://abn-verificatie.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	error	URL: https://abn-verificatie.com/pay/664dfee984feb Message: Access to font at 'https://www.google.nl/' (redirected from 'https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2') from origin 'https://abn-verificatie.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.google.nl/ Message: Failed to load resource: net::ERR_FAILED
javascript	warning	URL: https://abn-verificatie.com/pay/664dfee984feb Message: The resource https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://abn-verificatie.com/pay/664dfee984feb Message: The resource https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-condensed-regular.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://abn-verificatie.com/pay/664dfee984feb Message: The resource https://abn-verificatie.com/nl/widgetdelivery/unauthenticated/oca/style/css/themes/abnamro/fonts/roboto-bold.woff2 was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

abn-verificatie.com
www.abnamro.nl
www.google.nl
www.google.nl
23.205.106.76
94.156.79.24
01bc948b5680da4b23ecfc7d56077f5e4b714816b8156aac020da134a2afc0f7
60b81a5fdacc9d71fe261050a1085f0550151cf284163908a741fb7a59ca83d9
6426d7ac1ac4842dc60ae32a2cba277ba2946d01bcd8e9a21e10677207f31309
7215e65452e71133ecc3cad63ac8b93e406721fb1f96b5287a48676c040e90f8
b6aeac15b0019afd66c02fa6efe6bfeef95047788db5483820c721a1eaae940d
bc102b53d2c262f985eee0f0ee3f76cd98773ba933ccab71fb92c62086249580
f78caf6cdc0bb1be67e0cf3785f0446e7c8b8db5d80a690735c6d42bc04073b4

abn-verificatie.com Open in urlscan Pro 94.156.79.24 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

9 Requests

56 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

583 kBTransfer

1625 kBSize

1 Cookies

5 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

9 Console Messages

Indicators

abn-verificatie.com Open in urlscan Pro
94.156.79.24 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

56 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

583 kB
Transfer

1625 kB
Size

1
Cookies

9 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!