fibrofoods.nl Open in urlscan Pro
195.8.208.184 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Submission: On September 22 via automatic, source openphish (September 22nd 2017, 10:27:45 am UTC)

Summary HTTP 21 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 21 HTTP transactions. The main IP is 195.8.208.184, located in Netherlands and belongs to DUOCAST-AS, NL. The main domain is fibrofoods.nl.

This is the only time fibrofoods.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: SNS Bank (Banking)

Domain & IP information

	IP Address	AS Autonomous System
7	195.8.208.184 195.8.208.184	31477 (DUOCAST-AS) (DUOCAST-AS)
10	194.53.208.72 194.53.208.72	57090 (NL-DEVOLK...) (NL-DEVOLKSBANK)
21	3

7 195.8.208.184 (Netherlands)

ASN31477 (DUOCAST-AS, NL)
PTR: ns1.sohosted76.com

fibrofoods.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 194.53.208.72 (Hoofddorp, Netherlands)

ASN57090 (NL-DEVOLKSBANK, NL)
PTR: snsbank.nl

www.snsbank.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	snsbank.nl www.snsbank.nl	114 KB
7	fibrofoods.nl fibrofoods.nl	19 KB
21	2

	Domain	Requested by
10	www.snsbank.nl	fibrofoods.nl
7	fibrofoods.nl	fibrofoods.nl
21	2

This site contains no links.

Subject Issuer	Validity	Valid
www.snsbank.nl DigiCert SHA2 Extended Validation Server CA	`2017-07-12` - `2019-10-04`	2 years	crt.sh

This page contains 1 frames:

Primary Page: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Frame ID: 29066.1
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

IIS (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /IIS(?:\/([\d.]+))?/i

Page Statistics

21
Requests

48 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

132 kB
Transfer

684 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request index2.html Show response
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/ 29 KB
9 KB 33ms
32ms Document
text/html 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 97837378aebb72068f4c355ae90731d5e309c9d34e2f40caf566caa2e51cb80f

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Content-Encoding: gzip
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "5777793d8c33d31:0"
Vary: Accept-Encoding
Content-Type: text/html
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 9019

GET
H/1.1 200
OK service.css
www.snsbank.nl/static/snsbank/css/ 2 KB
648 B 26ms
26ms Stylesheet
text/css 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.snsbank.nl/static/snsbank/css/service.css

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

329c7d471efa50bafe7d187eef5f0dcd0bc2e72e83a521e2164084462fd48b14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "6dc-558ed09d4fcc0"
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 648
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sns.css
www.snsbank.nl/static/snsbank/css/ 329 KB
47 KB 33ms
33ms Stylesheet
text/css 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.snsbank.nl/static/snsbank/css/sns.css

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

0ce69655e0320e038d08261ae13ad33311d0c8ed9f3d3bf388229b930f83a78f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "522b8-558ed09d4fcc0"
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=95
Content-Length: 48191
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK redesign-overwrite.css
www.snsbank.nl/static/snsbank/css/ 280 KB
37 KB 25ms
25ms Stylesheet
text/css 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.snsbank.nl/static/snsbank/css/redesign-overwrite.css

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

31a073f4c087d94e1905c52a0d1e7ae977f0fe060d00f9cb43d3bbe914149a8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "4600a-558ed09d4fcc0"
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=98
Content-Length: 37604
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK logo-new.png
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 9 KB
9 KB 47ms
47ms Image
image/png 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/logo-new.png
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: d5d27f10326f3d3d4e4a81cdc6a252ee4d08f852a51077ce39f001184e1c3799

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "bb3b7e3d8c33d31:0"
Content-Type: image/png
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 9183

GET
H/1.1 200
OK questionmark.gif
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 455 B
455 B 52ms
52ms Image
image/gif 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/questionmark.gif
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 707baac5f93df5823794d7237ffc32af187ee847cf5293bc54b9235a79896176

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "e59d803d8c33d31:0"
Content-Type: image/gif
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 455

GET
H/1.1 200
OK print.css
www.snsbank.nl/static/snsbank/css/ 7 KB
2 KB 13ms
13ms Stylesheet
text/css 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.snsbank.nl/static/snsbank/css/print.css

