31.42.186.42 Open in urlscan Pro
31.42.186.42 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://31.42.186.42/pay/60f0be612199a
Submission: On February 21 via api (February 21st 2022, 4:30:35 pm UTC) from NL — Scanned from NL

Summary HTTP 11 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 4 IPs in 3 countries across 2 domains to perform 11 HTTP transactions. The main IP is 31.42.186.42, located in Ukraine and belongs to YURTEH-AS, UA. The main domain is 31.42.186.42.
TLS certificate: Issued by R3 on February 21st 2022. Valid for: 3 months.

This is the only time 31.42.186.42 was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

	IP Address	AS Autonomous System
1	31.42.186.42 31.42.186.42	30860 (YURTEH-AS) (YURTEH-AS)
9	37.46.137.149 37.46.137.149	25151 (CYSO-AS) (CYSO-AS)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
11	4

1 31.42.186.42 (Ukraine)

ASN30860 (YURTEH-AS, UA)
PTR: ou0mt.cuisine-recette.best

31.42.186.42	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 37.46.137.149 (Netherlands)

ASN25151 (CYSO-AS, NL)
PTR: static.pay.nl

static.pay.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i1.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
9	pay.nl static.pay.nl — Cisco Umbrella Rank: 673810	16 KB
1	wp.com i1.wp.com — Cisco Umbrella Rank: 5444	14 KB
11	2

	Domain	Requested by
9	static.pay.nl	31.42.186.42
1	i1.wp.com	31.42.186.42
11	2

This site contains links to these domains. Also see Links.

Domain
www.digid.nl
mijn.digid.nl
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
functie-update.com R3	`2022-02-21` - `2022-05-22`	3 months	crt.sh
*.pay.nl Sectigo RSA Organization Validation Secure Server CA	`2021-08-04` - `2022-08-26`	a year	crt.sh
*.wp.com Sectigo RSA Domain Validation Secure Server CA	`2020-04-02` - `2022-07-05`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://31.42.186.42/pay/60f0be612199a
Frame ID: 5EB64C484FFB635447644FA98EB72CBC
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DigiD | HomeDigiD logoRijksoverheidACCOUNT@1xDigiD logoACCOUNT@1xDigiDDownload in de App StoreOntdek het op Google Play

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

Page Statistics

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

4
IPs

3
Countries

729 kB
Transfer

1277 kB
Size

1
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://www.digid.nl/
Title: homeDigiD logo

Search URL Search Domain Scan URL

URL: https://mijn.digid.nl/
Title: ACCOUNT@1xMijn DigiD

Search URL Search Domain Scan URL

URL: https://www.digid.nl/inlogmethodes
Title: Manieren van inloggen

Search URL Search Domain Scan URL

URL: https://www.digid.nl/voorkom-misbruik
Title: Voorkom misbruik

Search URL Search Domain Scan URL

URL: https://www.digid.nl/hulp
Title: Hulp & Contact

Search URL Search Domain Scan URL

URL: https://www.digid.nl/digid-aanvragen-activeren#hoe-activeer-ik-digid
Title: Hoe activeer ik Mijn DigiD?

Search URL Search Domain Scan URL

URL: https://www.digid.nl/digid-aanvragen-activeren#hoe-vraag-ik-digid-aan
Title: Hoe vraag ik een DigiD aan?

Search URL Search Domain Scan URL

URL: https://www.digid.nl/inlogmethodes/digid-app#activeren
Title: Hoe activeer ik de DigiD app?

Search URL Search Domain Scan URL

URL: https://www.digid.nl/digid-aanvragen-activeren/machtigen
Title: Hoe kan ik iemand machtigen?

Search URL Search Domain Scan URL

URL: https://www.digid.nl/voorkom-misbruik/misbruik-van-uw-gegevens
Title: Wat moet ik doen bij misbruik van mijn gegevens?

Search URL Search Domain Scan URL

URL: https://www.digid.nl/hulp-contact/foutmeldingen
Title: Wat moet ik doen bij een foutmelding?

