vorderings-bericht.org Open in urlscan Pro
190.123.44.105 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://vorderings-bericht.org/belastingdienst/nl/
Effective URL:
https://vorderings-bericht.org/belastingdienst/nl/
Submission: On April 03 via api (April 3rd 2024, 11:04:44 pm UTC) from US — Scanned from US

Summary HTTP 5 Redirects Links 54 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 190.123.44.105, located in Panama and belongs to Panamaserver.com, PA. The main domain is vorderings-bericht.org.
TLS certificate: Issued by R3 on March 22nd 2024. Valid for: 3 months.

This is the only time vorderings-bericht.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
2	190.123.44.105 190.123.44.105	52284 (Panamaser...) (Panamaserver.com)
1	2a04:9a01:100... 2a04:9a01:1002::33	34663 (ASBELASTI...) (ASBELASTINGDIENST)
2 2	2607:f8b0:400... 2607:f8b0:4006:817::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:81e::2004	15169 (GOOGLE) (GOOGLE)
5	4

2 190.123.44.105 (Panama)

ASN52284 (Panamaserver.com, PA)
PTR: cp64.panamaserver.com

vorderings-bericht.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:9a01:1002::33 (Netherlands)

ASN34663 (ASBELASTINGDIENST, NL)

www.belastingdienst.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:817::2001 (United States) 2 redirects

ASN15169 (GOOGLE, US)

s2.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81e::2004 (United States)

ASN15169 (GOOGLE, US)

t1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	gstatic.com t1.gstatic.com	1 KB
2	googleusercontent.com 2 redirects s2.googleusercontent.com — Cisco Umbrella Rank: 42852	342 B
2	vorderings-bericht.org vorderings-bericht.org	970 KB
1	belastingdienst.nl www.belastingdienst.nl — Cisco Umbrella Rank: 220971	19 KB
5	4

	Domain	Requested by
2	t1.gstatic.com
2	s2.googleusercontent.com	2 redirects
2	vorderings-bericht.org	vorderings-bericht.org
1	www.belastingdienst.nl	vorderings-bericht.org
5	4

This site contains links to these domains. Also see Links.

Domain
www.cjib.nl
www.facebook.com
twitter.com
www.linkedin.com
api.whatsapp.com

Subject Issuer	Validity	Valid
*.vorderings-bericht.org R3	`2024-03-22` - `2024-06-20`	3 months	crt.sh
www.belastingdienst.nl QuoVadis Europe SSL CA G2	`2023-05-22` - `2024-05-22`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://vorderings-bericht.org/belastingdienst/nl/
Frame ID: D4EBBF91B98FDDC453A9C19B69E9F6DE
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Belastingdienst Nederland |

Page URL History Show full URLs

http://vorderings-bericht.org/belastingdienst/nl/ HTTP 307
https://vorderings-bericht.org/belastingdienst/nl/ Page URL

Page Statistics

5
Requests

60 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1216 kB
Transfer

3295 kB
Size

0
Cookies

54 Outgoing links

These are links going to different origins than the main page.

URL: https://www.cjib.nl/
Title: Home

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.cjib.nl/direct-regelen/ik-wil-betalen

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.cjib.nl/direct-regelen/ik-wil-betalen

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.cjib.nl/direct-regelen/ik-wil-betalen

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=https://www.cjib.nl/direct-regelen/ik-wil-betalen

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/cookies
Title: Cookies

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/bescherming-persoonsgegevens
Title: Persoonsgegevens

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/proclaimer
Title: Proclaimer

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/archief
Title: Archief

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/sitemap
Title: Sitemap

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/kwetsbaarheid-melden
Title: Kwetsbaarheid melden

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/toegankelijkheid
Title: Toegankelijkheid

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/nl-b
Title: Nederlands (BE)

