iansomerhalderfan.com
Open in
urlscan Pro
69.65.12.59
Malicious Activity!
Public Scan
URL:
https://iansomerhalderfan.com/bbr/nrb.html
Submission: On December 20 via automatic, source openphish
Submission: On December 20 via automatic, source openphish
Summary
This website contacted 3 IPs
in 2 countries
across 2 domains to perform 28 HTTP transactions.
The main IP is 69.65.12.59, located in
Arlington Heights, United States and
belongs to ASN-GIGENET - GigeNET, US.
The main domain is iansomerhalderfan.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 18th 2018. Valid for: 3 months.
This is the only time iansomerhalderfan.com was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on October 18th 2018. Valid for: 3 months.
This is the only time iansomerhalderfan.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rabobank (Banking)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 4 | 69.65.12.59 69.65.12.59 | 32181 (ASN-GIGENET) (ASN-GIGENET - GigeNET) | |
| 22 | 2a02:26f0:10:... 2a02:26f0:10:286::3f8a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 2 | 2a02:26f0:10:... 2a02:26f0:10:291::3f8a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
| 28 | 3 |
4
69.65.12.59
(Arlington Heights, United States)
ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: top.fansitehost.com
ASN32181 (ASN-GIGENET - GigeNET, US)
PTR: top.fansitehost.com
| iansomerhalderfan.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 24 |
rabobank.nl
www.rabobank.nl |
227 KB |
| 4 |
iansomerhalderfan.com
iansomerhalderfan.com |
5 KB |
| 28 | 2 |
| Domain | Requested by | |
|---|---|---|
| 24 | www.rabobank.nl |
iansomerhalderfan.com
www.rabobank.nl |
| 4 | iansomerhalderfan.com |
iansomerhalderfan.com
|
| 28 | 2 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| iansomerhalderfan.com cPanel, Inc. Certification Authority |
2018-10-18 - 2019-01-16 |
3 months | crt.sh |
| rabobank.nl DigiCert SHA2 Extended Validation Server CA |
2018-07-31 - 2019-08-05 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://iansomerhalderfan.com/bbr/nrb.html
Frame ID: E24A36DE5DDE62B6BCE803EC2AEA43C1
Requests: 28 HTTP requests in this frame
Screenshot
Detected technologies
Nginx
(Web Servers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- script /jquery(?:\-|\.)([\d.]*\d)[^\/]*\.js/i
- script /jquery.*\.js/i
- env /^jQuery$/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
28 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
nrb.html
iansomerhalderfan.com/bbr/ |
21 KB 5 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
senses14.css
www.rabobank.nl/static/generic/css/ |
86 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webform.css
www.rabobank.nl/static/appls/webform/css/ |
54 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webform.js
www.rabobank.nl/static/appls/webform/js/ |
4 KB 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
colorbox.css
iansomerhalderfan.com/static/appls/webform/css/jquery/colorbox/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form-colorbox.css
iansomerhalderfan.com/static/appls/webform/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery-1.7.1.js
www.rabobank.nl/static/appls/webform/javascript/jquery/ |
92 KB 33 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
QuinityForms.js
www.rabobank.nl/static/appls/webform/javascript/ |
81 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Version3QuinityForms.js
www.rabobank.nl/static/appls/webform/javascript/ |
26 KB 6 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css-include.css
www.rabobank.nl/images/include/ |
360 B 497 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
webform-css.css
www.rabobank.nl/images/include/ |
14 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
generic-css.css
www.rabobank.nl/images/include/ |
35 KB 8 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
contactblok-lbs-css.css
www.rabobank.nl/images/include/ |
8 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
keuzehulpmodule-css.css
www.rabobank.nl/images/include/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mis-css.css
www.rabobank.nl/images/include/ |
2 KB 856 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
default.css
www.rabobank.nl/static/generic/font/myriad/ |
4 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
senses-icons.css
www.rabobank.nl/static/generic/font/icons/css/ |
13 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
androidbanner.css
www.rabobank.nl/static/generic/css/ |
