urlscan.io logo urlscan.io
SecurityTrails logo

darantaylor.com Open in urlscan Pro
147.135.152.220  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://darantaylor.com/FundsTransferConfirmation.html
Submission: On September 30 via automatic, source openphish — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 147.135.152.220, located in France and belongs to OVH, FR. The main domain is darantaylor.com.
TLS certificate: Issued by R3 on September 25th 2021. Valid for: 3 months.
This is the only time darantaylor.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: RAKBANK (Banking)

Domain & IP information

IP Address AS Autonomous System
11 147.135.152.220 16276 (OVH)
1 213.42.202.214 5384 (EMIRATES-...)
13 3
Apex Domain
Subdomains		 Transfer
11 darantaylor.com
darantaylor.com
22 KB
1 rakbank.ae
rakbank.ae
11 KB
0 payfort.com Failed
secure.payfort.com Failed
13 3
Domain Requested by
11 darantaylor.com darantaylor.com
1 rakbank.ae darantaylor.com
0 secure.payfort.com Failed darantaylor.com
13 3

This site contains links to these domains. Also see Links.

Domain
secure.payfort.com
Subject Issuer Validity Valid
darantaylor.com
R3		 2021-09-25 -
2021-12-24		 3 months crt.sh
rakbank.ae
DigiCert SHA2 Extended Validation Server CA		 2020-11-15 -
2021-12-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://darantaylor.com/FundsTransferConfirmation.html
Frame ID: 9AFBC0682A4AF05C4F93DAE172E98779
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Emirates NBD Security Update

Detected technologies

Overall confidence: 100%
Detected patterns
  • require.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

13
Requests

92 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

34 kB
Transfer

28 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request FundsTransferConfirmation.html
darantaylor.com/ 		22 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash
2a9d1767e7d067aae07e9607c7a87fededb9cd88844c82177afa0f41bc399146

Request headers

Host
darantaylor.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Last-Modified
Tue, 28 Sep 2021 10:39:28 GMT
Accept-Ranges
bytes
Content-Length
22522
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html
logo.png
rakbank.ae/wps/contenthandler/!ut/p/digest!3JKaotSk_gMd0aUfF0xN-w/war/rakbank/themes/RAKBankThemeStatic/themes/RAKBankTheme/conventional/img/ 		6 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rakbank.ae/wps/contenthandler/!ut/p/digest!3JKaotSk_gMd0aUfF0xN-w/war/rakbank/themes/RAKBankThemeStatic/themes/RAKBankTheme/conventional/img/logo.png
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
213.42.202.214 Dubai, United Arab Emirates, ASN5384 (EMIRATES-INTERNET Emirates Internet, AE),
Reverse DNS
Software
/
Resource Hash
72e49ecbfe2f576834af1e276b67517c9d49624895aad39c2ba2590352f53a16
Security Headers
Name Value
Content-Security-Policy img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://csi.gstatic.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.joinhoney.com https://cdn25.lemnisk.co data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://*.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://aax-eu.amazon-adsystem.com https://www.google.com;form-action 'self' https://*.rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report;
Strict-Transport-Security max-age=31536000; preload
X-Content-Security-Policy img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://csi.gstatic.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.joinhoney.com https://cdn25.lemnisk.co data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://*.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://aax-eu.amazon-adsystem.com https://www.google.com;form-action 'self' https://*.rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:57 GMT
X-Content-Type-Options
nosniff
Content-Location
/wps/contenthandler/!ut/p/digest!3JKaotSk_gMd0aUfF0xN-w/war/rakbank/themes/RAKBankThemeStatic/themes/RAKBankTheme/conventional/img/logo.png
X-Request-Digest
pO5jVZNY5m3-fJKckE97KQ
Connection
Keep-Alive
Content-Length
5767
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Expires
Fri, 30 Sep 2022 07:18:42 GMT
Last-Modified
Thu, 05 Aug 2021 09:52:58 GMT
X-Frame-Options
SAMEORIGIN
Expect-CT
enforce, max-age=86400
Strict-Transport-Security
max-age=31536000; preload
Content-Language
en-US
X-DataSource-Digest
3JKaotSk_gMd0aUfF0xN-w
Cache-Control
public,max-age=86400
Permissions-Policy
microphone=(),camera=()
Content-Security-Policy
img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://csi.gstatic.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.joinhoney.com https://cdn25.lemnisk.co data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://*.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://aax-eu.amazon-adsystem.com https://www.google.com;form-action 'self' https://*.rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report;
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=5, max=100
X-Content-Security-Policy
img-src 'self' https://maps.gstatic.com https://maps.googleapis.com https://www.google-analytics.com https://www.googletagmanager.com https://*.doubleclick.net https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://clients1.google.com https://cse.google.com https://*.gstatic.com https://*.googleapis.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://d5xydlzdo08s0.cloudfront.net https://www.linkedin.com https://*.ads.linkedin.com https://p.adsymptotic.com https://cdn.page-source.com https://pagead2.googlesyndication.com https://aax-eu.amazon-adsystem.com data:;connect-src 'self' https://www.google.com https://www.google.ae https://www.google.co.in https://www.google.co.uk https://www.google-analytics.com https://stats.g.doubleclick.net https://adservice.google.com https://www.facebook.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sport360.com https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://csi.gstatic.com;font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com http://fonts.googleapis.com https://cdn.joinhoney.com https://cdn25.lemnisk.co data:;object-src 'self';media-src 'self';child-src 'self' https://tools.euroland.com https://tools.eurolandir.com https://sport360.com https://*.doubleclick.net https://www.youtube.com https://connect.facebook.net https://cse.google.com https://www.googletagmanager.com https://platform.twitter.com https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co https://sandbox.api.mastercard.com https://api.mastercard.com https://stags.bluekai.com https://tags.bluekai.com https://tags.bkrtx.com/js/bk-coretag.js https://*.rakbankonline.ae https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://aax-eu.amazon-adsystem.com https://www.google.com;form-action 'self' https://*.rakbankonline.ae https://connect.facebook.net https://syndication.twitter.com https://*.vizury.com https://cdn25.vzeesp.com https://*.lemnisk.co;report-uri https://revamp.rakbank.ae/security/csp-report;
jquery-3.3.1.min.js
darantaylor.com/js/jquery.core/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/jquery.core/jquery-3.3.1.min.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
jquery-migrate-1.4.1.min.js
darantaylor.com/js/jquery.plugins/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/jquery.plugins/jquery-migrate-1.4.1.min.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Class.create.js
darantaylor.com/js/jquery.plugins/dependencies/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/jquery.plugins/dependencies/Class.create.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
jquery.jquery-encoder-0.1.0.min.js
darantaylor.com/js/jquery.plugins/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/jquery.plugins/jquery.jquery-encoder-0.1.0.min.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
required_fields.js
darantaylor.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/required_fields.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
form_validation.js
darantaylor.com/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/form_validation.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
Fp_inc.1.2.js
darantaylor.com/js/fp/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/fp/Fp_inc.1.2.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
base64_inc.js
darantaylor.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/base64_inc.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
wait_turn.gif
secure.payfort.com/images/ 		0
0
Fp_inc.1.2.js
darantaylor.com/js/fp/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/js/fp/Fp_inc.1.2.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
base64_inc.js
darantaylor.com/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://darantaylor.com/base64_inc.js
Requested by
Host: darantaylor.com
URL: https://darantaylor.com/FundsTransferConfirmation.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
147.135.152.220 , France, ASN16276 (OVH, FR),
Reverse DNS
smtp.mistywildflower.com
Software
Apache /
Resource Hash

