web11565.web09.bero-webspace.de Open in urlscan Pro
45.82.121.115  Malicious Activity! Public Scan

Submitted URL: http://come.to/bankzaken
Effective URL: https://web11565.web09.bero-webspace.de/barotelli/
Submission: On August 28 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 4 domains to perform 29 HTTP transactions. The main IP is 45.82.121.115, located in Germany and belongs to SYNLINQ synlinq.de, DE. The main domain is web11565.web09.bero-webspace.de.
TLS certificate: Issued by R3 on August 28th 2023. Valid for: 3 months.
This is the only time web11565.web09.bero-webspace.de was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Rabobank (Banking)

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:20:... 13335 (CLOUDFLAR...)
3 45.82.121.115 44486 (SYNLINQ s...)
23 2a02:26f0:2c:... 20940 (AKAMAI-ASN1)
29 3
Apex Domain
Subdomains
Transfer
23 rabobank.nl
bankieren.rabobank.nl — Cisco Umbrella Rank: 54192
239 KB
3 bero-webspace.de
web11565.web09.bero-webspace.de
4 KB
1 come.to
come.to
833 B
0 Failed
function sub() { [native code] }. Failed
29 4
Domain Requested by
23 bankieren.rabobank.nl web11565.web09.bero-webspace.de
bankieren.rabobank.nl
3 web11565.web09.bero-webspace.de web11565.web09.bero-webspace.de
1 come.to 1 redirects
0 127.0.0.1 Failed web11565.web09.bero-webspace.de
29 4

This site contains links to these domains. Also see Links.

Domain
www.rabobank.nl
bankieren.rabobank.nl
Subject Issuer Validity Valid
web11565.web09.bero-webspace.de
R3
2023-08-28 -
2023-11-26
3 months crt.sh
bankieren.rabobank.nl
DigiCert SHA2 Extended Validation Server CA
2023-02-06 -
2024-02-05
a year crt.sh

This page contains 1 frames:

Primary Page: https://web11565.web09.bero-webspace.de/barotelli/
Frame ID: A87491C34CD4D7D0D95239628CBF2E51
Requests: 29 HTTP requests in this frame

Screenshot

Page Title

Rabo Internetbankieren - Rabobank

Page URL History Show full URLs

  1. http://come.to/bankzaken HTTP 302
    https://web11565.web09.bero-webspace.de/barotelli/ Page URL

Page Statistics

29
Requests

90 %
HTTPS

67 %
IPv6

4
Domains

4
Subdomains

3
IPs

2
Countries

243 kB
Transfer

487 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://come.to/bankzaken HTTP 302
    https://web11565.web09.bero-webspace.de/barotelli/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
web11565.web09.bero-webspace.de/barotelli/
Redirect Chain
  • http://come.to/bankzaken
  • https://web11565.web09.bero-webspace.de/barotelli/
13 KB
3 KB
Document
General
Full URL
https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.82.121.115 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS
web09.bero-host.de
Software
nginx / PHP/8.2.9 PleskLin
Resource Hash
6cedf63ac4a946713ed1e9e31eb5139c4b5dd2efe3046cbafe408090b4307607

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
3247
content-type
text/html; charset=UTF-8
date
Mon, 28 Aug 2023 17:21:57 GMT
server
nginx
vary
Accept-Encoding
x-powered-by
PHP/8.2.9 PleskLin

Redirect headers

CF-Cache-Status
DYNAMIC
CF-RAY
7fde3bc98a34047a-FRA
Cache-Control
no-store, no-cache, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Date
Mon, 28 Aug 2023 17:21:57 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Pragma
no-cache
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zccmjeEiLPxNrIuuxQlvndKMwhuiuLZfRYvmP3gcSM6%2BgJmr6Fu24E2QX%2B36345F7%2FNweDiLNFhGsmOMC%2FXjf93oz6ND7xcqxjp9fBhOt0931tN4D3nbQ9Z5nCLi9j96WIHyPEY%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
location
https://web11565.web09.bero-webspace.de/barotelli/
force-myriad.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/
121 B
777 B
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/force-myriad.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5480e455fe88ae27ac083954834e86fc1ccd392e9f37872a55c13e1fd23dfbac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-79"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=4091
accept-ranges
bytes
content-length
123
rass-proto.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/
124 KB
82 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/rass-proto.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9b203466564c4b1976d4b9b6e0ff6bd068c9e06582400c2dd4fcced198e793cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-1f189"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=5019
content-length
83147
www-extension.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/
28 KB
6 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4e08e0cc4968c0819dda436a0563971979e4b0dba65bb3e2d3345b9941b35af8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-710c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=4209
content-length
5206
default.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/
4 KB
2 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/default.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1cef08125614b1fee7983a9a2b136aa5245c077fc375c473ee31e77e705c6ace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-11ce"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=4179
content-length
1492
senses2-styling.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/
9 KB
3 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/senses2-styling.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c5c374ca89dcbf570b91bb370ad8af023531850f1ce4ef03c451ea3c22de47ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-24a4"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=5687
content-length
2161
rass-statics.esm.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/
0
0

