betaling.tikkie-betaalverzoek-me.top Open in urlscan Pro
101.99.75.27 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://betaling.tikkie-betaalverzoek-me.top/
Effective URL:
https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do
Submission: On September 17 via automatic, source certstream-suspicious (September 17th 2020, 9:09:28 am UTC)

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 101.99.75.27, located in Malaysia and belongs to SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY. The main domain is betaling.tikkie-betaalverzoek-me.top.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on September 17th 2020. Valid for: 3 months.

This is the only time betaling.tikkie-betaalverzoek-me.top was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rabobank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
2 13	101.99.75.27 101.99.75.27	45839 (SHINJIRU-...) (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd)
1	2a02:26f0:170... 2a02:26f0:1700:1b9::3f8a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	3

13 101.99.75.27 (Malaysia) 2 redirects

ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY)
PTR: turkey.itwebhost.info

betaling.tikkie-betaalverzoek-me.top	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:1700:1b9::3f8a (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

www.rabobank.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
13	tikkie-betaalverzoek-me.top 2 redirects betaling.tikkie-betaalverzoek-me.top	128 KB
1	rabobank.nl www.rabobank.nl
0	googleapis.com Failed ajax.googleapis.com Failed
13	3

	Domain	Requested by
13	betaling.tikkie-betaalverzoek-me.top	2 redirects betaling.tikkie-betaalverzoek-me.top
1	www.rabobank.nl	betaling.tikkie-betaalverzoek-me.top
0	ajax.googleapis.com Failed	betaling.tikkie-betaalverzoek-me.top
13	3

This site contains no links.

Subject Issuer	Validity	Valid
tikkie-betaalverzoek-me.top ZeroSSL RSA Domain Secure Site CA	`2020-09-17` - `2020-12-16`	3 months	crt.sh
rabobank.nl DigiCert SHA2 Extended Validation Server CA	`2020-06-15` - `2021-06-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do
Frame ID: 6250B7DCDE8D3E296503C11945464530
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://betaling.tikkie-betaalverzoek-me.top/ HTTP 302
https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Page URL

Detected technologies

LiteSpeed (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^LiteSpeed$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

13
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

128 kB
Transfer

285 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://betaling.tikkie-betaalverzoek-me.top/ HTTP 302
https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://betaling.tikkie-betaalverzoek-me.top/public/iznzg/js/jquery-3.3.1.min.js HTTP 302
https://www.rabobank.nl/404