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

2435424ba1aa073b79074b17fa3b33a0c1559a5e5146918305cb0a7a7d31dfe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Content-Encoding: gzip
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "1caf-558ed09d4fcc0"
Vary: Accept-Encoding
Connection: Keep-Alive
Content-Type: text/css
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=94
Content-Length: 1546
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK steps-red-one.png
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 214 B
214 B 46ms
46ms Image
image/png 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/steps-red-one.png
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 1abc4f66cab339fbe7eaecbc6c1e6bb3f155f88351eb786641819fc943d91c65

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "5e65853d8c33d31:0"
Content-Type: image/png
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 214

GET
H/1.1 200
OK steps-grey-two.png
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 239 B
239 B 63ms
63ms Image
image/png 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/steps-grey-two.png
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 9ab7c4eb4726e6189e29e5da00c918153c588a6864871849b6e62573418ab5ae

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "5e65853d8c33d31:0"
Content-Type: image/png
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 239

GET
H/1.1 200
OK a.gif
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 42 B
42 B 63ms
63ms Image
image/gif 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/a.gif
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "0e37b3d8c33d31:0"
Content-Type: image/gif
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 42

GET
H/1.1 200
OK blank.gif
fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/ 49 B
49 B 43ms
42ms Image
image/gif 195.8.208.184
DUOCAST-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/infos_fichiers/blank.gif
Requested by: Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
Protocol: HTTP/1.1
Server: 195.8.208.184 , Netherlands, ASN31477 (DUOCAST-AS, NL),
Reverse DNS: ns1.sohosted76.com
Software: Microsoft-IIS/8.5 /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Fri, 22 Sep 2017 10:19:14 GMT
Server: Microsoft-IIS/8.5
ETag: "0e37b3d8c33d31:0"
Content-Type: image/gif
Cache-Control: private
Accept-Ranges: bytes
Content-Length: 49

GET
H/1.1 200
OK bg-header.png
www.snsbank.nl/static/snsbank/img/restyle/ 95 B
95 B 16ms
16ms Image
image/png 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/img/restyle/bg-header.png

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

ba44836298224f421dfe8aa484a21d4046842843852bdfcff5344252a2afc879

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/redesign-overwrite.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "5f-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=93
Content-Length: 95
X-XSS-Protection: 1; mode=block

GET FSjoey.woff
www.snsbank.nl/static/snsbank/css/webfonts/ 0
0

GET
H/1.1 200
OK spritehome.png
www.snsbank.nl/static/snsbank/img/sprite/ 12 KB
12 KB 12ms
12ms Image
image/png 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/img/sprite/spritehome.png

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

e2524189428a78dc554d70c5fbd4b862dfe0c9e9cd91c5f91bf939ab34b4744f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/sns.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "312f-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=97
Content-Length: 12591
X-XSS-Protection: 1; mode=block

GET FSjoeyHeavy.woff
www.snsbank.nl/static/snsbank/css/webfonts/ 0
0

GET
H/1.1 200
OK arrow-large-right.gif
www.snsbank.nl/static/snsbank/img/hyperlinks/ 887 B
887 B 14ms
13ms Image
image/gif 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/img/hyperlinks/arrow-large-right.gif

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

19a7911f0766a3ecc7e33fd8162b5ce43d3df3dbfdc7ae13658f905dedcc0aa8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/sns.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "377-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/gif
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 887
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icn-arrow-primary-overwrite.png
www.snsbank.nl/static/snsbank/img/restyle/icons/ 176 B
176 B 18ms
17ms Image
image/png 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/img/restyle/icons/icn-arrow-primary-overwrite.png

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

f8c4e0e07fcc3199b7ae69f82e9781e43f41f8afb5001e9f981b55113897dff7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/redesign-overwrite.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "b0-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 176
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK icons-sdd13c5cbf3.png
www.snsbank.nl/static/snsbank/img/restyle/ 14 KB
14 KB 16ms
16ms Image
image/png 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/img/restyle/icons-sdd13c5cbf3.png

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

2927b062f3a00e2738eba57473e4bedb382aca7a61d2428284db447d5e94e2a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/redesign-overwrite.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "3841-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=96
Content-Length: 14401
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ui-bg_flat_75_ffffff_40x100.png
www.snsbank.nl/static/snsbank/jquery/ui/images/ 146 B
146 B 12ms
12ms Image
image/png 194.53.208.72
NL-DEVOLKSBANK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.snsbank.nl/static/snsbank/jquery/ui/images/ui-bg_flat_75_ffffff_40x100.png

