zap361958-1.plesk07.zap-webspace.com
Open in
urlscan Pro
185.223.28.49
Malicious Activity!
Public Scan
Effective URL: http://zap361958-1.plesk07.zap-webspace.com/klanten/login.php?abn_id=o9kwryswn65tsk5r/portalserver/mijn-abnamro/mijn-overzicht/overzicht/ind...
Submission: On June 27 via manual from NL
Summary
This is the only time zap361958-1.plesk07.zap-webspace.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABN Amro (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 198.187.29.209 198.187.29.209 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
2 10 | 185.223.28.49 185.223.28.49 | 197071 (ACTIVE-SE...) (ACTIVE-SERVERS active-servers.com) | |
1 | 2a00:1450:400... 2a00:1450:4001:81a::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
10 | 4 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server245-3.web-hosting.com
jze.com.pk |
ASN197071 (ACTIVE-SERVERS active-servers.com, DE)
PTR: plesk07.zap-webspace.com
zap361958-1.plesk07.zap-webspace.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
zap-webspace.com
2 redirects
zap361958-1.plesk07.zap-webspace.com |
1 MB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
jze.com.pk
jze.com.pk |
4 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
10 | zap361958-1.plesk07.zap-webspace.com |
2 redirects
jze.com.pk
zap361958-1.plesk07.zap-webspace.com |
1 | ajax.googleapis.com |
zap361958-1.plesk07.zap-webspace.com
|
1 | jze.com.pk | |
10 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid |
---|
This page contains 1 frames:
Primary Page:
http://zap361958-1.plesk07.zap-webspace.com/klanten/login.php?abn_id=o9kwryswn65tsk5r/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html/
Frame ID: D35C4E6BE1041EBD93D10106C9BF2744
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- http://jze.com.pk/bb/ Page URL
-
http://zap361958-1.plesk07.zap-webspace.com/klanten
HTTP 301
http://zap361958-1.plesk07.zap-webspace.com/klanten/ HTTP 302
http://zap361958-1.plesk07.zap-webspace.com/klanten/login.php?abn_id=o9kwryswn65tsk5r/portalserver/mijn-abnamro/mijn-ove... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- http://jze.com.pk/bb/ Page URL
-
http://zap361958-1.plesk07.zap-webspace.com/klanten
HTTP 301
http://zap361958-1.plesk07.zap-webspace.com/klanten/ HTTP 302
http://zap361958-1.plesk07.zap-webspace.com/klanten/login.php?abn_id=o9kwryswn65tsk5r/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
jze.com.pk/bb/ |
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
zap361958-1.plesk07.zap-webspace.com/klanten/ Redirect Chain
|
11 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.min.css
zap361958-1.plesk07.zap-webspace.com/klanten/a/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.css
zap361958-1.plesk07.zap-webspace.com/klanten/a/css/ |
439 KB 440 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shared.css
zap361958-1.plesk07.zap-webspace.com/klanten/a/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.css
zap361958-1.plesk07.zap-webspace.com/klanten/a/css/ |
571 KB 571 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
243 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
247 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-regular.woff2
zap361958-1.plesk07.zap-webspace.com/klanten/a/fonts/ |
66 KB 66 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-condensed-regular.woff2
zap361958-1.plesk07.zap-webspace.com/klanten/a/fonts/ |
66 KB 67 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-bold.woff2
zap361958-1.plesk07.zap-webspace.com/klanten/a/fonts/ |
66 KB 66 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABN Amro (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
zap361958-1.plesk07.zap-webspace.com/ | Name: PHPSESSID Value: n0p49kk5mg3n0bh9tt0bfqmk95 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
jze.com.pk
zap361958-1.plesk07.zap-webspace.com
185.223.28.49
198.187.29.209
2a00:1450:4001:81a::200a
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
192e39d75de6896a814e51f02c87d703fbbe92564f508bfbfeb7117de557f7a0
26d617550fa5544d0cda6d9fae99dd71701a319f095880bb717b7b0bb00a7f2b
2f646c87e16a2fb953c805ff4dfb142764b559765aad550fdcfc319d48ccd53f
44ad606492c593adb173cd8d728fdd5c1ef2971196c18afe58bb8f57851bb580
7c2c3aa607fb24e5f8d522cb359816f105564dadeb40dee703de43d12936da78
910fe83727b21836f969035d1ecd78a387046fffc684c5e5c3880dccd1846092
9e1a911a99cee80748eb0b764d52d9fec8e33b7c1346161b212cac9da447456c
b1e1d99d43ab313eb41d38bdba892888025c041e67bd9111762473f090920eaa
b682cf63b253170a94d108de561d10fed357c12f6690389223f2d92bb7026b88
c0c20036cad791f2fe3957eb5e629e606313eaaff0f6b665194ee54213d1c17c
dae57d591e1c32826e496e78403c02222d00fc73d343591aa1d4b4fa3753b4b1
ddc211c42bdaa44d598ba6d544c980d111999c789e6eeb5840108b8e15d98573
fab7c4c934dd10c16f37d4a310100fa7a2e0c3b749d07b18accb63f8904e212a
fdddb98fd8996ec4f8c27f1576f077fa8304087826ad0c58ee844bc754faab8c