web11565.web09.bero-webspace.de
Open in
urlscan Pro
45.82.121.115
Malicious Activity!
Public Scan
Effective URL: https://web11565.web09.bero-webspace.de/barotelli/
Submission: On August 28 via api from US — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 28th 2023. Valid for: 3 months.
This is the only time web11565.web09.bero-webspace.de was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rabobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:20:... 2606:4700:20::ac43:4454 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 45.82.121.115 45.82.121.115 | 44486 (SYNLINQ s...) (SYNLINQ synlinq.de) | |
23 | 2a02:26f0:2c:... 2a02:26f0:2c::216:f249 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
29 | 3 |
ASN44486 (SYNLINQ synlinq.de, DE)
PTR: web09.bero-host.de
web11565.web09.bero-webspace.de |
Apex Domain Subdomains |
Transfer | |
---|---|---|
23 |
rabobank.nl
bankieren.rabobank.nl — Cisco Umbrella Rank: 54192 |
239 KB |
3 |
bero-webspace.de
web11565.web09.bero-webspace.de |
4 KB |
1 |
come.to
1 redirects
come.to |
833 B |
0 |
Failed
function sub() { [native code] }. Failed |
|
29 | 4 |
Domain | Requested by | |
---|---|---|
23 | bankieren.rabobank.nl |
web11565.web09.bero-webspace.de
bankieren.rabobank.nl |
3 | web11565.web09.bero-webspace.de |
web11565.web09.bero-webspace.de
|
1 | come.to | 1 redirects |
0 | 127.0.0.1 Failed |
web11565.web09.bero-webspace.de
|
29 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.rabobank.nl |
bankieren.rabobank.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
web11565.web09.bero-webspace.de R3 |
2023-08-28 - 2023-11-26 |
3 months | crt.sh |
bankieren.rabobank.nl DigiCert SHA2 Extended Validation Server CA |
2023-02-06 - 2024-02-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://web11565.web09.bero-webspace.de/barotelli/
Frame ID: A87491C34CD4D7D0D95239628CBF2E51
Requests: 29 HTTP requests in this frame
Screenshot
Page Title
Rabo Internetbankieren - RabobankPage URL History Show full URLs
-
http://come.to/bankzaken
HTTP 302
https://web11565.web09.bero-webspace.de/barotelli/ Page URL
Page Statistics
11 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Title: NL
Search URL Search Domain Scan URL
Title: EN
Search URL Search Domain Scan URL
Title: Heeft u alleen eenRandom Reader? Klikhier om in te loggen met de Random Reader.
Search URL Search Domain Scan URL
Title: Help
Search URL Search Domain Scan URL
Title: Zo bankiert u veilig
Search URL Search Domain Scan URL
Title: Problemen met inloggen
Search URL Search Domain Scan URL
Title: Veel gestelde vragen over Rabo Scanner
Search URL Search Domain Scan URL
Title: Meer informatie over Rabo Scanner
Search URL Search Domain Scan URL
Title: Aanvragen Rabo Internetbankieren
Search URL Search Domain Scan URL
Title: Meer service
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://come.to/bankzaken
HTTP 302
https://web11565.web09.bero-webspace.de/barotelli/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
29 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
web11565.web09.bero-webspace.de/barotelli/ Redirect Chain
|
13 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
force-myriad.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/ |
121 B 777 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rass-proto.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/ |
124 KB 82 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-extension.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/ |
28 KB 6 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/fonts/myriad/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
senses2-styling.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/ |
9 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
rass-statics.esm.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js
web11565.web09.bero-webspace.de/dsc/web/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sfc-style.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/css/ |
109 KB 12 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.css
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/ |
5 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rabobank_logo.png
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
grayed-out-vc-nl.png
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/images/ |
15 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
brwcook.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
