waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net Open in urlscan Pro
108.141.226.231 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Submission: On April 20 via api (April 20th 2024, 3:16:38 pm UTC) from US — Scanned from NL

Summary HTTP 11 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 10 domains to perform 11 HTTP transactions. The main IP is 108.141.226.231, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net.
TLS certificate: Issued by protected.cudadps.com on January 25th 2018. Valid for: 37 years.

This is the only time waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Coöperatie VGZ (Healthcare)

Domain & IP information

	IP Address	AS Autonomous System
2	108.141.226.231 108.141.226.231	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
6	13.80.147.7 13.80.147.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
11	5

2 108.141.226.231 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.80.147.7 (Amsterdam, Netherlands)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.vgz.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.iza.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.izzdoorvgz.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.vgzbewuzt.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
services.mijnunivezorg.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
services.mijnzorgzaam.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	trafficmanager.net waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net	40 KB
1	gstatic.com fonts.gstatic.com	31 KB
1	mijnzorgzaam.nl services.mijnzorgzaam.nl	6 KB
1	mijnunivezorg.nl services.mijnunivezorg.nl	4 KB
1	vgzbewuzt.nl www.vgzbewuzt.nl	14 KB
1	izzdoorvgz.nl www.izzdoorvgz.nl	18 KB
1	iza.nl www.iza.nl	9 KB
1	vgz.nl www.vgz.nl	12 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 33	1 KB
0	umczorgverzekering.nl Failed www.umczorgverzekering.nl Failed
11	10

	Domain	Requested by
2	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	fonts.gstatic.com	fonts.googleapis.com
1	services.mijnzorgzaam.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	services.mijnunivezorg.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	www.vgzbewuzt.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	www.izzdoorvgz.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	www.iza.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	www.vgz.nl	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
1	fonts.googleapis.com	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
0	www.umczorgverzekering.nl Failed	waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
11	10

This site contains no links.

Subject Issuer	Validity	Valid
protected.cudadps.com protected.cudadps.com	`2018-01-25` - `2055-06-10`	37 years	crt.sh
upload.video.google.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh
mijn.vgz.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijn.iza.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijn.izzdoorvgz.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijn.vgzbewuzt.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijnunivezorg.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
mijnzorgzaam.nl QuoVadis Global SSL ICA G2	`2023-06-21` - `2024-06-21`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2024-03-18` - `2024-06-10`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Frame ID: 75BB4EA6874B01C89F7E2560BD5D50B7
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sorry, de website is niet bereikbaar

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

11
Requests

73 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

5
IPs

2
Countries

134 kB
Transfer

130 kB
Size

14
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request / Show response
waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ 20 KB
20 KB 80ms
18ms Document
text/html 108.141.226.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.141.226.231 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 473468217ead1283e1323626946cfbd17dd32b97b6d3022ac60793a8c84b8f81

Request headers

Accept-Language: nl-NL,nl;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Close
Content-Type: text/html

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 93ms
35ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700,700i

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d1d96d5546da46bfd618f570fb86265991d41e04f153b028567a82292b73010f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Sat, 20 Apr 2024 15:16:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Sat, 20 Apr 2024 15:16:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 20 Apr 2024 15:16:33 GMT

GET
H/1.1 200
OK header-logo-vgz.png
www.vgz.nl/-/media/Project/Websites/VGZ/VGZ-website/site-images/logos/ 10 KB
12 KB 217ms
113ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vgz.nl/-/media/Project/Websites/VGZ/VGZ-website/site-images/logos/header-logo-vgz.png?h=110&w=150&hash=6DB3885EC3CFED0E03C9243F2CCEA444

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

81aa14acb204f43ed49a42e940da4f96b9fb62fd83d6eaa8f5c98fcba7222003

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-vgz.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-745271267"
Content-Length: 10476
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Nov 2021 07:55:21 GMT
ETag: ee078958da08489d86d27e29c1e8c20f
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK header-logo-iza.png
www.iza.nl/-/media/project/websites/iza/iza-website/site-images/logos/ 7 KB
9 KB 211ms
102ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.iza.nl/-/media/project/websites/iza/iza-website/site-images/logos/header-logo-iza.png?h=100&w=200&hash=3C1C672AC9DA1B2190F3E857526EB06C

