rainbow2021.org - urlscan.io

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2a06:98c1:3120::9, located in United States and belongs to CLOUDFLARENET, US. The main domain is rainbow2021.org.
TLS certificate: Issued by GTS CA 1P5 on January 25th 2024. Valid for: 3 months.

This is the only time rainbow2021.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Cembra (Banking)

Domain & IP information

	IP Address		AS Autonomous System
7	2a06:98c1:312... 2a06:98c1:3120::9		13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	1

7 2a06:98c1:3120::9 (United States)

ASN13335 (CLOUDFLARENET, US)

rainbow2021.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	rainbow2021.org rainbow2021.org	98 KB
7	1

	Domain	Requested by
7	rainbow2021.org	rainbow2021.org
7	1

This site contains no links.

Subject Issuer	Validity	Valid
rainbow2021.org GTS CA 1P5	`2024-01-25` - `2024-04-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://rainbow2021.org/wp-content/themes/log/web-tag/index.php
Frame ID: C5653317FA81AC84D2B6B383F76F6E87
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cembra Money Bank

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

98 kB
Transfer

107 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request index.php Show response rainbow2021.org/wp-content/themes/log/web-tag/	3 KB 1 KB	648ms 409ms	Document text/html	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `1447584f52e94daf8c2beda31c3ba15c573e437e0130c46ffebf1aeb620c3164` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 accept-language nl-NL,nl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cf-cache-status DYNAMIC cf-ray 84f2f1d3fc626fff-CDG content-encoding br content-type text/html; charset=UTF-8 date Fri, 02 Feb 2024 13:57:41 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XMmbVEnl629DEEnweFu%2FAV5UyR86rQ4dSQrSpj4hbOu%2Fo5jyXltdO3RMOGmPG%2F2DJaAY3qvCfJQEMSVz6sYgnqwiYEHk9%2FYFOqxoKm%2Fx2MftcnvOK7G1HosE%2Bw66m491npDLGxcKhp3YlEX7fsw%3D"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding
GET H2	200	zwa9.css rainbow2021.org/wp-content/themes/log/web-tag/files/css/	10 KB 3 KB	35ms 34ms	Stylesheet text/css	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/css/zwa9.css Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `906f39bd7d9a664f71de950adcc666ff37ae3461a30e2de30abb9d5aad0295a2` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rainbow2021.org/wp-content/themes/log/web-tag/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT content-encoding br cf-cache-status HIT last-modified Thu, 01 Feb 2024 17:23:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 13206 etag W/"2961-65bbd386-a50d0;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oDEYOLDERTd%2F1hrRsFCqTlNJwCSYLZ4NRdDOdfkxM23tNTNRCaGDEiqQ%2BbP91zQdYlzOptQBEubM7mMRBD6%2FFPteDZiSEgTi0m0g4DlMWxYR4zMQbLSXbzZOgYDnlzAAy1lYZyY7IcZNmNMs9Tk%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control public, max-age=43200 cf-ray 84f2f1d688e56fff-CDG alt-svc h3=":443"; ma=86400 expires Fri, 02 Feb 2024 22:17:35 GMT
GET H2	200	loading.gif rainbow2021.org/wp-content/themes/log/web-tag/files/media/	771 B 1 KB	37ms 37ms	Image image/gif	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/media/loading.gif Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rainbow2021.org/wp-content/themes/log/web-tag/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13206 alt-svc h3=":443"; ma=86400 content-length 771 last-modified Thu, 01 Feb 2024 17:23:18 GMT server cloudflare etag "303-65bbd386-a50de;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qf2UGMECXfAgIR4Kl2Rmr%2F49%2FdOmEnQOVTUN%2BSp8H2IDmURjUtjGi1bKtWUa26hXj0lQ3PJ%2FyGnNvb9eDm8yx4mPqD6gDkjKeq%2FY9RMcs%2FZs1bnRk5sHid1zkk69XEtpRDnyeI1JxcJVfGUluxM%3D"}],"group":"cf-nel","max_age":604800} content-type image/gif cache-control public, max-age=43200 accept-ranges bytes cf-ray 84f2f1d688f36fff-CDG expires Fri, 02 Feb 2024 22:17:35 GMT
GET H2	200	cembra-money-bank.jpg rainbow2021.org/wp-content/themes/log/web-tag/files/media/	16 KB 16 KB	38ms 38ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/media/cembra-money-bank.jpg Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `11c40bb68547fd1327303034cd0734ac6dc4d93ce529a5298297384674e3b9a6` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rainbow2021.org/wp-content/themes/log/web-tag/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 6968 alt-svc h3=":443"; ma=86400 content-length 15947 last-modified Thu, 01 Feb 2024 17:23:18 GMT server cloudflare etag "3e4b-65bbd386-a50d9;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VcBPefK6qwQGUibScCF4TwL5VzrBaRRhopVxCmS4ULlf3LT3ItXoz%2BnGK%2BBT7A7kD36XsboGVal4LPO%2B%2FrFBN5YAyK%2Fto5C5JxUs1y19qQq2CGKIUuTj4nJxo35oNHHV%2BQ%2BOUG%2FwaHdONTJ3Xe8%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 84f2f1d688ea6fff-CDG expires Fri, 02 Feb 2024 11:58:32 GMT
