zonebeheerbnk.icu
Open in
urlscan Pro
31.214.141.21
Malicious Activity!
Public Scan
Effective URL: https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/
Submission: On March 30 via api from BE
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on March 30th 2020. Valid for: 3 months.
This is the only time zonebeheerbnk.icu was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rabobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 2a01:238:20a:... 2a01:238:20a:202:1077:: | 6724 (STRATO ST...) (STRATO STRATO AG) | |
1 8 | 31.214.141.21 31.214.141.21 | 197071 (ACTIVE-SE...) (ACTIVE-SERVERS active-servers.com) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:2a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
14 | 104.109.93.25 104.109.93.25 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
2 | 2a00:1450:400... 2a00:1450:4001:81b::200e | 15169 (GOOGLE) (GOOGLE) | |
25 | 5 |
ASN197071 (ACTIVE-SERVERS active-servers.com, DE)
PTR: vps-zap504315-1.zap-srv.com
zonebeheerbnk.icu |
ASN20940 (AKAMAI-ASN1, US)
PTR: a104-109-93-25.deploy.static.akamaitechnologies.com
www.rabobank.be |
ASN15169 (GOOGLE, US)
www.youtube-nocookie.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
rabobank.be
www.rabobank.be |
242 KB |
8 |
zonebeheerbnk.icu
1 redirects
zonebeheerbnk.icu |
121 KB |
2 |
youtube-nocookie.com
www.youtube-nocookie.com |
|
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
recupererenbeheer.eu
recupererenbeheer.eu |
231 B |
25 | 5 |
Domain | Requested by | |
---|---|---|
14 | www.rabobank.be |
zonebeheerbnk.icu
|
8 | zonebeheerbnk.icu |
1 redirects
zonebeheerbnk.icu
|
2 | www.youtube-nocookie.com |
zonebeheerbnk.icu
|
1 | code.jquery.com |
zonebeheerbnk.icu
|
1 | recupererenbeheer.eu | |
25 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rabobank.be |
nl-nl.facebook.com |
twitter.com |
www.linkedin.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
recupererenbeheer.eu Encryption Everywhere DV TLS CA - G1 |
2020-03-29 - 2021-03-29 |
a year | crt.sh |
zonebeheerbnk.icu Let's Encrypt Authority X3 |
2020-03-30 - 2020-06-28 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
www.rabobank.be DigiCert SHA2 Extended Validation Server CA |
2020-02-13 - 2021-02-17 |
a year | crt.sh |
*.google.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 3 frames:
Primary Page:
https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/
Frame ID: 4458E828D57E55BCF94E00E30F3B4462
Requests: 23 HTTP requests in this frame
Frame:
https://www.youtube-nocookie.com/embed/tyxyZhXCkWs?rel=0&controls=1&showinfo=1
Frame ID: ECF90FA8F2C9870D5CC00E92C6A8FAAF
Requests: 1 HTTP requests in this frame
Frame:
https://www.youtube-nocookie.com/embed/tyxyZhXCkWs?rel=0&controls=1&showinfo=1
Frame ID: 5B5F6527FB5421D6BB5C04A59369B47F
Requests: 1 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://recupererenbeheer.eu/?IvjPXESyHGr4AZDRp=ruK2HDhfvKI4RkoCeFQ Page URL
-
https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW
HTTP 301
https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ Page URL
Detected technologies
UNIX (Operating Systems) ExpandDetected patterns
- headers server /Unix/i
Apache (Web Servers) Expand
Detected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
46 Outgoing links
These are links going to different origins than the main page.