brwfunc.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_15_0_2__202108271127/javascript/brw/ |
20 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
device.min.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rass-proto.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/scripts/ |
60 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analyticsProxy.js
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/javascript/ |
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox_off.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_supercirkel_kruisje.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_supercirkel_vraagteken.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_supercirkel_pijl.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_2197779/newdesign/css/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fd5daa3f-a61a-4aed-93cd-54bc94bb59b6.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
0b6110f9-6072-46b9-98af-7d09f7c895b8.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
eba438b3-9ab9-48ba-b1c5-610f83b38303.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/ |
16 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
3b0f1c67-c2e4-4df6-976f-49d52e45aba1.woff2
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/fonts/myriad/files/ |
16 KB 17 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trans.gif
web11565.web09.bero-webspace.de/qsl/ |
808 B 808 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rabobank.svg
bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v1/rabo/sam/staticcontent/vrs_7663984/newdesign/images/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
6772110673.png
127.0.0.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
3719810740.png
127.0.0.1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- bankieren.rabobank.nl
- URL
- https://bankieren.rabobank.nl/s-t-a-t-i-c/msp/authentication/v2/vrs_7160144/assets/javascript/rass/rass-statics.esm.js
- Domain
- 127.0.0.1
- URL
- http://127.0.0.1:7070/6772110673.png
- Domain
- 127.0.0.1
- URL
- http://127.0.0.1:37956/3719810740.png
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rabobank (Banking)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| stopError function| getCookieList function| getCookie function| setCookie function| getCookieValue function| Cookie object| varDate string| varSCID string| varUserLanguage string| varDomain string| s object| expiryDate number| varJSver object| device object| RASS2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
come.to/ | Name: PHPSESSID Value: lq44i387ca05d4l2b1nbpvepoe |
|
bankieren.rabobank.nl/ | Name: QPRDBANS Value: |
6 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
127.0.0.1
bankieren.rabobank.nl
come.to
web11565.web09.bero-webspace.de
127.0.0.1
bankieren.rabobank.nl
2606:4700:20::ac43:4454
2a02:26f0:2c::216:f249
45.82.121.115
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72
1a35e85545a55eb7a307543de45c5a73588d63d9b08fd571c22ae6ec1a2f78d9
1a7a9cac93c013eb29540881bcbd9d36cefbfff632941ebfd4814449caec964d
1cef08125614b1fee7983a9a2b136aa5245c077fc375c473ee31e77e705c6ace
2aa2c3139fe0f3233bbab4e43ef2885af045555933aef6570046e6df2f7f57f3
472369804eed23e731261b2a4bdc6c454a9c31ca008c393d797b95160b14276b
49be0df2d6bfe51dc29e0f5cebd2b99b6b1e4463c2d1250f1b1ae3ac36d0ce41
4e08e0cc4968c0819dda436a0563971979e4b0dba65bb3e2d3345b9941b35af8
5480e455fe88ae27ac083954834e86fc1ccd392e9f37872a55c13e1fd23dfbac
5bc5eedf7164055f5658a7c6129ff8886564713fe82cad2ed3d9f94f6308f5f9
6b4a437f44672b422372b6ec653723a07b37886d064b0caa0658ddc9b7343131
6cedf63ac4a946713ed1e9e31eb5139c4b5dd2efe3046cbafe408090b4307607
753a93eaa809f45658d83b3b803f86355e9da47222ea058c8a28c30d728fdace
828129fe18f492866bcc822c9338af9244d4677404d899f80121dbfaccefe82d
9b203466564c4b1976d4b9b6e0ff6bd068c9e06582400c2dd4fcced198e793cc
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
c0a3bbe501ee2ef2c8bc2031667bdc41d3f4d19e1715317d6a9ef924b0d39323
c5c374ca89dcbf570b91bb370ad8af023531850f1ce4ef03c451ea3c22de47ae
cd0681d2b6bf706a76cd2d531bca15306f22f293c2c8fbf697d698031d1577d8
cf59560647e49f765aa01b63bff1950159fc806bc2e82bb6154393f6502a18e1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e888b1f3ebee4a9a65e67096001cd64a39fba872b8e9704ec7ecb2701d721504
eff979b9e48677d58bca83cbe1c830ed046b4bd567a2a03d8030981c6654bf2f
fb0bf7d0b22e40dc90eb2dea1495ccd5db62f96904874830d2eb095d9f6677ed