common.js
web11565.web09.bero-webspace.de/dsc/web/
0
0
Script
General
Full URL
https://web11565.web09.bero-webspace.de/dsc/web/common.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.82.121.115 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS
web09.bero-host.de
Software
nginx /
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/barotelli/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
br
last-modified
Mon, 28 Aug 2023 09:11:10 GMT
server
nginx
etag
W/"328-603f8134e2904"
content-type
text/html
sfc-style.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/css/
109 KB
12 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/css/sfc-style.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
6b4a437f44672b422372b6ec653723a07b37886d064b0caa0658ddc9b7343131
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:40 GMT
etag
W/"64d15bf0-1b40b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=44
content-length
11601
default.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/
5 KB
2 KB
Stylesheet
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cd0681d2b6bf706a76cd2d531bca15306f22f293c2c8fbf697d698031d1577d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:08 GMT
etag
W/"64d15bd0-13c5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
text/css
cache-control
public, max-age=43
content-length
1627
rabobank_logo.png
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/
16 KB
16 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/rabobank_logo.png
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-3f53"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-type
image/png
cache-control
public, max-age=5534
accept-ranges
bytes
content-length
16211
grayed-out-vc-nl.png
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/
15 KB
16 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/grayed-out-vc-nl.png
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cf59560647e49f765aa01b63bff1950159fc806bc2e82bb6154393f6502a18e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-3bfa"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-type
image/png
cache-control
public, max-age=5448
accept-ranges
bytes
content-length
15354
brwcook.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/
2 KB
2 KB
Script
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/brwcook.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fb0bf7d0b22e40dc90eb2dea1495ccd5db62f96904874830d2eb095d9f6677ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:33 GMT
etag
W/"64e5c9fd-931"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=5526
content-length
923
brwfunc.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_15_0_2__202108271127/javascript/brw/
20 KB
8 KB
Script
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_15_0_2__202108271127/javascript/brw/brwfunc.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e888b1f3ebee4a9a65e67096001cd64a39fba872b8e9704ec7ecb2701d721504
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:33 GMT
etag
W/"64e5c9fd-50db"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=360
content-length
6972
device.min.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/
3 KB
2 KB
Script
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/device.min.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
eff979b9e48677d58bca83cbe1c830ed046b4bd567a2a03d8030981c6654bf2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-ce0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=6763
content-length
1143
rass-proto.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/
60 KB
13 KB
Script
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/rass-proto.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
753a93eaa809f45658d83b3b803f86355e9da47222ea058c8a28c30d728fdace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
W/"64e5c9fe-ee50"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=6978
content-length
12741
analyticsProxy.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/
0
0
Script
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/analyticsProxy.js
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