Title: Mijn rekeningen
Search URL Search Domain Scan URL
Title: Over ons
Search URL Search Domain Scan URL
Title: Rabo Spaarrekening
Search URL Search Domain Scan URL
Title: Rabo Plus Account
Search URL Search Domain Scan URL
Title: Rabo Junior Account
Search URL Search Domain Scan URL
Title: Rabo Gift Account
Search URL Search Domain Scan URL
Title: Rabo Termijnrekening
Search URL Search Domain Scan URL
Title: Rabo Zichtrekening
Search URL Search Domain Scan URL
Title: Vergelijk spaarrekeningen
Search URL Search Domain Scan URL
Title: Document Center
Search URL Search Domain Scan URL
Title: Veelgestelde vragen
Search URL Search Domain Scan URL
Title: ABC-banktermen
Search URL Search Domain Scan URL
Title: Essentiële spaardersinformatie
Search URL Search Domain Scan URL
Title: Veilig bankieren
Search URL Search Domain Scan URL
Title: Alles over de digipass
Search URL Search Domain Scan URL
Title: Kredietwaardigheid
Search URL Search Domain Scan URL
Title: Contacteer ons
Search URL Search Domain Scan URL
Title: Een klacht?
Search URL Search Domain Scan URL
Title: De spaarrekening van a tot z
Search URL Search Domain Scan URL
Title: Rente onder de loep
Search URL Search Domain Scan URL
Title: Psychologie van de spaarder
Search URL Search Domain Scan URL
Title: Erfeniskwesties
Search URL Search Domain Scan URL
Title: Meld u aan voor onze nieuwsbrief
Search URL Search Domain Scan URL
Title: Frida Deceunynck
Search URL Search Domain Scan URL
Title: Pascal Paepen
Search URL Search Domain Scan URL
Title: Claudia Hammond
Search URL Search Domain Scan URL
Title: Cédric Boitte
Search URL Search Domain Scan URL
Title: #sparen
Search URL Search Domain Scan URL
Title: #psychologie
Search URL Search Domain Scan URL
Title: #wetgeving
Search URL Search Domain Scan URL
Title: #kinderen
Search URL Search Domain Scan URL
Title: #fiscaliteit
Search URL Search Domain Scan URL
Title: #technologie
Search URL Search Domain Scan URL
Title: #erfenis
Search URL Search Domain Scan URL
Title: #veiligheid
Search URL Search Domain Scan URL
Title: #rabobank
Search URL Search Domain Scan URL
Title: #missie
Search URL Search Domain Scan URL
Title: Vraag een nieuwe digipass aan
Search URL Search Domain Scan URL
Title: Bekijk alle veelgestelde vragen over de digipass
Search URL Search Domain Scan URL
Title: Facebook
Search URL Search Domain Scan URL
Title: Twitter
Search URL Search Domain Scan URL
Title: Linkedin
Search URL Search Domain Scan URL
Title: Gebruiksvoorwaarden
Search URL Search Domain Scan URL
Title: Uw privacy
Search URL Search Domain Scan URL
Title: Cookies
Search URL Search Domain Scan URL
Title: Tarievenlijst (PDF)
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://recupererenbeheer.eu/?IvjPXESyHGr4AZDRp=ruK2HDhfvKI4RkoCeFQ Page URL
-
https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW
HTTP 301
https://zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
25 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
recupererenbeheer.eu/ |
129 B 231 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
/
zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ Redirect Chain
|
87 KB 16 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arm.css
zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ |
260 KB 38 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mxui.css
www.rabobank.be/apps/postlogin-be/mxclientsystem/mxui/ui/ |
97 KB 32 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
widgets.css
www.rabobank.be//apps/postlogin-be/widgets/ |
111 KB 11 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
lib.css
www.rabobank.be/apps/postlogin-be/resources/ |
111 KB 15 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
custom.css
www.rabobank.be/apps/postlogin-be/resources/ |
82 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-check-white-1.svg
