abn-amro.nl-secure-ssl.tk
Open in
urlscan Pro
91.209.70.102
Malicious Activity!
Public Scan
Effective URL: https://abn-amro.nl-secure-ssl.tk/aanmelden/login.php?abn_id=x5wn9vxl5mfq0322/portalserver/mijn-abnamro/mijn-overzicht/overzicht/i...
Submission: On June 21 via manual from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on June 20th 2018. Valid for: 3 months.
This is the only time abn-amro.nl-secure-ssl.tk was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: ABN Amro (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 77.222.56.50 77.222.56.50 | 44112 (SWEB-AS) (SWEB-AS) | |
1 2 | 198.187.29.209 198.187.29.209 | 22612 (NAMECHEAP...) (NAMECHEAP-NET - Namecheap) | |
2 10 | 91.209.70.102 91.209.70.102 | 43317 (FISHNET-AS) (FISHNET-AS) | |
1 | 2a00:1450:400... 2a00:1450:4001:819::200a | 15169 (GOOGLE) (GOOGLE - Google LLC) | |
10 | 4 |
ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: server245-3.web-hosting.com
jze.com.pk |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
nl-secure-ssl.tk
2 redirects
abn-amro.nl-secure-ssl.tk |
1 MB |
2 |
jze.com.pk
1 redirects
jze.com.pk |
4 KB |
1 |
googleapis.com
ajax.googleapis.com |
30 KB |
1 |
sr23.ru
1 redirects
sr23.ru |
467 B |
10 | 4 |
Domain | Requested by | |
---|---|---|
10 | abn-amro.nl-secure-ssl.tk |
2 redirects
jze.com.pk
abn-amro.nl-secure-ssl.tk |
2 | jze.com.pk | 1 redirects |
1 | ajax.googleapis.com |
abn-amro.nl-secure-ssl.tk
|
1 | sr23.ru | 1 redirects |
10 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
abn-amro.nl-secure-ssl.tk Let's Encrypt Authority X3 |
2018-06-20 - 2018-09-18 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://abn-amro.nl-secure-ssl.tk/aanmelden/login.php?abn_id=x5wn9vxl5mfq0322/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html/
Frame ID: A35D02E297731BA0780E8B9D50D9BEBF
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://sr23.ru/AyS8
HTTP 301
http://jze.com.pk/rd HTTP 301
http://jze.com.pk/rd/ Page URL
-
https://abn-amro.nl-secure-ssl.tk/aanmelden
HTTP 301
https://abn-amro.nl-secure-ssl.tk/aanmelden/ HTTP 302
https://abn-amro.nl-secure-ssl.tk/aanmelden/login.php?abn_id=x5wn9vxl5mfq0322/portalserver/mijn-abnamro/mijn-o... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://sr23.ru/AyS8
HTTP 301
http://jze.com.pk/rd HTTP 301
http://jze.com.pk/rd/ Page URL
-
https://abn-amro.nl-secure-ssl.tk/aanmelden
HTTP 301
https://abn-amro.nl-secure-ssl.tk/aanmelden/ HTTP 302
https://abn-amro.nl-secure-ssl.tk/aanmelden/login.php?abn_id=x5wn9vxl5mfq0322/portalserver/mijn-abnamro/mijn-overzicht/overzicht/index.html/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 0- http://sr23.ru/AyS8 HTTP 301
- http://jze.com.pk/rd HTTP 301
- http://jze.com.pk/rd/
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
/
jze.com.pk/rd/ Redirect Chain
|
7 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
login.php
abn-amro.nl-secure-ssl.tk/aanmelden/ Redirect Chain
|
11 KB 12 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
normalize.min.css
abn-amro.nl-secure-ssl.tk/aanmelden/a/css/ |
2 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.css
abn-amro.nl-secure-ssl.tk/aanmelden/a/css/ |
439 KB 440 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
shared.css
abn-amro.nl-secure-ssl.tk/aanmelden/a/css/ |
4 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET S |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.3.1/ |
85 KB 30 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
icons.css
abn-amro.nl-secure-ssl.tk/aanmelden/a/css/ |
571 KB 571 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
243 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
247 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-regular.woff2
abn-amro.nl-secure-ssl.tk/aanmelden/a/fonts/ |
66 KB 66 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-condensed-regular.woff2
abn-amro.nl-secure-ssl.tk/aanmelden/a/fonts/ |
66 KB 67 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headersResponse headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
roboto-bold.woff2
abn-amro.nl-secure-ssl.tk/aanmelden/a/fonts/ |
66 KB 66 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: ABN Amro (Banking)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
abn-amro.nl-secure-ssl.tk
ajax.googleapis.com
jze.com.pk
sr23.ru
198.187.29.209
2a00:1450:4001:819::200a
77.222.56.50
91.209.70.102
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
192e39d75de6896a814e51f02c87d703fbbe92564f508bfbfeb7117de557f7a0
26d617550fa5544d0cda6d9fae99dd71701a319f095880bb717b7b0bb00a7f2b
2f646c87e16a2fb953c805ff4dfb142764b559765aad550fdcfc319d48ccd53f
44ad606492c593adb173cd8d728fdd5c1ef2971196c18afe58bb8f57851bb580
76dfbefe15a3df2d009bb8e6334614943ceaa868f8478f913e93f018bbdf07fd
7c2c3aa607fb24e5f8d522cb359816f105564dadeb40dee703de43d12936da78
910fe83727b21836f969035d1ecd78a387046fffc684c5e5c3880dccd1846092
9e1a911a99cee80748eb0b764d52d9fec8e33b7c1346161b212cac9da447456c
b1e1d99d43ab313eb41d38bdba892888025c041e67bd9111762473f090920eaa
b682cf63b253170a94d108de561d10fed357c12f6690389223f2d92bb7026b88
c0c20036cad791f2fe3957eb5e629e606313eaaff0f6b665194ee54213d1c17c
dae57d591e1c32826e496e78403c02222d00fc73d343591aa1d4b4fa3753b4b1
ddc211c42bdaa44d598ba6d544c980d111999c789e6eeb5840108b8e15d98573
fdddb98fd8996ec4f8c27f1576f077fa8304087826ad0c58ee844bc754faab8c