checkbox_off.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/
3 KB
1 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/checkbox_off.svg
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
472369804eed23e731261b2a4bdc6c454a9c31ca008c393d797b95160b14276b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-b90"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=4148
accept-ranges
bytes
content-length
768
icon_supercirkel_kruisje.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/
1 KB
1 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/icon_supercirkel_kruisje.svg
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
828129fe18f492866bcc822c9338af9244d4677404d899f80121dbfaccefe82d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-504"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=5479
accept-ranges
bytes
content-length
681
icon_supercirkel_vraagteken.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/
1 KB
1 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/icon_supercirkel_vraagteken.svg
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5bc5eedf7164055f5658a7c6129ff8886564713fe82cad2ed3d9f94f6308f5f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-54f"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=5512
accept-ranges
bytes
content-length
736
icon_supercirkel_pijl.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/
1 KB
1 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/icon_supercirkel_pijl.svg
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c0a3bbe501ee2ef2c8bc2031667bdc41d3f4d19e1715317d6a9ef924b0d39323
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/www-extension.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-4a6"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=4146
accept-ranges
bytes
content-length
648
fd5daa3f-a61a-4aed-93cd-54bc94bb59b6.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/
16 KB
17 KB
Font
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/fd5daa3f-a61a-4aed-93cd-54bc94bb59b6.woff2
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1a35e85545a55eb7a307543de45c5a73588d63d9b08fd571c22ae6ec1a2f78d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Origin
https://web11565.web09.bero-webspace.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:40 GMT
etag
"64d15bf0-4138"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
accept-ranges
bytes
content-length
16696
0b6110f9-6072-46b9-98af-7d09f7c895b8.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/
16 KB
17 KB
Font
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/0b6110f9-6072-46b9-98af-7d09f7c895b8.woff2
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2aa2c3139fe0f3233bbab4e43ef2885af045555933aef6570046e6df2f7f57f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Origin
https://web11565.web09.bero-webspace.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:08 GMT
etag
"64d15bd0-3fe4"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
accept-ranges
bytes
content-length
16356
eba438b3-9ab9-48ba-b1c5-610f83b38303.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/
16 KB
16 KB
Font
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/eba438b3-9ab9-48ba-b1c5-610f83b38303.woff2
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1a7a9cac93c013eb29540881bcbd9d36cefbfff632941ebfd4814449caec964d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Origin
