rabo-verificatieproces.xyz
Open in
urlscan Pro
162.0.235.11
Malicious Activity!
Public Scan
Effective URL: https://rabo-verificatieproces.xyz/klanten/qsl_inloggen.do
Submission Tags: @andsyn1 phishing malicious Search All
Submission: On October 15 via api from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 15th 2020. Valid for: a year.
This is the only time rabo-verificatieproces.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Rabobank (Banking)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
3 14 | 162.0.235.11 162.0.235.11 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
2 | 2a02:26f0:f1:... 2a02:26f0:f1:29d::3f8a | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 3 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server293-3.web-hosting.com
rabo-verificatieproces.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
rabo-verificatieproces.xyz
3 redirects
rabo-verificatieproces.xyz |
133 KB |
2 |
rabobank.nl
www.rabobank.nl |
|
0 |
googleapis.com
Failed
ajax.googleapis.com Failed |
|
14 | 3 |
Domain | Requested by | |
---|---|---|
14 | rabo-verificatieproces.xyz |
3 redirects
rabo-verificatieproces.xyz
|
2 | www.rabobank.nl |
rabo-verificatieproces.xyz
|
0 | ajax.googleapis.com Failed |
rabo-verificatieproces.xyz
|
14 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
rabo-verificatieproces.xyz Sectigo RSA Domain Validation Secure Server CA |
2020-10-15 - 2021-10-15 |
a year | crt.sh |
rabobank.nl DigiCert SHA2 Extended Validation Server CA |
2020-06-15 - 2021-06-23 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://rabo-verificatieproces.xyz/klanten/qsl_inloggen.do
Frame ID: 45631A8FB6921B01FBE8AF6549E6F203
Requests: 15 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://rabo-verificatieproces.xyz/
HTTP 302
https://rabo-verificatieproces.xyz/klanten/qsl_inloggen.do Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
jQuery (JavaScript Libraries) Expand
Detected patterns
- script /jquery[.-]([\d.]*\d)[^/]*\.js/i
- script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
- script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://rabo-verificatieproces.xyz/
HTTP 302
https://rabo-verificatieproces.xyz/klanten/qsl_inloggen.do Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 7- https://rabo-verificatieproces.xyz/public/iznzg/js/jquery-3.3.1.min.js HTTP 302
- https://www.rabobank.nl/404
- https://rabo-verificatieproces.xyz/public/iznzg/js/jquery-3.3.1.min.js HTTP 302
- https://www.rabobank.nl/404
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
qsl_inloggen.do
rabo-verificatieproces.xyz/klanten/ Redirect Chain
|
9 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
rass-proto.css
rabo-verificatieproces.xyz/public/rabo/css/ |
125 KB 82 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-extension.css
rabo-verificatieproces.xyz/public/rabo/css/ |
29 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
default.css
rabo-verificatieproces.xyz/public/rabo/font/myriad/ |
4 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
nieuw.css
rabo-verificatieproces.xyz/public/rabo/css/ |
38 KB 10 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
rabo-verificatieproces.xyz/public/rabo/img/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
device.min.js
rabo-verificatieproces.xyz/public/rabo/js/ |
4 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asjrfkewqr8asdfqawqs.js
rabo-verificatieproces.xyz/public/rabo/js/ |
53 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404
www.rabobank.nl/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.10.0/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
404
www.rabobank.nl/ Redirect Chain
|
0 0 |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headersRedirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
6 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
checkbox_off.svg
rabo-verificatieproces.xyz/public/rabo/img/ |
3 KB 915 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_supercirkel_vraagteken.svg
rabo-verificatieproces.xyz/public/rabo/img/ |
1 KB 879 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon_supercirkel_pijl.svg
rabo-verificatieproces.xyz/public/rabo/img/ |
1 KB 791 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ajax.googleapis.com
- URL
- http://ajax.googleapis.com/ajax/libs/jquery/1.10.0/jquery.min.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Rabobank (Banking)12 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| device object| television number| str undefined| rassdatareknr undefined| rassdatapasnr object| RASS number| interval function| doAjax1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
rabo-verificatieproces.xyz/ | Name: PHPSESSID Value: 2dbcfca5dcf2cadbd4805fd902d8f995 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
rabo-verificatieproces.xyz
www.rabobank.nl
ajax.googleapis.com
162.0.235.11
2a02:26f0:f1:29d::3f8a
03caeff0f4235241611956eeb18dcbfabb8b67083208f00a0b0f92fbff9b28bd
1361e81984b190dfb362eff0ea3085da933c920b9aa7f1d03e9e1e3edef57b72
371c71f336b03274303fa3c053c01dd7b5212fd4ca0b3004e12fb20d7af7fc7c
78b1d46a862a96588bb753f16f808556e71d4c1b8787e5039c6dae93e35efeb7
7e0592a129bcc2306129ce09223cc49733bedbb5c5f8408d1edb50a25cecfbcf
890045b6b2690997d7e8e10551acbec69a33883b865f10984f8d90687fd9f8c9
bf8a9153607644dbb509749b81f55cd67870a42039b6437f57b840966f0857dc
ce93d77816d3e9bd5e95e0e33e30203894768abe472999948f065331d30c99fa
d903070fc7ed5f91fc72aaf604331e7088a29a4541c12d4b0f758a238f438c8e
e0ff6277a3bb127a93a7a29672c6616ec22aa5f8f0f5eb6a3585ede6ed31c870
ebbb77ec04d16f2d61c88bd8c90aa3a51b670b574fb9f5cadb0abe9bc515f84d
ee4dc08817f3e7d798f76f680fc55b0e4611efaf671ee6933bcae8d391a15c2d