GET H2	200	haraka.js Show response rainbow2021.org/wp-content/themes/log/web-tag/files/js/	2 KB 1 KB	45ms 45ms	Script application/x-javascript	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/js/haraka.js Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/index.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `e6f817cf29a8944353918f33a69cf1c0cb1ea5d19b885035e0c53b23244ab95d` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rainbow2021.org/wp-content/themes/log/web-tag/index.php User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT content-encoding br cf-cache-status HIT last-modified Thu, 01 Feb 2024 17:23:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 13206 etag W/"949-65bbd386-a50d6;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qM4H3U%2FxrNg7AhO3%2BwOdxaqNhEk30pZSlI6G3jNw5MuJfmiKB4LUcCSzsGemNFAAMcRfIksy%2FJUkNIOOTbhaXWNC6vDAWdOa6EsCoC6PsfEolnUxS255ZBMqIc3VsToFPdq79cBVSnBpN%2BX5P4U%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-javascript cache-control public, max-age=43200 cf-ray 84f2f1d688ee6fff-CDG alt-svc h3=":443"; ma=86400 expires Fri, 02 Feb 2024 22:17:35 GMT
GET H2	200	eservice-login-background.jpg rainbow2021.org/wp-content/themes/log/web-tag/files/media/	34 KB 35 KB	34ms 34ms	Image image/jpeg	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/media/eservice-login-background.jpg Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/files/css/zwa9.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ed5c4f940fbb29ad6ea580e52d696b5badd28efa17ef068f0dda1f5c4026ca45` Request headers accept-language nl-NL,nl;q=0.9 Referer https://rainbow2021.org/wp-content/themes/log/web-tag/files/css/zwa9.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT cf-cache-status HIT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} age 13205 alt-svc h3=":443"; ma=86400 content-length 35045 last-modified Thu, 01 Feb 2024 17:23:18 GMT server cloudflare etag "88e5-65bbd386-a50dc;;;" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7UcQlWJwBGqTR8kB0weno8rfOhhArM6oSAIEiToNQOzwB3IjA9ngCuSDL5LrDb8w1eFCIb53FCO05dpFKhHRZ3H%2F%2FY1jHQNVPuTdMlffpIPFBZqxUdczAHfdyKyp6kJmJiQLZIYpJAXAha5Kpsg%3D"}],"group":"cf-nel","max_age":604800} content-type image/jpeg cache-control public, max-age=43200 accept-ranges bytes cf-ray 84f2f1d6b94d6fff-CDG expires Fri, 02 Feb 2024 22:17:36 GMT
GET H2	200	vistasansbook.ttf rainbow2021.org/wp-content/themes/log/web-tag/files/fonts/	41 KB 41 KB	35ms 35ms	Font application/x-font-ttf	2a06:98c1:3120::9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://rainbow2021.org/wp-content/themes/log/web-tag/files/fonts/vistasansbook.ttf Requested by Host: rainbow2021.org URL: https://rainbow2021.org/wp-content/themes/log/web-tag/files/css/zwa9.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a06:98c1:3120::9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `2cdf7b714b400e42976e625112e79c0b280551dcb7317859ece57f30608f3209` Request headers Referer https://rainbow2021.org/wp-content/themes/log/web-tag/files/css/zwa9.css Origin https://rainbow2021.org accept-language nl-NL,nl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36 Response headers date Fri, 02 Feb 2024 13:57:41 GMT cf-cache-status HIT last-modified Thu, 01 Feb 2024 17:23:18 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare age 13205 etag W/"a37c-65bbd386-a50d2;gz" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I%2FgoSVA6EFTOmnVBxd0PgZ1tsfM%2B2H7ExriUu9rKsSjrMOsc2PVxDZOiPjmDOTl4VoR%2B309E0DZgLHmPcJJ%2FaMZzT%2FGFN7tn61FV7ndS%2FwY%2BhOS5B0wuu890fSIhj2Lp5Nj63FxQ5bC0BimmxrI%3D"}],"group":"cf-nel","max_age":604800} content-type application/x-font-ttf cache-control public, max-age=43200 cf-ray 84f2f1d6c94e6fff-CDG alt-svc h3=":443"; ma=86400 expires Fri, 02 Feb 2024 22:17:36 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Cembra (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| maxLengthCheck function| addSlashes function| cardspace

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

rainbow2021.org
2a06:98c1:3120::9
11c40bb68547fd1327303034cd0734ac6dc4d93ce529a5298297384674e3b9a6
1447584f52e94daf8c2beda31c3ba15c573e437e0130c46ffebf1aeb620c3164
2cdf7b714b400e42976e625112e79c0b280551dcb7317859ece57f30608f3209
81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4
906f39bd7d9a664f71de950adcc666ff37ae3461a30e2de30abb9d5aad0295a2
e6f817cf29a8944353918f33a69cf1c0cb1ea5d19b885035e0c53b23244ab95d
ed5c4f940fbb29ad6ea580e52d696b5badd28efa17ef068f0dda1f5c4026ca45

rainbow2021.org Open in urlscan Pro 2a06:98c1:3120::9 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

7 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

98 kBTransfer

107 kBSize

0 Cookies

0 Outgoing links

Redirected requests

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

0 Cookies

Indicators

rainbow2021.org Open in urlscan Pro
2a06:98c1:3120::9 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

7
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

98 kB
Transfer

107 kB
Size

0
Cookies

7 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!