https://web11565.web09.bero-webspace.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:40 GMT
etag
"64d15bf0-3f10"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
accept-ranges
bytes
content-length
16144
3b0f1c67-c2e4-4df6-976f-49d52e45aba1.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/
16 KB
17 KB
Font
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/3b0f1c67-c2e4-4df6-976f-49d52e45aba1.woff2
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
49be0df2d6bfe51dc29e0f5cebd2b99b6b1e4463c2d1250f1b1ae3ac36d0ce41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/default.css
Origin
https://web11565.web09.bero-webspace.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 07 Aug 2023 21:02:40 GMT
etag
"64d15bf0-3ff8"
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
x-frame-options
SAMEORIGIN
content-type
font/woff2
access-control-allow-origin
*
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
accept-ranges
bytes
content-length
16376
trans.gif
web11565.web09.bero-webspace.de/qsl/
808 B
808 B
Image
General
Full URL
https://web11565.web09.bero-webspace.de/qsl/trans.gif?data=MzAwMTA9YzQwYjMzYzExMTZlNDVkZWEzYTRkYTJmZTQ1N2UwODNfMTYzMTEyMzk3MTM5MSY0MDAyMD0lMkZiYXJvdGVsbGklMkYmNDAwMzA9MTYwMCY0MDA0MD0xMjAwJjQwMDUwPTE2MDAmNDAwNjA9MTIwMCY0MDA3MD1OZXRzY2FwZSY0MDA4MD1mYWxzZSY0MDA5MD1Nb3ppbGxhJjIwMTAwPTIzNCY0MDExMD0xMTEwJjQwMTIwPTUuMCUyMChXaW5kb3dzJTIwTlQlMjAxMC4wJTNCJTIwV2luNjQlM0IlMjB4NjQpJTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAoS0hUTUwlMkMlMjBsaWtlJTIwR2Vja28pJTIwQ2hyb21lJTJGMTE2LjAuNTg0NS4xMTAlMjBTYWZhcmklMkY1MzcuMzYmMjAxMzA9MTI4OTcmMjAxNDA9MTk4JjQwMTUwPVdpbjMyJjQwMTYwPU1vemlsbGElMkY1LjAlMjAoV2luZG93cyUyME5UJTIwMTAuMCUzQiUyMFdpbjY0JTNCJTIweDY0KSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwKEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvKSUyMENocm9tZSUyRjExNi4wLjU4NDUuMTEwJTIwU2FmYXJpJTJGNTM3LjM2JjQwMTcwPXRydWUmNDAyMDA9MDBGVTE0NFkxNzEwUlYxNDRXMTcwMVdEMTQ0VTE3MTFWRDE0NFUxNzAyWTFENDRYMTcxMlZGMTQ0WTE3MDNEVjE0NFkxNzA0WEwxNDRVMTcwNVlSMTQ0WDE3MDZYSDE0NFgxNzBCN1gxNDRVMTcxM1VSMTQ0WTE3MTRVMTRONFgxNzE1VU4xNDRZMTcxNlcxUjQ0VzE3MTdYUDE0NFcxNzA4VzE0UDRVMTcwOVcxTjQ0VjE3MUo4WDE0NFUxNyYyMDIxMD0mMzAyMjA9TW9uJTIwQXVnJTIwMjglMjAyMDIzJTIwMTklM0EyMSUzQTU3JTIwR01UJTJCMDIwMCUyMChDZW50cmFsJTIwRXVyb3BlYW4lMjBTdW1tZXIlMjBUaW1lKSYyMDIzMD1GYWxzZSY0MDI1MD1UT0RPJjQwMjYwPWVuLVVTJjIwMjcwPWh0dHBzJTNBJTJGJTJGYmFua2llcmVuLnJhYm9iYW5rLm5sJTJGcy10LWEtdC1pLWMlMkZtc3AlMkZhdXRoZW50aWNhdGlvbiUyRnYxJTJGcmFibyUyRnNhbSUyRnN0YXRpY2NvbnRlbnQlMkZ2cnNfMjE5Nzc3OSUyRm5ld2Rlc2lnbiUyRmltYWdlcyUyRnJhYm9iYW5rX2xvZ28ucG5nfDEyNHwxNDh8MCYyMDI3MD1odHRwcyUzQSUyRiUyRmJhbmtpZXJlbi5yYWJvYmFuay5ubCUyRnMtdC1hLXQtaS1jJTJGbXNwJTJGYXV0aGVudGljYXRpb24lMkZ2MSUyRnJhYm8lMkZzYW0lMkZzdGF0aWNjb250ZW50JTJGdnJzXzIxOTc3NzklMkZuZXdkZXNpZ24lMkZpbWFnZXMlMkZncmF5ZWQtb3V0LXZjLW5sLnBuZ3wyNTB8MjUwfDAmNDAyODA9MCYzMDI5MD0xJjQwMzAwPXVua25vd24mOTkzMjA9ZmFsc2UmMjAzMTA9aHR0cHMlM0EmNDAzMzA9dW5rbm93biY0MDM0MD1DaHJvbWUlMjBQREYlMjBQbHVnaW58Q2hyb21lJTIwUERGJTIwVmlld2VyfE5hdGl2ZSUyMENsaWVudCYyMDM1MD1nJTBDNCUzQ1YhWCUxNlAlMUY4NiUwMiUwQVclMEMlNUUlMDQzISUxMyUwNiUxNk8lMTUlM0Y3MSUxOSUwQVclMEMlNUUmMzAzNjA9MiYyMDM3MD0lMDRaJjIwMzgwPSUwNyU1QypjJTBBWCYyMDM5MD1mJTBFJTNGNyUwQSUwQiUwMlJXJTVFZTBHWSUwN1RQWWM3JTEzJTA5JTA1JTAzJTAxJTA5N2ElMTAlMEQlMDJXJTAyJTA4ZmtFNyUwN1QlMDYlNUNnYUVRJTAxUyUwNlRnJTJGJTA1JTIwRCUyNVAlMEYlMjQlMTAlMUUlMDNKJTA0VCUwMSUyNTYlMEEpQyUxNiU1RCUyNDIlMkYlMEEpQyUxNiU1RCUyRiUyNjIlMDUlMjZEJTFFSSUwMTclM0QlMTElMURXJTA1UCUxMTglM0YlMEElM0JVJTBCUSUxMTVnRiUwQSUwNVFWJTVDZ2IlNDAlMEQlMDJXUSUwODclNjAlMTclNUNSJTAzJTA3JTBCM2dDX1NSJTBEJTVFJTA5YiU0MCU1QiUwN1MlMDclNUVvZEclNUIlMEZTSSUyQyUyMyclMUUhUiUxRUklMkMlMjMnJTFFKkYlMDNGJTIzJTI0JTJGJTBBJTFCfiUxMHIlMDg0ITUlMDAlNUQlMUVaJTAzKiclMTUlMDdaJTBERyUwRTk3JTEzJTE0JTdEJTBFUCUxOCUyNDAlMTklMENTQlolMUQlM0UyJTFBJTBEWCUxRWYlMEUlM0Y3JTBBJTBCJTAyUlclNUVlMEdZJTA3VFBZYzclMTMlMDklMDUlMDMlMDElMDk3YSUxMCUwRCUwMlclMDIlMDhma0U3JTA3VCUwNiU1Q2dhRVElMDFTJTA2VGclMkYlMDUlMjBEJTI1UCUwRiUyNCUxMCUxRSUwM0olMDRUJTAxJTI1NiUwQSlDJTE2JTVELjIlMkYlMEElMUJDJTAwWCUwNCUyMiUyRiUzRiUwNlolMERSJTBBMyUzRCUwQSUwQlclMENWJTA4JTNBJTJGNyUwNlglMTdZJTA4JTI0NiUxOCUxNGUlMDElNUMlMDkqMEJYVFElMDYlMEVnYkclNUVTViUwMCUwOTMyRSUwOSUwMiUwNlRfMDZCJTVEJTAxJTA3JTA1VWUlMENHJTVFJTA1UyUwNF9lakFZJTA1JTVCJTA0JTExJTI1JTFCJTA0JTJGUyUwMEcuJTNFOCUwQSUwRVclMEVGJTA4KiUxMiUwMyUxQyU1RSUyQlElMTEqJTEyJTAzJTFDJTVFJTIwRSUwQyUyNSUxRCUwNCUxNEolMDFBJTA4MiUwMSUxMyUwOVIlMDdHJTExJTI0ISUwQSUwMUIlMDElNUQlMUYzMiUxMiUwREQlMUUlN0MlMDMlM0ElM0MlMTElMEZTJTBDJTE1JTAwMydWJTNBVyUwQ1ElMDIlM0JzJTI0JTBEVyUwNlAlMUYqJjIwNDAwPSUwNCU1Qm8lNjBEJTVCJTAwUyUwNFpmY0YmMjA0MTA9Jjk5NDIwPTVtVlN2aDZiJjEwNDMwPQ==
Requested by
Host: web11565.web09.bero-webspace.de
URL: https://web11565.web09.bero-webspace.de/barotelli/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
45.82.121.115 , Germany, ASN44486 (SYNLINQ synlinq.de, DE),
Reverse DNS
web09.bero-host.de
Software
nginx /
Resource Hash
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://web11565.web09.bero-webspace.de/barotelli/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
br
last-modified
Mon, 28 Aug 2023 09:11:10 GMT
server
nginx
etag
W/"328-603f8134e2904"
content-type
text/html
rabobank.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_7663984/newdesign/images/
6 KB
3 KB
Image
General
Full URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_7663984/newdesign/images/rabobank.svg
Requested by
Host: bankieren.rabobank.nl
URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/senses2-styling.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:2c::216:f249 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/senses2-styling.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date
Mon, 28 Aug 2023 17:21:57 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000
last-modified
Wed, 23 Aug 2023 08:57:34 GMT
etag
"64e5c9fe-18bb"
vary
Accept-Encoding
content-security-policy-report-only
default-src https://*.rabobank.nl https://*.rabobank.com http://127.0.0.1:37956 http://127.0.0.1:7070 http://127.0.0.1:5938 https://75vqvwol.filecdn.org https://www.google-analytics.com https://www.googletagmanager.com https://tags.tiqcdn.com https://d6tizftlrpuof.cloudfront.net https://w.usabilla.com https://api.usabilla.com https://*.cloud.es.io https://*.mypurecloud.de wss://*.mypurecloud.de https://*.split.io data: gap: nativebridge: blob: 'self' 'unsafe-inline' 'unsafe-eval'; report-uri /s-t-a-t-i-c/qslcsp
p3p
policyref="/rabo/w3c/p3p.xml", CP="OTI CURa ADMa OUR NOR BUS UNI COM NAV"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=4106
accept-ranges
bytes
content-length
2726
6772110673.png
127.0.0.1/
0
0