www.rabobank.be/.resources/rabobank-be/webresources/img/common/ |
572 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-search.svg
www.rabobank.be/.resources/rabobank-be/webresources/img/common/ |
766 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-menu.svg
www.rabobank.be/.resources/rabobank-be/webresources/img/common/ |
557 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-logo.svg
www.rabobank.be/dam/jcr:3dd45014-2ce3-468c-b049-9df619452322/ |
20 KB 7 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login$digipass9_2.png
www.rabobank.be//apps/postlogin-be/img/ |
67 KB 68 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Login$Login_NavigationLayouts_Draft_BE_DP_Login_White.png
www.rabobank.be//apps/postlogin-be/img/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SandyP.png
www.rabobank.be/dam/jcr:c8e32a02-1f4b-4d9d-bad2-9ed83556e588/ |
31 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
IvyM.png
www.rabobank.be/dam/jcr:d58b9cfd-c29a-4cc3-a0da-32fbfc964a0a/ |
32 KB 34 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-cookies-white.svg
www.rabobank.be/.resources/rabobank-be/webresources/img/common/ |
1 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tyxyZhXCkWs
www.youtube-nocookie.com/embed/ Frame ECF9 |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tyxyZhXCkWs
www.youtube-nocookie.com/embed/ Frame 5B5F |
0 0 |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-arrow.svg
zonebeheerbnk.icu/img/common/ |
280 B 280 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-close.svg
zonebeheerbnk.icu/img/common/ |
280 B 280 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
rabobank-arrow.svg
www.rabobank.be/.resources/rabobank-be/webresources/img/common/ |
498 B 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myriadpro-regular-webfont.woff
zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myriadpro-bold-webfont.woff
zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
myriadpro-light-webfont.woff
zonebeheerbnk.icu/LGJCNZBNMZBMXYETYWOIEPODGJSLKAIOEUIFAKJW/ |
22 KB 22 KB |
Font
application/font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rabobank (Banking)4 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| $ function| jQuery0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
recupererenbeheer.eu
www.rabobank.be
www.youtube-nocookie.com
zonebeheerbnk.icu
104.109.93.25
2001:4de0:ac19::1:b:2a
2a00:1450:4001:81b::200e
2a01:238:20a:202:1077::
31.214.141.21
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
19c0d6d005d7f6e0f33367a8f754dcdd6cf1fb3dd16b57cc67583ea8f62955ea
271ffa3bae84eee178d662f27daafa41d099c47427f9b449e407982c6518c8e1
37b070b36e2e2acfd3f795f7b77821fd8caaf6918b9ce5037ddaa7b1b52231ad
4397d32e821e8562fa6a208393d1c47d9ee07d333c64b3e84e5ab92ee136c004
4ac5fd9f7108fd5b25abecbb873ef285554d5ab8ae5ba0d9e0cf863a4bee22d5
6342bffe43e2d8c9fab3503e7f2f0eb3b0d5c30a74c2c911a72993dd9e7c45ba
951ab1bb50fe72bd4586ae324af2e6444d8878983bd4b37db2badf1cc0804d78
9618bea1aa0ab34b3f3d9607a2071c920c29151168300f3ec977522c41959457
9b0b7e1ec2e1bde8dbf465142c65c35c2795fd95f5a7edacd091fe2b50aa8c76
a242bd104b336cb5312c363a96cef1e751c7b2c3b9b9de0991361d4afc5fdfa9
a775ab8993c591fc06434cba0ec5a296c9f62c60823cc551ae3db5229f4e334e
b44982e5d6f2f86337752c0217d792422ad4178266c29d02c067dc211bfb4368
b5022987c92f476c489a34d392f8dc8cae6b97971ac0be8dab712b2b75c7764b
b8266d9c9eefffb417e537eea269e2f69dac0a5a72dbf547227fdf6c2ec2e876
be94603a044553ba7d9395bda18a782bc7a3fff58a3ccb4a036c4c79f9b9c1b2
ca2ff25afe9ddd9667730a1b0b9a6cb908ec05436943ca1384402626990af959
e0681bb12732accf939d4ef05110c8ea201059937feb8a852713c3d5556ccd02
e150ec1939230da37fefb50a40d8766b38060db920f0823c387e57c8cceca676
e77cdbd21d8b7329c5261bc13752744951caef0009c1ef36e20ecc43183f7dd2
ed54449cd63ec194c3eaecbc5b634843a61dc32236efbbc24483c2a43a332a85
fb0bccc37a1e1032fb54e1cf8f7d8f3b316c38927388cc24dafceb5bae618336