13 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request qsl_inloggen.do Show response betaling.tikkie-betaalverzoek-me.top/klanten/ Redirect Chain https://betaling.tikkie-betaalverzoek-me.top/ https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do	9 KB 2 KB	595ms 595ms	Document text/html	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / PHP/7.3.22 Resource Hash `0246d3c712971f9118819b5b7fd52b5b93b3c9f883313e9f03c91b4d5122e64e` Request headers :method GET :authority betaling.tikkie-betaalverzoek-me.top :scheme https :path /klanten/qsl_inloggen.do pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US cookie PHPSESSID=c139f236f4153056cfbfd0404e7f67a8 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers status 200 x-powered-by PHP/7.3.22 expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-store, no-cache, must-revalidate pragma no-cache content-type text/html; charset=UTF-8 content-encoding br vary Accept-Encoding date Thu, 17 Sep 2020 09:09:09 GMT server LiteSpeed Redirect headers status 302 x-powered-by PHP/7.3.22 set-cookie PHPSESSID=c139f236f4153056cfbfd0404e7f67a8; path=/; secure expires Thu, 19 Nov 1981 08:52:00 GMT cache-control no-cache, no-store, must-revalidate, max-age=0 pragma no-cache location /klanten/qsl_inloggen.do content-type text/html; charset=UTF-8 content-length 0 date Thu, 17 Sep 2020 09:09:08 GMT server LiteSpeed alt-svc quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-24=":443"; ma=2592000, h3-25=":443"; ma=2592000
GET H2	200	rass-proto.css betaling.tikkie-betaalverzoek-me.top/public/rabo/css/	124 KB 79 KB	270ms 268ms	Stylesheet text/css	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/rass-proto.css Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `905ab4758306045d727e73c1262db673b0a3363b52132b85e523c3bd0b8ca792` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:13:49 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 80565 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	www-extension.css betaling.tikkie-betaalverzoek-me.top/public/rabo/css/	29 KB 5 KB	790ms 788ms	Stylesheet text/css	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `b6c67c2efbb2193a1d1f9db153792360fd24c4dc4f897b19d126083c27b2c3f3` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:13:54 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 5031 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	default.css betaling.tikkie-betaalverzoek-me.top/public/rabo/font/myriad/	4 KB 1 KB	790ms 788ms	Stylesheet text/css	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/font/myriad/default.css Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `4dbba2be9bb99b3192ee293127cb103876e4b5bf66c2fede8a3f6678c242711e` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:36:08 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 1132 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	nieuw.css betaling.tikkie-betaalverzoek-me.top/public/rabo/css/	37 KB 10 KB	790ms 788ms	Stylesheet text/css	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/nieuw.css Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `6074f70a749aa7253d197ad8779413e37264c065cc2c80897eae0d988ad39c0c` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:13:47 GMT server LiteSpeed vary Accept-Encoding content-type text/css status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 9753 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	logo.png betaling.tikkie-betaalverzoek-me.top/public/rabo/img/	16 KB 16 KB	1032ms 1031ms	Image image/png	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Show image Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/img/logo.png Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT last-modified Sat, 12 Sep 2020 15:14:14 GMT server LiteSpeed content-type image/png status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 16211 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	device.min.js Show response betaling.tikkie-betaalverzoek-me.top/public/rabo/js/	4 KB 1 KB	1032ms 1030ms	Script application/javascript	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/js/device.min.js Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `d3112a1c3491b87e867def9697d543ab33db807017ae961a32164b0b8e18a3a4` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 16:28:22 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 1109 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H2	200	asjrfkewqr8asdfqawqs.js Show response betaling.tikkie-betaalverzoek-me.top/public/rabo/js/	52 KB 11 KB	1032ms 1031ms	Script application/javascript	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/js/asjrfkewqr8asdfqawqs.js Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `aa7f09295746a9abee27eb61f1d848ed0b9c36df19e62abc65f38af19fa2ed0a` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:09 GMT content-encoding br last-modified Sat, 12 Sep 2020 16:28:19 GMT server LiteSpeed vary Accept-Encoding content-type application/javascript status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 11667 expires Thu, 24 Sep 2020 09:09:09 GMT
GET H/1.1	404 Not Found	404 www.rabobank.nl/ Redirect Chain https://betaling.tikkie-betaalverzoek-me.top/public/iznzg/js/jquery-3.3.1.min.js https://www.rabobank.nl/404	0 0	154ms 66ms	Script text/html	2a02:26f0:1700:1b9::3f8a AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.rabobank.nl/404 Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:1700:1b9::3f8a , Ascension Island, ASN20940 (AKAMAI-ASN1, EU), Reverse DNS Software / Resource Hash Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/klanten/qsl_inloggen.do User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Redirect headers pragma no-cache date Thu, 17 Sep 2020 09:09:09 GMT server LiteSpeed x-powered-by PHP/7.3.22 status 302 content-type text/html; charset=UTF-8 location https://www.rabobank.nl/404 cache-control no-cache, no-store, must-revalidate, max-age=0 content-length 0 expires Thu, 19 Nov 1981 08:52:00 GMT
GET		jquery.min.js ajax.googleapis.com/ajax/libs/jquery/1.10.0/	0 0