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

eaee1e4dd77680e5eb3ad89385db2a48837800b5d9c54f395a1913ea8eb42bff

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-iza.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="1379209418"
Content-Length: 7443
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 01 Jun 2023 08:11:02 GMT
ETag: aec717bd9f7f461a85201f11c89286f1
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK logo-header.png
www.izzdoorvgz.nl/-/media/project/websites/vgz-voor-de-zorg/vgz-voor-de-zorg-website/site-images/logos/ 16 KB
18 KB 257ms
145ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.izzdoorvgz.nl/-/media/project/websites/vgz-voor-de-zorg/vgz-voor-de-zorg-website/site-images/logos/logo-header.png?h=109&iar=0&w=500&hash=9782FD4CB8ABCCFF3601738C5B5843DE

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e4cd954e8d18bf3066dc54c08246aad199d45fbed27b931a1b688b37d632ee6a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="logo-header.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-695047206"
Content-Length: 16492
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 03 Nov 2021 08:53:28 GMT
ETag: 225eb60c0330482da67631c3b1f6e545
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK header-logo-vgzbewuzt.png
www.vgzbewuzt.nl/-/media/project/websites/bewuzt/bewuzt-website/site-images/logos/ 12 KB
14 KB 347ms
123ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.vgzbewuzt.nl/-/media/project/websites/bewuzt/bewuzt-website/site-images/logos/header-logo-vgzbewuzt.png?h=85&iar=0&w=250&hash=9BE695D5190CF74B31B8CC7813749BC7

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

06269b9fa4cca7e7172667ffba1959d938d74bcf7fb0e63b63dc9516cac96a5a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="header-logo-vgzbewuzt.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-310853775"
Content-Length: 12432
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 15 Sep 2022 06:55:20 GMT
ETag: 10686bcb58a14d529ae6ae76a937d69d
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET logo-umc-zorgverzekering-header.png
www.umczorgverzekering.nl/-/media/project/websites/umc-website/site-images/logos/ 0
0

GET
H/1.1 200
OK unive_logo.svg
services.mijnunivezorg.nl/-/media/project/websites/unive/zorgzoeker/ 2 KB
4 KB 159ms
58ms Image
image/svg+xml 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.mijnunivezorg.nl/-/media/project/websites/unive/zorgzoeker/unive_logo.svg

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f2b218e0d4cb2cafd88eb7a17f7800fe6048e464063a94715791d557cd24b735

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="unive_logo.svg"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="-1865215023"
Content-Length: 2078
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 15 Apr 2020 11:16:46 GMT
ETag: dd61d7855b3a4b53a297496bfe079237
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Cache-Control: public, max-age=583656
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H/1.1 200
OK zorgzaam_logo_klein.png
services.mijnzorgzaam.nl/-/media/project/websites/zorgzaam/zorgzaam-website/logo/ 4 KB
6 KB 214ms
112ms Image
image/png 13.80.147.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://services.mijnzorgzaam.nl/-/media/project/websites/zorgzaam/zorgzaam-website/logo/zorgzaam_logo_klein.png?h=82&w=245&hash=852F3FF93D49A6E7B3A9C4777D941AE1

Requested by

Host: waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.80.147.7 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

58969d9e1827f49fce993aca79b6bbed95c3bc75dc6a8ea64d48741966a6c3b0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Sat, 20 Apr 2024 15:16:33 GMT
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubdomains
Content-Disposition: inline; filename="zorgzaam_logo_klein.png"
Server-Timing: dtSInfo;desc="0", dtRpid;desc="791785851"
Content-Length: 4157
X-XSS-Protection: 1; mode=block
Request-Context: appId=cid-v1:9a298db3-7e21-4c68-a5cd-5cdb1f70b9a2
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 27 Oct 2021 09:31:29 GMT
ETag: 11fe3808e25649d882d8a88c4ee70a73
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: public, max-age=604800
Permissions-Policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges: bytes