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/cs
Title: Čeština

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/da
Title: Dansk

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/de
Title: Deutsch

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/et
Title: Eesti keel

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/en
Title: English

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/es
Title: Español

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/el
Title: Ελληνικά

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/fr
Title: Français

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/hr
Title: Hrvatski

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/it
Title: Italiano

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/lv
Title: Latviešu valoda

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/lt
Title: Lietuvių

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/hu
Title: Magyar

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/pl
Title: Polski

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/pt
Title: Português

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/ro
Title: Română

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/sk
Title: Slovenčina

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/sl
Title: Slovenščina

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/fi
Title: Suomi

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/sv
Title: Svenska

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/verkeersboete
Title: Verkeersboete

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/premies-voor-uw-zorgverzekering
Title: Premies voor uw zorgverzekering

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/strafbeschikking
Title: Strafbeschikking

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/boete-opgelegd-door-de-rechter
Title: Boete opgelegd door de rechter

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/schadevergoedingsmaatregel
Title: Schadevergoeding

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/ontnemingsmaatregel
Title: Ontnemingsmaatregel

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/europese-boete
Title: Europese boete

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/legesveroordeling-huurcommissie-en-verwerking-van-persoonsgegevens
Title: Legesveroordeling Huurcommissie

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/transactievoorstel
Title: Transactievoorstel

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/aankondiging
Title: Overheidsincasso

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/bestuurlijke-boete
Title: Bestuurlijke boete

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/doorgeven-bestuurder-0
Title: Opgeven bestuurder

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/dwangsom
Title: Dwangsom

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/kosten-bestuursdwang
Title: Kosten bestuursdwang

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/maatregel-kostenverhaal
Title: Maatregel kostenverhaal

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/wat-doen-wij/bestuurlijke-boete
Title: Bestuurlijke boete

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/over-ons/hoe-werken-wij/verhuurderbijdrage-huurcommissie
Title: Verhuurderbijdrage

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/wat-doen-wij/dwangsom
Title: Dwangsom

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/wat-doen-wij/legesveroordeling-huurcommissie
Title: Legesveroordeling Huurcommissie

Search URL Search Domain Scan URL

URL: https://www.cjib.nl/wat-doen-wij/kosten-bestuursdwang
Title: Kosten bestuursdwang

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://vorderings-bericht.org/belastingdienst/nl/ HTTP 307
https://vorderings-bericht.org/belastingdienst/nl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14

https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

Request Chain 15

https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

5 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
vorderings-bericht.org/belastingdienst/nl/
Redirect Chain

http://vorderings-bericht.org/belastingdienst/nl/
https://vorderings-bericht.org/belastingdienst/nl/

3 MB
920 KB

847ms
82ms

Document
text/html

190.123.44.105
Panamaserver.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vorderings-bericht.org/belastingdienst/nl/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.123.44.105 , Panama, ASN52284 (Panamaserver.com, PA),
Reverse DNS: cp64.panamaserver.com
Software: nginx /
Resource Hash: 6bd0128934ba976666d250b066143ff5dc62aa058ed247e4ae838f6db235891a

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

content-encoding: gzip
content-type: text/html
date: Wed, 03 Apr 2024 23:04:38 GMT
last-modified: Sun, 24 Mar 2024 16:57:15 GMT
server: nginx
vary: Accept-Encoding

Redirect headers

Location: https://vorderings-bericht.org/belastingdienst/nl/
Non-Authoritative-Reason: HttpsUpgrades

GET
H/1.1 200
OK bld_logo.svg
www.belastingdienst.nl/bld-assets/bld/rhslogos/ 17 KB
19 KB 657ms
160ms Image
image/svg+xml 2a04:9a01:1002::33
ASBELASTINGDIENST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.belastingdienst.nl/bld-assets/bld/rhslogos/bld_logo.svg

Requested by

Host: vorderings-bericht.org
URL: https://vorderings-bericht.org/belastingdienst/nl/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2a04:9a01:1002::33 , Netherlands, ASN34663 (ASBELASTINGDIENST, NL),