GET H2	200	checkbox_off.svg betaling.tikkie-betaalverzoek-me.top/public/rabo/img/	3 KB 828 B	268ms 267ms	Image image/svg+xml	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Show image Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/img/checkbox_off.svg Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `fa8de1824bf6eae076dd823a97f70ad07ab8ca78020cbc90e91fb32033f92a16` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:10 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:14:02 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 710 expires Thu, 24 Sep 2020 09:09:10 GMT
GET H2	200	icon_supercirkel_vraagteken.svg betaling.tikkie-betaalverzoek-me.top/public/rabo/img/	1 KB 774 B	269ms 268ms	Image image/svg+xml	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Show image Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/img/icon_supercirkel_vraagteken.svg Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `f3abae3e6240aed54a36f41ef80dce160cedcca5a55902b20b2625943831d2d7` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:10 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:14:11 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 658 expires Thu, 24 Sep 2020 09:09:10 GMT
GET H2	200	icon_supercirkel_pijl.svg betaling.tikkie-betaalverzoek-me.top/public/rabo/img/	1 KB 647 B	269ms 268ms	Image image/svg+xml	101.99.75.27 SHINJIRU-MY-AS-AP...
General Check archive.org Show headers Download Go to Show image Full URL https://betaling.tikkie-betaalverzoek-me.top/public/rabo/img/icon_supercirkel_pijl.svg Requested by Host: betaling.tikkie-betaalverzoek-me.top URL: https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 101.99.75.27 , Malaysia, ASN45839 (SHINJIRU-MY-AS-AP Shinjiru Technology Sdn Bhd, MY), Reverse DNS turkey.itwebhost.info Software LiteSpeed / Resource Hash `835363cca76995c3787b1eb3dbfcfeb661315461cb50fc4132a9664bcc25a0af` Request headers Referer https://betaling.tikkie-betaalverzoek-me.top/public/rabo/css/www-extension.css User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 17 Sep 2020 09:09:10 GMT content-encoding br last-modified Sat, 12 Sep 2020 15:14:08 GMT server LiteSpeed vary Accept-Encoding content-type image/svg+xml status 200 cache-control public, max-age=604800 accept-ranges bytes content-length 589 expires Thu, 24 Sep 2020 09:09:10 GMT
GET DATA	200 OK	truncated /	6 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72` Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/svg+xml

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ajax.googleapis.com
URL: http://ajax.googleapis.com/ajax/libs/jquery/1.10.0/jquery.min.js

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rabobank (Banking)

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
betaling.tikkie-betaalverzoek-me.top
www.rabobank.nl
ajax.googleapis.com
101.99.75.27
2a02:26f0:1700:1b9::3f8a
0246d3c712971f9118819b5b7fd52b5b93b3c9f883313e9f03c91b4d5122e64e
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72
4dbba2be9bb99b3192ee293127cb103876e4b5bf66c2fede8a3f6678c242711e
6074f70a749aa7253d197ad8779413e37264c065cc2c80897eae0d988ad39c0c
835363cca76995c3787b1eb3dbfcfeb661315461cb50fc4132a9664bcc25a0af
905ab4758306045d727e73c1262db673b0a3363b52132b85e523c3bd0b8ca792
aa7f09295746a9abee27eb61f1d848ed0b9c36df19e62abc65f38af19fa2ed0a
b6c67c2efbb2193a1d1f9db153792360fd24c4dc4f897b19d126083c27b2c3f3
d3112a1c3491b87e867def9697d543ab33db807017ae961a32164b0b8e18a3a4
f3abae3e6240aed54a36f41ef80dce160cedcca5a55902b20b2625943831d2d7
fa8de1824bf6eae076dd823a97f70ad07ab8ca78020cbc90e91fb32033f92a16

betaling.tikkie-betaalverzoek-me.top Open in urlscan Pro 101.99.75.27 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

8 %HTTPS

50 %IPv6

3 Domains

3 Subdomains

3 IPs

2 Countries

128 kBTransfer

285 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

9 JavaScript Global Variables

0 Cookies

Indicators

betaling.tikkie-betaalverzoek-me.top Open in urlscan Pro
101.99.75.27 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

8 %
HTTPS

50 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

128 kB
Transfer

285 kB
Size

0
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!