GET
H2 200 pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2
fonts.gstatic.com/s/nunitosans/v15/ 30 KB
31 KB 83ms
25ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/nunitosans/v15/pe0TMImSLYBIv1o4X1M8ce2xCx3yop4tQpF_MeTm0lfGWVpNn64CL7U8upHZIbMV51Q42ptCp7t1R-s.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito+Sans:400,400i,700,700i

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://fonts.googleapis.com/
Origin: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Sat, 20 Apr 2024 13:46:44 GMT
x-content-type-options: nosniff
age: 5389
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31052
x-xss-protection: 0
last-modified: Thu, 27 Apr 2023 00:27:41 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 20 Apr 2025 13:46:44 GMT

GET
H/1.1 404
Not Found favicon.ico
waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ 20 KB
20 KB 54ms
18ms Other
text/html 108.141.226.231
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/favicon.ico
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.141.226.231 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 6b0ec7410e86a59e119320ae772477673bd1b97635e22c841c41db25382c4d30

Request headers

sec-ch-ua: "Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/
Accept-Language: nl-NL,nl;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Connection: Close
Cache-Control: no-store, no-cache, must-revalidate
Content-Type: text/html

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.umczorgverzekering.nl
URL: https://www.umczorgverzekering.nl/-/media/project/websites/umc-website/site-images/logos/logo-umc-zorgverzekering-header.png?h=114&w=300&hash=1759944BCF42A5905D2D11A4A2E1F7B6

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Coöperatie VGZ (Healthcare)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

14 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.services.mijnunivezorg.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 0aba8610b3668e35db799e4265d8ca6f47ce8c287298a576437486a2c7e64c08
.services.mijnunivezorg.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: 3ZAnjLzegQ9VTCBtoz6taBjvWkX1OgZXkVwcJ4nOwCQRXxaQQyhOn55qsAV1JYlfy5QP2jjO0MXOtU7kC3Lq/8CWfNB+5t9EEBUBEHZMTjmzpAiSXP7ByreMROHz9Q+yc7W7Mft1nbIElB0Pfs8ff87HfI0BrFiT6eInS8+QznA=
.www.iza.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: aeb3332852467a6afed1c45595e6622d5694607fa6c6aad6c32c809eafdd6150
.www.iza.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: 1Aolf+Kbe+XxMRnDrVjmKrrLS8ZgSVB9JtA4N/2Bay0tCaQMEgIp21UEbfBoWy0hHhni4M6R3kwCm4SQw+EC4V0WuJ+4CuY7Rv4keMgb/hQ3NGcMLb37pDISQMgVKTsWdF/2m31Gu+qChMj9aoj0nW3IUrhNDS8E2KnSOSqSx40=
.www.vgz.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 20f0f558faf481e62dcbd08f8b40a8405bff2c296c2b41dc00fb6ab574c988ad
.www.vgz.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: S8OyJKSonTAR6HzAhME4YirdhSlRriI8xkKIkr9yQeMk4OdOmNzq2mxkBGvaSMY1vFATONHEU5gnTvnxrf80ca8m4kzDUXLVXBAN6JtP8ns9pbI5jjl+1+bKi1t20UX8Fr8qmCMMHtkLg3FqiQkE9WwIM7MwNRMVGZrRj86JmwI=
.services.mijnzorgzaam.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: aeb3332852467a6afed1c45595e6622d5694607fa6c6aad6c32c809eafdd6150
.services.mijnzorgzaam.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: 4YStjm83ILybgWz6UlZleZ0ecSwYG2FLhBIT/FSo/hhzdKQd6CZy60VDf1GkxTJZCGBLFA7697GE6P0QpsBPUDohQPL+4ZpLlcf2gJgwcvTPMH+QU0z3Ya7v9a62onOD69SGbUB+TJNGtZif4B54vY75FjcaD1Bmzf/3BfqZl18=
.www.izzdoorvgz.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 488a5bbc0c2c02bfb933773d26f6b1001b933bb450c6c892990564e8ce836f4a
.www.izzdoorvgz.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: UEswlE1Q5BWmJ3NHnY0FDTAuc6FBUnwx2cngdxHpkPHhN8pJb9ITzanhc5E8x03Hp7Tos+fLR+OHGLsyqBAm01wQE1QW/5+jwBcY4josAHDEVr6OHXL0uwdrgHQa2E/qgkRl6I19jn9QgVnRely9DSf7iu7NN84vKzEh1KnmzB8=
.www.vgzbewuzt.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: 0aba8610b3668e35db799e4265d8ca6f47ce8c287298a576437486a2c7e64c08
.www.vgzbewuzt.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: E26WKweUg9tWE+iNq6OWYOJYqMCAGvWgTwZZbpXIllo0CorCmshY7aMG3Skr54oYnfqnQ95ssRATBtSJk9Z4/8cyAgFYN90Vta0/t1HkxAYbp7HxerEPl5oN9rC4dmBiWIFH31NcmxkiQFfth3TIT08JqMbtIiBEuQUFh37WHhY=
.www.umczorgverzekering.nl/	1969-12-31 23:59:59	Name: ARRAffinitySameSite Value: c7f84ee18b05f2103ad33268dc11d480daa7c348981d68e7212727b4f1ac80f5
.www.umczorgverzekering.nl/	1969-12-31 23:59:59	Name: BNES_ARRAffinitySameSite Value: 8EABeaycaU1bBE5vdcf/dAkjtD5mbYG/Z9+EdkN9sWg5gD63ZZGsp7REKsf+z/6J1AvXcHJpJCbWU2wkEAJnM1/KPbNVY2maO8l0MqLsR5A0HUbgiKihe0Mpe7GaMrj6ooavV2htVcIqTcUlvm0wJLGoFPUPkxRgDHdw1kQgXik=