Reverse DNS

Software

Resource Hash

24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e

Security Headers

Name	Value
Content-Security-Policy	default-src https://.belastingdienst.nl https://vinden.belastingdienst.nl https://.readspeaker.com; connect-src 'self' https://.belastingdienst.nl https://.optimizely.com https://.readspeaker.com https://.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://.belastingdienst.nl https://.cdn.optimizely.com https://secure.opinionlab.com https://.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://.belastingdienst.nl https://.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-ancestors 'self' https://.belastingdienst.nl https://.pagefreezer.com https://.pagefreezer.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://.readspeaker.com https://img.youtube.com data: https://.belastingdienst.nl blob: data: .abtasty.com; font-src 'self' https://.belastingdienst.nl blob: data: .abtasty.com; script-src 'self' https://.belastingdienst.nl https://cdn.optimizely.com https://.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: .abtasty.com ; style-src 'self' https://.belastingdienst.nl https://.readspeaker.com *.abtasty.com 'unsafe-inline'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block;

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://vorderings-bericht.org/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 03 Apr 2024 23:04:39 GMT
Content-Security-Policy: default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://*.optimizely.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://*.cdn.optimizely.com https://secure.opinionlab.com https://*.readspeaker.com https://www.anbi-instellingen.nl https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://n01d05.cumulus-cloud.com https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://cdn.optimizely.com https://*.readspeaker.com https://bdtm.containers.piwik.pro 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline'
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Last-Modified: Mon, 21 Aug 2023 07:08:12 GMT
ETag: "454b-603698a9b53a0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=80
Content-Length: 17739
X-XSS-Protection: 1; mode=block;

GET
DATA 200
OK truncated
/ 325 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8e1259c7006dfe0d19f6bcc4fc622c4ce555250e9924fa20cafbe137e64d72eb

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 75 KB
75 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

Referer
Origin: https://vorderings-bericht.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 68 KB
68 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

Referer
Origin: https://vorderings-bericht.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

GET
DATA 200
OK truncated
/ 29 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4ec0583dd05c9ae23e4f612829312af92f4b38961c0b1fbf53a266f20d4eb182

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H2 200 ideal-logo-1024.png
vorderings-bericht.org/www.ideal.nl/img/logo/ 51 KB
51 KB 100ms
99ms Image
image/png 190.123.44.105
Panamaserver.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vorderings-bericht.org/www.ideal.nl/img/logo/ideal-logo-1024.png
Requested by: Host: vorderings-bericht.org
URL: https://vorderings-bericht.org/belastingdienst/nl/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.123.44.105 , Panama, ASN52284 (Panamaserver.com, PA),
Reverse DNS: cp64.panamaserver.com
Software: nginx /
Resource Hash: 8c48b81b373e6dac8c9c39072db0ab401be309a8a2a4e2f032cb5d5f2017ae4c

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://vorderings-bericht.org/belastingdienst/nl/
accept-language: en-US,en;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Apr 2024 23:04:38 GMT
last-modified: Thu, 31 Aug 2023 15:59:26 GMT
server: nginx
accept-ranges: bytes
content-length: 51733
content-type: image/png

GET
DATA 200
OK truncated
/ 673 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c922548cfe09320db090d544611419072db72918c07a3588e8138bd474eb41d3

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 847 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ea24041f1bf773952f69e1e98082de62b89f24ca6b60b147f2f052b21e3b6861

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 686 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f325b8b3a6c772d7ebef4dea572c8da501e9c6ee286df0d96dfa49441258fd2f

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 85f028fadd26412f3ff050e58fab1c791a172e44f078db492c89bbb950053695

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc4b94fbd1ec10e1ed4e130d8c785c2f0f7a6dacee88c019d3d77782b86d43ba

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 2 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dc9b62c0c22ee9ed9efc6b63664e860df4979d42279d6d76d5720beec4c8b239