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
darantaylor.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://darantaylor.com/FundsTransferConfirmation.html
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://darantaylor.com/FundsTransferConfirmation.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 30 Sep 2021 01:29:56 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
Content-Length
315
Content-Type
text/html; charset=iso-8859-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
secure.payfort.com
URL
https://secure.payfort.com/images/wait_turn.gif

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: RAKBANK (Banking)

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster undefined| ncolwaitwindow number| ncolwaitwindowopen function| ShowWaitMsg function| my_submitAndWait function| justWait function| close_ncol_wait function| trustHTML object| OGONE function| createHiddenInput number| js_version string| AlertMSG_109 string| AlertMSG_110 string| AlertMSG_173 string| AlertMSG_1205 string| AlertMSG_111 string| AlertERR_907 string| AlertERR_95 string| AlertERR_96 number| G_lsu function| my_valscript undefined| cvc_NbrFormFields string| arrcvc string| arrDispCVCFlag function| ClearForm

0 Cookies

11 Console Messages

Source Level URL
Text
network error URL: https://darantaylor.com/js/jquery.core/jquery-3.3.1.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://secure.payfort.com/images/wait_turn.gif
Message:
Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network error URL: https://darantaylor.com/js/jquery.plugins/jquery-migrate-1.4.1.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/jquery.plugins/dependencies/Class.create.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/jquery.plugins/jquery.jquery-encoder-0.1.0.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/required_fields.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/fp/Fp_inc.1.2.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/form_validation.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/base64_inc.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/js/fp/Fp_inc.1.2.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://darantaylor.com/base64_inc.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

darantaylor.com
rakbank.ae
secure.payfort.com
secure.payfort.com
147.135.152.220
213.42.202.214
2a9d1767e7d067aae07e9607c7a87fededb9cd88844c82177afa0f41bc399146
72e49ecbfe2f576834af1e276b67517c9d49624895aad39c2ba2590352f53a16