16 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Failed to load resource: the server responded with a status of 404 (Not Found)
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net/favicon.ico Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
services.mijnunivezorg.nl
services.mijnzorgzaam.nl
waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net
www.iza.nl
www.izzdoorvgz.nl
www.umczorgverzekering.nl
www.vgz.nl
www.vgzbewuzt.nl
www.umczorgverzekering.nl
108.141.226.231
13.80.147.7
2a00:1450:4001:80b::200a
2a00:1450:4001:831::2003
06269b9fa4cca7e7172667ffba1959d938d74bcf7fb0e63b63dc9516cac96a5a
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3
473468217ead1283e1323626946cfbd17dd32b97b6d3022ac60793a8c84b8f81
58969d9e1827f49fce993aca79b6bbed95c3bc75dc6a8ea64d48741966a6c3b0
6b0ec7410e86a59e119320ae772477673bd1b97635e22c841c41db25382c4d30
81aa14acb204f43ed49a42e940da4f96b9fb62fd83d6eaa8f5c98fcba7222003
d1d96d5546da46bfd618f570fb86265991d41e04f153b028567a82292b73010f
e4cd954e8d18bf3066dc54c08246aad199d45fbed27b931a1b688b37d632ee6a
eaee1e4dd77680e5eb3ad89385db2a48837800b5d9c54f395a1913ea8eb42bff
f2b218e0d4cb2cafd88eb7a17f7800fe6048e464063a94715791d557cd24b735

waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net Open in urlscan Pro 108.141.226.231 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

73 %HTTPS

50 %IPv6

10 Domains

10 Subdomains

5 IPs

2 Countries

134 kBTransfer

130 kBSize

14 Cookies

0 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

14 Cookies

16 Console Messages

Indicators

waas-prod-app-04acd2b93d8694bdfae01c2586a87c84.trafficmanager.net Open in urlscan Pro
108.141.226.231 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

73 %
HTTPS

50 %
IPv6

10
Domains

10
Subdomains

5
IPs

2
Countries

134 kB
Transfer

130 kB
Size

14
Cookies

11 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!