3719810740.png
127.0.0.1/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
bankieren.rabobank.nl
URL
https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/rass-statics.esm.js
Domain
127.0.0.1
URL
http://127.0.0.1:7070/6772110673.png
Domain
127.0.0.1
URL
http://127.0.0.1:37956/3719810740.png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Rabobank (Banking)

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| stopError function| getCookieList function| getCookie function| setCookie function| getCookieValue function| Cookie object| varDate string| varSCID string| varUserLanguage string| varDomain string| s object| expiryDate number| varJSver object| device object| RASS

2 Cookies

Domain/Path Name / Value
come.to/ Name: PHPSESSID
Value: lq44i387ca05d4l2b1nbpvepoe
bankieren.rabobank.nl/ Name: QPRDBANS
Value:

6 Console Messages

Source Level URL
Text
network error URL: https://web11565.web09.bero-webspace.de/dsc/web/common.js
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript error URL: https://web11565.web09.bero-webspace.de/barotelli/
Message:
Access to script at 'https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/rass-statics.esm.js' from origin 'https://web11565.web09.bero-webspace.de' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/rass-statics.esm.js
Message:
Failed to load resource: net::ERR_FAILED
security warning URL: https://web11565.web09.bero-webspace.de/barotelli/
Message:
Mixed Content: The page at 'https://web11565.web09.bero-webspace.de/barotelli/' was loaded over HTTPS, but requested an insecure element 'http://127.0.0.1:7070/6772110673.png'. This request was not upgraded to HTTPS because its URL's host is an IP address.
security warning URL: https://web11565.web09.bero-webspace.de/barotelli/
Message:
Mixed Content: The page at 'https://web11565.web09.bero-webspace.de/barotelli/' was loaded over HTTPS, but requested an insecure element 'http://127.0.0.1:37956/3719810740.png'. This request was not upgraded to HTTPS because its URL's host is an IP address.
network error URL: https://web11565.web09.bero-webspace.de/qsl/trans.gif?data=MzAwMTA9YzQwYjMzYzExMTZlNDVkZWEzYTRkYTJmZTQ1N2UwODNfMTYzMTEyMzk3MTM5MSY0MDAyMD0lMkZiYXJvdGVsbGklMkYmNDAwMzA9MTYwMCY0MDA0MD0xMjAwJjQwMDUwPTE2MDAmNDAwNjA9MTIwMCY0MDA3MD1OZXRzY2FwZSY0MDA4MD1mYWxzZSY0MDA5MD1Nb3ppbGxhJjIwMTAwPTIzNCY0MDExMD0xMTEwJjQwMTIwPTUuMCUyMChXaW5kb3dzJTIwTlQlMjAxMC4wJTNCJTIwV2luNjQlM0IlMjB4NjQpJTIwQXBwbGVXZWJLaXQlMkY1MzcuMzYlMjAoS0hUTUwlMkMlMjBsaWtlJTIwR2Vja28pJTIwQ2hyb21lJTJGMTE2LjAuNTg0NS4xMTAlMjBTYWZhcmklMkY1MzcuMzYmMjAxMzA9MTI4OTcmMjAxNDA9MTk4JjQwMTUwPVdpbjMyJjQwMTYwPU1vemlsbGElMkY1LjAlMjAoV2luZG93cyUyME5UJTIwMTAuMCUzQiUyMFdpbjY0JTNCJTIweDY0KSUyMEFwcGxlV2ViS2l0JTJGNTM3LjM2JTIwKEtIVE1MJTJDJTIwbGlrZSUyMEdlY2tvKSUyMENocm9tZSUyRjExNi4wLjU4NDUuMTEwJTIwU2FmYXJpJTJGNTM3LjM2JjQwMTcwPXRydWUmNDAyMDA9MDBGVTE0NFkxNzEwUlYxNDRXMTcwMVdEMTQ0VTE3MTFWRDE0NFUxNzAyWTFENDRYMTcxMlZGMTQ0WTE3MDNEVjE0NFkxNzA0WEwxNDRVMTcwNVlSMTQ0WDE3MDZYSDE0NFgxNzBCN1gxNDRVMTcxM1VSMTQ0WTE3MTRVMTRONFgxNzE1VU4xNDRZMTcxNlcxUjQ0VzE3MTdYUDE0NFcxNzA4VzE0UDRVMTcwOVcxTjQ0VjE3MUo4WDE0NFUxNyYyMDIxMD0mMzAyMjA9TW9uJTIwQXVnJTIwMjglMjAyMDIzJTIwMTklM0EyMSUzQTU3JTIwR01UJTJCMDIwMCUyMChDZW50cmFsJTIwRXVyb3BlYW4lMjBTdW1tZXIlMjBUaW1lKSYyMDIzMD1GYWxzZSY0MDI1MD1UT0RPJjQwMjYwPWVuLVVTJjIwMjcwPWh0dHBzJTNBJTJGJTJGYmFua2llcmVuLnJhYm9iYW5rLm5sJTJGcy10LWEtdC1pLWMlMkZtc3AlMkZhdXRoZW50aWNhdGlvbiUyRnYxJTJGcmFibyUyRnNhbSUyRnN0YXRpY2NvbnRlbnQlMkZ2cnNfMjE5Nzc3OSUyRm5ld2Rlc2lnbiUyRmltYWdlcyUyRnJhYm9iYW5rX2xvZ28ucG5nfDEyNHwxNDh8MCYyMDI3MD1odHRwcyUzQSUyRiUyRmJhbmtpZXJlbi5yYWJvYmFuay5ubCUyRnMtdC1hLXQtaS1jJTJGbXNwJTJGYXV0aGVudGljYXRpb24lMkZ2MSUyRnJhYm8lMkZzYW0lMkZzdGF0aWNjb250ZW50JTJGdnJzXzIxOTc3NzklMkZuZXdkZXNpZ24lMkZpbWFnZXMlMkZncmF5ZWQtb3V0LXZjLW5sLnBuZ3wyNTB8MjUwfDAmNDAyODA9MCYzMDI5MD0xJjQwMzAwPXVua25vd24mOTkzMjA9ZmFsc2UmMjAzMTA9aHR0cHMlM0EmNDAzMzA9dW5rbm93biY0MDM0MD1DaHJvbWUlMjBQREYlMjBQbHVnaW58Q2hyb21lJTIwUERGJTIwVmlld2VyfE5hdGl2ZSUyMENsaWVudCYyMDM1MD1nJTBDNCUzQ1YhWCUxNlAlMUY4NiUwMiUwQVclMEMlNUUlMDQzISUxMyUwNiUxNk8lMTUlM0Y3MSUxOSUwQVclMEMlNUUmMzAzNjA9MiYyMDM3MD0lMDRaJjIwMzgwPSUwNyU1QypjJTBBWCYyMDM5MD1mJTBFJTNGNyUwQSUwQiUwMlJXJTVFZTBHWSUwN1RQWWM3JTEzJTA5JTA1JTAzJTAxJTA5N2ElMTAlMEQlMDJXJTAyJTA4ZmtFNyUwN1QlMDYlNUNnYUVRJTAxUyUwNlRnJTJGJTA1JTIwRCUyNVAlMEYlMjQlMTAlMUUlMDNKJTA0VCUwMSUyNTYlMEEpQyUxNiU1RCUyNDIlMkYlMEEpQyUxNiU1RCUyRiUyNjIlMDUlMjZEJTFFSSUwMTclM0QlMTElMURXJTA1UCUxMTglM0YlMEElM0JVJTBCUSUxMTVnRiUwQSUwNVFWJTVDZ2IlNDAlMEQlMDJXUSUwODclNjAlMTclNUNSJTAzJTA3JTBCM2dDX1NSJTBEJTVFJTA5YiU0MCU1QiUwN1MlMDclNUVvZEclNUIlMEZTSSUyQyUyMyclMUUhUiUxRUklMkMlMjMnJTFFKkYlMDNGJTIzJTI0JTJGJTBBJTFCfiUxMHIlMDg0ITUlMDAlNUQlMUVaJTAzKiclMTUlMDdaJTBERyUwRTk3JTEzJTE0JTdEJTBFUCUxOCUyNDAlMTklMENTQlolMUQlM0UyJTFBJTBEWCUxRWYlMEUlM0Y3JTBBJTBCJTAyUlclNUVlMEdZJTA3VFBZYzclMTMlMDklMDUlMDMlMDElMDk3YSUxMCUwRCUwMlclMDIlMDhma0U3JTA3VCUwNiU1Q2dhRVElMDFTJTA2VGclMkYlMDUlMjBEJTI1UCUwRiUyNCUxMCUxRSUwM0olMDRUJTAxJTI1NiUwQSlDJTE2JTVELjIlMkYlMEElMUJDJTAwWCUwNCUyMiUyRiUzRiUwNlolMERSJTBBMyUzRCUwQSUwQlclMENWJTA4JTNBJTJGNyUwNlglMTdZJTA4JTI0NiUxOCUxNGUlMDElNUMlMDkqMEJYVFElMDYlMEVnYkclNUVTViUwMCUwOTMyRSUwOSUwMiUwNlRfMDZCJTVEJTAxJTA3JTA1VWUlMENHJTVFJTA1UyUwNF9lakFZJTA1JTVCJTA0JTExJTI1JTFCJTA0JTJGUyUwMEcuJTNFOCUwQSUwRVclMEVGJTA4KiUxMiUwMyUxQyU1RSUyQlElMTEqJTEyJTAzJTFDJTVFJTIwRSUwQyUyNSUxRCUwNCUxNEolMDFBJTA4MiUwMSUxMyUwOVIlMDdHJTExJTI0ISUwQSUwMUIlMDElNUQlMUYzMiUxMiUwREQlMUUlN0MlMDMlM0ElM0MlMTElMEZTJTBDJTE1JTAwMydWJTNBVyUwQ1ElMDIlM0JzJTI0JTBEVyUwNlAlMUYqJjIwNDAwPSUwNCU1Qm8lNjBEJTVCJTAwUyUwNFpmY0YmMjA0MTA9Jjk5NDIwPTVtVlN2aDZiJjEwNDMwPQ==
Message:
Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