1 KB 957 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ra_screen_portlets.css
www.rabobank.nl/static/generic/css/ |
93 KB 16 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
rabobank-logo.png
www.rabobank.nl/static/generic/css/images/s14/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
header_rightmenu-bg.png
www.rabobank.nl/static/generic/css/images/s14/ |
187 B 507 B |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
3b0f1c67-c2e4-4df6-976f-49d52e45aba1.woff2
www.rabobank.nl/static/generic/font/myriad/fonts/ |
16 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
0b6110f9-6072-46b9-98af-7d09f7c895b8.woff2
www.rabobank.nl/static/generic/font/myriad/fonts/ |
16 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
senses-icons.woff
www.rabobank.nl/static/generic/font/icons/assets/fonts/ |
23 KB 23 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
form-colorbox.css
iansomerhalderfan.com/static/appls/webform/css/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
e7e30ff2-3a95-49b0-bbf9-024f40ead426.woff2
www.rabobank.nl/static/generic/font/myriad/fonts/ |
16 KB 16 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Rabobank-icoon-alert-bold-32x32-RGB.svg
www.rabobank.nl/static/appls/webform/css/images/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
2cc3ff2f-19fe-458d-99da-2fb1acb43d81.woff2
www.rabobank.nl/static/generic/font/myriad/fonts/ |
16 KB 17 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rabobank (Banking)169 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onselectstart object| onselectionchange function| queueMicrotask object| Webform function| isNumber function| check function| $ function| jQuery object| qfs_dutchAreaCodes object| qfs_emptyString number| qfs_ONE_DAY function| qfs_hideElement function| qfs_showElement function| qfs_setVisibility function| qfs_isVisibleElement function| qfs_showOrHideElement function| qfs_enableDisableLabel function| qfs_enableDisableField function| qfs_enableDisableFieldWithoutResettingValue function| qfs_isVisible function| qfs_isChecked function| qfs_changeRadio function| qfs_isDateAA function| qfs_compareDatesAA function| qfs_compareDecimals function| qfs_elevenTest function| qfs_isValidBankAccountNumber function| qfs_isInternationalBankAccountNumber function| qfs_isBankIdentifierCode function| qfs_isBankAccountNr function| qfs_isInvestmentAccountNr function| qfs_isSofiNumber function| qfs_isANWBMemberNumber function| qfs_isBankAccountNrBE function| qfs_isNumericCode function| qfs_isBankAccountNrPayment function| qfs_isBankAccountNrNL function| qfs_isPostBankAccountNr function| qfs_isPositiveInteger function| qfs_isAirmilesAccountNr function| qfs_isLoyaltyProgramNumber function| qfs_isEmailAddressAA function| qfs_isPostalCodeAA function| qfs_isGermanPostalCode function| qfs_comparePostalCodesAA function| qfs_comparePostalCodes function| qfs_getWindowHeight function| qfs_getBodyHeight function| qfs_showInformationLayerLeftOfMousePointer function| qfs_showInformationLayerRightOfMousePointer function| qfs_hideInformationLayer function| qfs_positionLayerAtMousePointer function| qfs_isNumberLargerThan function| qfs_isNumberSmallerThan function| qfs_isNumberString function| qfs_isNumber function| qfs_isInteger function| qfs_isNumberBetween string| qfs_DATEFORMAT_DDMMYYYY string| qfs_DATEFORMAT_YYYYMMDD function| qfs_isDate function| qfs_formatDate function| qfs_isDateString function| qfs_createDateFields function| qfs_compareDates function| qfs_checkMonthDifferenceBetweenDates function| qfs_checkDayDifferenceBetweenDates function| qfs_isDateWorkday function| qfs_isDateWorkdayValue function| qfs_getFormElementType function| qfs_formChanged function| qfs_clearField function| qfs_resetField function| qfs_setFocus function| qfs_setFocusById function| qfs_setApplicable function| qfs_setVisible function| qfs_QuestionDisplayParameters object| qfs_questionDisplayParametersArray function| qfs_determineIndexInQuestionDisplayParametersArray function| qfs_shouldQuestionVisibilityBeChanged function| qfs_shouldQuestionInGroupVisibilityBeChanged function| qfs_showQuestion function| qfs_showQuestionInGroup function| qfs_showQuestionEditable function| qfs_showQuestionNotEditable function| qfs_changeStyleOfLabels function| qfs_emptyQuestion function| qfs_setActiveStyleClass function| qfs_setActiveStyleClassForElement function| qfs_addActiveStyleClassForElement function| qfs_removeActiveStyleClassForElement function| qfs_checkActiveStyleClassForElement