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 76cba8c616494b98ce3232bb080e8beef3583aa75368c65b5e121508f92bb6a4

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
DATA 200
OK truncated
/ 82 KB
82 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a

Request headers

Referer
Origin: https://vorderings-bericht.org
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type: font/woff

GET
H2

200

faviconV2
t1.gstatic.com/
Redirect Chain

https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

399 B
959 B

329ms
63ms

Other
image/png

2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

Protocol

Server

2607:f8b0:4006:81e::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://vorderings-bericht.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Wed, 03 Apr 2024 10:18:23 GMT
x-content-type-options: nosniff
age: 45976
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 399
x-xss-protection: 0
last-modified: Wed, 19 Jun 2019 07:23:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires: Wed, 10 Apr 2024 10:18:23 GMT

Redirect headers

date: Wed, 03 Apr 2024 23:04:39 GMT
x-content-type-options: nosniff
server: sffe
content-type: text/html; charset=UTF-8
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 338
x-xss-protection: 0
expires: Wed, 03 Apr 2024 23:34:39 GMT

GET
H2

200

faviconV2
t1.gstatic.com/
Redirect Chain

https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

399 B
464 B

67ms
66ms

Other
image/png

2607:f8b0:4006:81e::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

Protocol

Server

2607:f8b0:4006:81e::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://vorderings-bericht.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

date: Wed, 03 Apr 2024 10:18:23 GMT
x-content-type-options: nosniff
age: 45977
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 399
x-xss-protection: 0
last-modified: Wed, 19 Jun 2019 07:23:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
content-location: https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires: Wed, 10 Apr 2024 10:18:23 GMT

Redirect headers

date: Wed, 03 Apr 2024 23:04:39 GMT
x-content-type-options: nosniff
server: sffe
age: 1
content-type: text/html; charset=UTF-8
location: https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
cache-control: public, max-age=1800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 338
x-xss-protection: 0
expires: Wed, 03 Apr 2024 23:34:39 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

s2.googleusercontent.com
t1.gstatic.com
vorderings-bericht.org
www.belastingdienst.nl
190.123.44.105
2607:f8b0:4006:817::2001
2607:f8b0:4006:81e::2004
2a04:9a01:1002::33
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591
4ec0583dd05c9ae23e4f612829312af92f4b38961c0b1fbf53a266f20d4eb182
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
6bd0128934ba976666d250b066143ff5dc62aa058ed247e4ae838f6db235891a
76cba8c616494b98ce3232bb080e8beef3583aa75368c65b5e121508f92bb6a4
85f028fadd26412f3ff050e58fab1c791a172e44f078db492c89bbb950053695
8c48b81b373e6dac8c9c39072db0ab401be309a8a2a4e2f032cb5d5f2017ae4c
8e1259c7006dfe0d19f6bcc4fc622c4ce555250e9924fa20cafbe137e64d72eb
95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a
c922548cfe09320db090d544611419072db72918c07a3588e8138bd474eb41d3
dc4b94fbd1ec10e1ed4e130d8c785c2f0f7a6dacee88c019d3d77782b86d43ba
dc9b62c0c22ee9ed9efc6b63664e860df4979d42279d6d76d5720beec4c8b239
ea24041f1bf773952f69e1e98082de62b89f24ca6b60b147f2f052b21e3b6861
f325b8b3a6c772d7ebef4dea572c8da501e9c6ee286df0d96dfa49441258fd2f

vorderings-bericht.org Open in urlscan Pro 190.123.44.105 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

5 Requests

60 %HTTPS

75 %IPv6

4 Domains

4 Subdomains

4 IPs

3 Countries

1216 kBTransfer

3295 kBSize

0 Cookies

54 Outgoing links

Page URL History

Redirected requests

5 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

vorderings-bericht.org Open in urlscan Pro
190.123.44.105 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

5
Requests

60 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1216 kB
Transfer

3295 kB
Size

0
Cookies

5 HTTP transactions
12 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!