127.0.0.1
bankieren.rabobank.nl
come.to
web11565.web09.bero-webspace.de
127.0.0.1
bankieren.rabobank.nl
2606:4700:20::ac43:4454
2a02:26f0:2c::216:f249
45.82.121.115
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72
1a35e85545a55eb7a307543de45c5a73588d63d9b08fd571c22ae6ec1a2f78d9
1a7a9cac93c013eb29540881bcbd9d36cefbfff632941ebfd4814449caec964d
1cef08125614b1fee7983a9a2b136aa5245c077fc375c473ee31e77e705c6ace
2aa2c3139fe0f3233bbab4e43ef2885af045555933aef6570046e6df2f7f57f3
472369804eed23e731261b2a4bdc6c454a9c31ca008c393d797b95160b14276b
49be0df2d6bfe51dc29e0f5cebd2b99b6b1e4463c2d1250f1b1ae3ac36d0ce41
4e08e0cc4968c0819dda436a0563971979e4b0dba65bb3e2d3345b9941b35af8
5480e455fe88ae27ac083954834e86fc1ccd392e9f37872a55c13e1fd23dfbac
5bc5eedf7164055f5658a7c6129ff8886564713fe82cad2ed3d9f94f6308f5f9
6b4a437f44672b422372b6ec653723a07b37886d064b0caa0658ddc9b7343131
6cedf63ac4a946713ed1e9e31eb5139c4b5dd2efe3046cbafe408090b4307607
753a93eaa809f45658d83b3b803f86355e9da47222ea058c8a28c30d728fdace
828129fe18f492866bcc822c9338af9244d4677404d899f80121dbfaccefe82d
9b203466564c4b1976d4b9b6e0ff6bd068c9e06582400c2dd4fcced198e793cc
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
c0a3bbe501ee2ef2c8bc2031667bdc41d3f4d19e1715317d6a9ef924b0d39323
c5c374ca89dcbf570b91bb370ad8af023531850f1ce4ef03c451ea3c22de47ae
cd0681d2b6bf706a76cd2d531bca15306f22f293c2c8fbf697d698031d1577d8
cf59560647e49f765aa01b63bff1950159fc806bc2e82bb6154393f6502a18e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e888b1f3ebee4a9a65e67096001cd64a39fba872b8e9704ec7ecb2701d721504
eff979b9e48677d58bca83cbe1c830ed046b4bd567a2a03d8030981c6654bf2f
fb0bf7d0b22e40dc90eb2dea1495ccd5db62f96904874830d2eb095d9f6677ed