function| qfs_showQuestions function| qfs_showErrorMessageAndFocus function| qfs_setErrorField function| qfs_checkRequired function| qfs_isDutchMoney function| qfs_isDecimalValue function| qfs_isDecimalValueUsingCommaAsDecimalSeparator function| qfs_isDecimalValueUsingDotAsDecimalSeparator function| qfs_formatDecimalValue function| qfs_isDutchLicencePlate function| qfs_isDutchLicencePlateMotor function| qfs_isDutchLicencePlateMoped function| qfs_isTimeUUMM function| qfs_compareTimesUUMM function| qfs_startsWith function| qfs_isDutchPhoneNumber function| qfs_trimString function| qfs_getElementType function| qfs_isButton function| qfs_disableButtons function| qfs_callSetIframeHeightIfNeeded function| qfs_toUpperCase function| qfs_toUpperCaseNormalizedSeparateByIncludingEnd function| qfs_toUpperCaseNormalizedSeparateBy function| qfs_toNormalizedSeparateBy function| qfs_stripEmptyStrings function| qfs_firstCharacterToUpperCase function| qfs_isBankAccountNrCZ function| qfs_isCzechPersonalIdNr function| qfs_isValidForXmlTagName function| qfs_isValidESRReferenceNumber function| qfs_isModulo10RekursivNumber function| qfs_determineModulo10RekursivCheckDigit function| qfs_isValidInsurancePlateLicenceNumber function| qfs_changeStyleOfErrorFieldLine function| createReportPopupWindow undefined| qfs_triggerQuestionObj undefined| qfs_ajaxFormDialogueActionsHelper function| qfs_submitForm function| qfs_goAction function| qfs_updateGeneralVerificationMessage function| qfs_updateValueValidationMessage function| qfs_updateValueVerificationMessage function| qfs_determineValueValidationStatus function| qfs_resetValueValidationStatus function| qfs_resetGeneralVerificationMessage function| qfs_resetValueVerificationMessages function| qfs_goActionCheckFormChanged function| qfs_goActionCheckInputs function| qfs_areAllRowsInvisible function| qfs_determineQuestionRows function| qfs_updateStyleOfQuestionRow function| qfs_changeStyleOfLabel function| qfs_changeGroupVisibility function| qfs_setFocusOnField function| qfs_goActionCheckInputsFormState function| qfs_performActions function| qfs_performActionInPopup function| qfs_getFormAction function| qfs_setFormAction function| qfs_performActionsAJAX function| qfs_performActionGenerateFormDocument function| qfs_GoToScreen function| qfs_emptyTextArea function| qfs_fillTextArea function| qfs_goActionResetForm function| qfs_cancelForm function| qfs_goDebugValuesScreen function| qfs_goDebugTriggersScreen function| qfs_goActionDebug function| qfs_printScreenXSLT function| qfs_printScreenPDF function| qfs_Upload function| qfs_createAjaxFormDialogueActionsHelper object| title undefined| steps0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| X-Content-Type-Options | nosniff |
| X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
iansomerhalderfan.com
www.rabobank.nl
2a02:26f0:10:286::3f8a
2a02:26f0:10:291::3f8a
69.65.12.59
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
102b686efc20bd509a2ce12b4502dfa6f1fbfe70d05ea2e321a6206f6ebac31c
1d22612c4975b63e22cde2ccd29dde16faa645eb9be2cc06e794ec19d0570faa
21f39b11597a656a9216a53fc36431c3574f54b26fbc7310f2178ce4da0885e2
2aa2c3139fe0f3233bbab4e43ef2885af045555933aef6570046e6df2f7f57f3
2b0fef228e67d16effbfae15c2f52b538d91b6b8509ada80c3230c5abfac2f9f
3e346be7547d43c5cd81c935d7e32cf69ba2018ba4ff5058d0de9d14de08930b
49be0df2d6bfe51dc29e0f5cebd2b99b6b1e4463c2d1250f1b1ae3ac36d0ce41
4dbba2be9bb99b3192ee293127cb103876e4b5bf66c2fede8a3f6678c242711e
5bec7983b0cdf1db385260644f18fe3a55cf4e0c1c7b3ad9b62f3b97a9e6c9a3
5f9b6f311ad13726aabfa36f319449541ab8da30f0f6c666d7529e1c9406132b
6211c17933c3688f72d1205370f8329b1308b7a2a0265eec73578d7b9e14bc34
733281090cc0b614f1b7d9ce7216288ecde1404bb7f9fb7bb6b884e68f1e4c46
8fd85e85c93a6cd1178f5405e75d0e4a38aca805ce7c15cef1970550592cc787
9978c7504f5d95149404fe19bfaed705f60cf3dacba5b2b1b6548d52a88c1e55
9cef13b2aa6388b2c17160384d07dfb5f30e77105a9c53698daf2f5e70a4abe5
b1775df59d89cc87e6cc75b449abb310874b77e4abc3c8e43c29a2eabc99e975
b950cb4e67566b74b5735d78ddbb650c000d04261dabc2217aece0dff8b0c1a2
bfcfea39ebd070e042356af77c4bc16b6170f2106744f1173c15c1fa1a243cce
c74deec42daeeec30e5c9583d77b2ce282983ee2db2beb2938fea69745846cef
c996f06dfd005edb2607f5c46e2c34f3f72eda6a9d9ae684743b50ec81759a76
d7412a7f2b1034a56a0ea978e47e3758b112cd716a9af0af3730f912fb342354
eaca77ee0452e44a5927da5db6d4c6ccb3602eb6045f8e8c2a3313410079fca6
ebdeade9ed962ec4ea328386825cbd7c81b4ca8ea062298162f6570f284e7655
f77f4ba6145eaa2c8c171ea95871ba20ccab18e1b36de5816a282a917c28eba4