https://wintersportdirect.nl/tsjechie/
185.108.112.123 · Signet B.V
Eindhoven, The Netherlands
6854 days
200 · 33.2s
Valid· E8, Let's Encrypt, US
COMPLETED
Domain Intelligence: wintersportdirect.nl
Scanned 2 times since Jun 18, 2026, 02:44 PM UTC
No KB/IOK detections were recorded for this scan.
travel · 7/19/2026
The page presents Wintersport Tsjechië branding on wintersportdirect.nl. While the domain appears legitimate as a Dutch travel site, the page design and content focus on skiing in the Czech Republic. No clear credential-phishing surfaces (no login form harvesting of user credentials on an impersonated brand). However, the page shows multiple external scripts and trackers, plus suspicious endpoints and a POST to wp-admin/admin-ajax.php, suggesting potential data collection or user interaction that could be abused. The combination of brand-aligned visuals with off-domain analytics endpoints warrants closer monitoring for potential first-party abuse or data leakage, though impersonation is not definitively demonstrated by the evidence provided.
Capture
Stages: 3
Canonical: Late Render (+3s)
Changed: No
Credential Signals
Forms: 3
Password fields: 0
Late-stage login UI: No
Resource Signals
Resources: 105
Hosts: 9
Domains: 8
Suspicious Endpoints
hxxps://wintersportdirect[.]nl/
hxxps://wintersportdirect[.]nl/tsjechie/select-country[]=157
hxxps://wintersportdirect[.]nl/tsjechie/#gf_1
No specific IOCs identified in source
The page is a real first-party site (wintersportdirect.nl) presenting Wintersport Tsjechië branding. However, the presence of numerous external trackers, analytics endpoints, and a POST flow to admin-ajax.php alongside an unusual landing page with country selector suggests potential data collection behavior that could be abused if misconfigured. There is no explicit credential phishing on this page, but the combination of tracking load and suspicious POST targets warrants monitoring for data leakage or misuse. Recommend ongoing monitoring and internal review of data collection endpoints; no definitive takedown action at this time, but flag for abuse review if user data exposure is observed.
Monitor