Requested by

Host: fibrofoods.nl
URL: http://fibrofoods.nl/wp-content/plugins/akismet/views/mijnsns/a1ea7ff9ca7557740a269ff016062ebc/index2.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

194.53.208.72 Hoofddorp, Netherlands, ASN57090 (NL-DEVOLKSBANK, NL),

Reverse DNS

snsbank.nl

Software

Apache /

Resource Hash

fc152274ec0f5c18d9744ca5d2f65826da9ca776ae91e94b47b9c937db0f8ce7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.snsbank.nl/static/snsbank/css/sns.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/60.0.3112.113 Safari/537.36

Response headers

Date: Fri, 22 Sep 2017 10:27:34 GMT
Last-Modified: Mon, 11 Sep 2017 17:12:59 GMT
Server: Apache
ETag: "92-558ed09d4fcc0"
X-Frame-Options: SAMEORIGIN
Connection: Keep-Alive
Content-Type: image/png
Cache-Control: max-age=7200, must-revalidate
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=92
Content-Length: 146
X-XSS-Protection: 1; mode=block

GET FSjoey.ttf
www.snsbank.nl/static/snsbank/css/webfonts/ 0
0

GET FSjoeyHeavy.ttf
www.snsbank.nl/static/snsbank/css/webfonts/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.snsbank.nl
URL: https://www.snsbank.nl/static/snsbank/css/webfonts/FSjoey.woff

Domain: www.snsbank.nl
URL: https://www.snsbank.nl/static/snsbank/css/webfonts/FSjoeyHeavy.woff

Domain: www.snsbank.nl
URL: https://www.snsbank.nl/static/snsbank/css/webfonts/FSjoey.ttf

Domain: www.snsbank.nl
URL: https://www.snsbank.nl/static/snsbank/css/webfonts/FSjoeyHeavy.ttf

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: SNS Bank (Banking)

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fibrofoods.nl
www.snsbank.nl
www.snsbank.nl
194.53.208.72
195.8.208.184
0ce69655e0320e038d08261ae13ad33311d0c8ed9f3d3bf388229b930f83a78f
19a7911f0766a3ecc7e33fd8162b5ce43d3df3dbfdc7ae13658f905dedcc0aa8
1abc4f66cab339fbe7eaecbc6c1e6bb3f155f88351eb786641819fc943d91c65
2435424ba1aa073b79074b17fa3b33a0c1559a5e5146918305cb0a7a7d31dfe3
2927b062f3a00e2738eba57473e4bedb382aca7a61d2428284db447d5e94e2a4
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31a073f4c087d94e1905c52a0d1e7ae977f0fe060d00f9cb43d3bbe914149a8c
329c7d471efa50bafe7d187eef5f0dcd0bc2e72e83a521e2164084462fd48b14
707baac5f93df5823794d7237ffc32af187ee847cf5293bc54b9235a79896176
97837378aebb72068f4c355ae90731d5e309c9d34e2f40caf566caa2e51cb80f
9ab7c4eb4726e6189e29e5da00c918153c588a6864871849b6e62573418ab5ae
ba44836298224f421dfe8aa484a21d4046842843852bdfcff5344252a2afc879
d5d27f10326f3d3d4e4a81cdc6a252ee4d08f852a51077ce39f001184e1c3799
e2524189428a78dc554d70c5fbd4b862dfe0c9e9cd91c5f91bf939ab34b4744f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8c4e0e07fcc3199b7ae69f82e9781e43f41f8afb5001e9f981b55113897dff7
fc152274ec0f5c18d9744ca5d2f65826da9ca776ae91e94b47b9c937db0f8ce7

fibrofoods.nl Open in urlscan Pro 195.8.208.184 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

21 Requests

48 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

3 IPs

1 Countries

132 kBTransfer

684 kBSize

0 Cookies

0 Outgoing links

Redirected requests

21 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

0 JavaScript Global Variables

0 Cookies

Indicators

fibrofoods.nl Open in urlscan Pro
195.8.208.184 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

21
Requests

48 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

132 kB
Transfer

684 kB
Size

0
Cookies

21 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!