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/us/app/digid/id1208460960?ls=1&mt=8
Title: .st-black{fill:#282828;} .st-white{fill:#FFFFFF;} Download in de App Store

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=nl.rijksoverheid.digid.pub
Title: .st-black{fill:#282828;} .st-white{fill:#FFFFFF;} .st2{fill:/*savepage-url=#SVGID_1_*/url();} .st3{fill:/*savepage-url=#SVGID_2_*/url();} .st4{fill:/*savepage-url=#SVGID_3_*/url();} .st5{fill:/*savepage-url=#SVGID_4_*/url();} .st6{opacity:0.2;enable-background:new ;} .st7{opacity:0.12;enable-background:new ;} .st8{opacity:0.25;fill:#FFFFFF;enable-background:new ;} .st9{fill:#FFFFFF;stroke:#FFFFFF;stroke-width:0.2;stroke-miterlimit:10;} Ontdek het op Google Play

Search URL Search Domain Scan URL

URL: https://www.digid.nl/wat-is-digid
Title: Wat is DigiD

Search URL Search Domain Scan URL

URL: https://www.digid.nl/contact
Title: Contact

Search URL Search Domain Scan URL

URL: https://www.digid.nl/voorkom-misbruik/tips-veiligheid
Title: Tips

Search URL Search Domain Scan URL

URL: https://www.digid.nl/voorkom-misbruik/phishing
Title: Phishing

Search URL Search Domain Scan URL

URL: https://www.digid.nl/wat-digid/wet-en-regelgeving
Title: Wet- en regelgeving

Search URL Search Domain Scan URL

URL: https://www.digid.nl/wat-digid/privacy
Title: Privacy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 60f0be612199a Show response
31.42.186.42/pay/ 881 KB
426 KB 155ms
58ms Document
text/html 31.42.186.42
YURTEH-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 31.42.186.42 , Ukraine, ASN30860 (YURTEH-AS, UA),
Reverse DNS: ou0mt.cuisine-recette.best
Software: Apache/2.4.18 (Ubuntu) /
Resource Hash: d8186aeb84757afd4b275b9feed286d34167a456484674e0426d45479a1c0903

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language: nl-NL,nl;q=0.9

Response headers

Date: Mon, 21 Feb 2022 16:30:29 GMT
Server: Apache/2.4.18 (Ubuntu)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Encoding: gzip
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET
DATA 200
OK truncated
/ 141 KB
141 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6785b1702209198b0a2ec8cb150d05e09cbc32523c01b12605c78fb4c5609358

Request headers

Referer
Origin: https://31.42.186.42
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
DATA 200
OK truncated
/ 600 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 567a8a3e2ec54bb65bacb37205bf822879784c33abe8a21f23e4632b11d99eaa

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
H/1.1 200
OK 1.png
static.pay.nl/ideal/banks/25x25/ 703 B
916 B 97ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/1.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 5805d4c4942b5589edc07b9229cacf9ca2d793a4c9c61e0e3e19237f6d56ac51

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 16:13:04 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:44 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "2bf-5847202661ee8"
Content-Length: 703
Content-Type: image/png

GET
H/1.1 200
OK 4.png
static.pay.nl/ideal/banks/25x25/ 1 KB
2 KB 96ms
13ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/4.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: d8c43cf67bc4e94b485b7bd7fee8f16f478fb917c29ba2773ffcc32862a4e806

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:23 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "530-5847201261c56"
Content-Length: 1328
Content-Type: image/png

GET
H/1.1 200
OK 2.png
static.pay.nl/ideal/banks/25x25/ 1 KB
2 KB 97ms
15ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/2.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: da54d12ab3a8a8470c6aec32293c7e3c10c48500f2b52dc1bb99ef784603f736

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:23 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "5d4-5847201261c56"
Content-Length: 1492
Content-Type: image/png

GET
H/1.1 200
OK 8.png
static.pay.nl/ideal/banks/25x25/ 2 KB
2 KB 96ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/8.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 730be6c6e9999218419e24f6495b323c3f8510acb65cb476668d08a4fd342e7e

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:23 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "6e5-5847201262bf6"
Content-Length: 1765
Content-Type: image/png

GET
H2 200 bunq-logo-transparante-achtergrond.png
i1.wp.com/www.privateshare.com/wp-content/uploads/2019/01/ 13 KB
14 KB 49ms
18ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i1.wp.com/www.privateshare.com/wp-content/uploads/2019/01/bunq-logo-transparante-achtergrond.png

Requested by

Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

9cc716ced99e06f73bde5b243e02d025c73b729dda7c3fcfe9dc3e53fef59542

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-nc: HIT ams 4
date: Mon, 21 Feb 2022 16:30:30 GMT
x-content-type-options: nosniff
last-modified: Fri, 20 Aug 2021 14:15:09 GMT
server: nginx
etag: "14057ebaac3e5cfa"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://www.privateshare.com/wp-content/uploads/2019/01/bunq-logo-transparante-achtergrond.png>; rel="canonical"
content-length: 13582
expires: Mon, 21 Aug 2023 02:15:09 GMT

GET
H/1.1 200
OK 12.png
static.pay.nl/ideal/banks/25x25/ 1003 B
1 KB 100ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/12.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 2f30dc1b8d8db553f85bef2af1add6954deb9e93749dc83b3cf8d55b2c74ad52

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:18 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "3eb-5847200d1cf2f"
Content-Length: 1003
Content-Type: image/png

GET
H/1.1 200
OK 5.png
static.pay.nl/ideal/banks/25x25/ 2 KB
2 KB 112ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/5.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: ede45d6058237d579eb8358a7dce12ecb368bf9c64ec8c88bc63780191dfa768

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:23 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "7df-5847201261c56"
Content-Length: 2015
Content-Type: image/png

GET
H/1.1 200
OK 10.png
static.pay.nl/ideal/banks/25x25/ 2 KB
2 KB 15ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/10.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 759b974dc8c1a7ac3ce2a56293aaedd6dbf5aca2d81bd710740ac6bd36b5224b

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:18 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "7b4-5847200d1bf8e"
Content-Length: 1972
Content-Type: image/png

GET
H/1.1 200
OK 11.png
static.pay.nl/ideal/banks/25x25/ 1 KB
1 KB 15ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/11.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 66b9c9c792f2654e1f35426e262f92b32d17dfef599e2e6e5ec6d23918125794

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 16:12:58 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:33 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "47d-5847201b2b4e4"
Content-Length: 1149
Content-Type: image/png

GET
H/1.1 200
OK 9.png
static.pay.nl/ideal/banks/25x25/ 3 KB
3 KB 15ms
14ms Image
image/png 37.46.137.149
CYSO-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.pay.nl/ideal/banks/25x25/9.png
Requested by: Host: 31.42.186.42
URL: https://31.42.186.42/pay/60f0be612199a
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 37.46.137.149 , Netherlands, ASN25151 (CYSO-AS, NL),
Reverse DNS: static.pay.nl
Software: Apache /
Resource Hash: 6520a26b35aa060ee4d4d20ccc7c5eeedbdaf8d75dc97832ef38ddb503b2ceab

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer: https://31.42.186.42/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date: Mon, 21 Feb 2022 15:58:26 GMT
Last-Modified: Tue, 19 Mar 2019 12:54:23 GMT
Server: Apache
Accept-Ranges: bytes
ETag: "c71-5847201262bf6"
Content-Length: 3185
Content-Type: image/png

GET
DATA 200
OK truncated
/ 63 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e198cd2049e0b399572e653fbd659c10dfe03cbf3e372960b1776cebf9c50fd0

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 132 KB
132 KB Font
application/octet-stream

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c857dae952d63106e3f04798dd093bb195f9a71cd9a10ed0f1e6e7e73d92c105

Request headers

Referer
Origin: https://31.42.186.42
Accept-Language: nl-NL,nl;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: application/octet-stream

GET
DATA 200
OK truncated
/ 32 KB
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: afe3985c011d7cbc5f6168a5c9d7b7a73e34777e562ea6e3b53d863f9bb38417

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

GET
DATA 200
OK truncated
/ 623 B
0 Image
image/jpeg

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 33f9674a4790d75dbf17f48da6ce41c37c73f334fc5345312cc03d885a70b2f5

Request headers

Accept-Language: nl-NL,nl;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type: image/jpeg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone function| savepage_ShadowLoader

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			31.42.186.42/	1969-12-31 23:59:59	Name: PHPSESSID Value: 40tu3885n3tg5nplrf9g5sdre3

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://31.42.186.42/pay/60f0be612199a(Line 1) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://31.42.186.42/pay/60f0be612199a(Line 1) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://31.42.186.42/pay/60f0be612199a(Line 1) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://31.42.186.42/pay/60f0be612199a(Line 1) Message: <link rel=preload> has an invalid `href` value
other	warning	URL: https://31.42.186.42/pay/60f0be612199a(Line 1) Message: <link rel=preload> has an invalid `href` value

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

i1.wp.com
static.pay.nl
192.0.77.2
31.42.186.42
37.46.137.149
2f30dc1b8d8db553f85bef2af1add6954deb9e93749dc83b3cf8d55b2c74ad52
33f9674a4790d75dbf17f48da6ce41c37c73f334fc5345312cc03d885a70b2f5
567a8a3e2ec54bb65bacb37205bf822879784c33abe8a21f23e4632b11d99eaa
5805d4c4942b5589edc07b9229cacf9ca2d793a4c9c61e0e3e19237f6d56ac51
6520a26b35aa060ee4d4d20ccc7c5eeedbdaf8d75dc97832ef38ddb503b2ceab
66b9c9c792f2654e1f35426e262f92b32d17dfef599e2e6e5ec6d23918125794
6785b1702209198b0a2ec8cb150d05e09cbc32523c01b12605c78fb4c5609358
730be6c6e9999218419e24f6495b323c3f8510acb65cb476668d08a4fd342e7e
759b974dc8c1a7ac3ce2a56293aaedd6dbf5aca2d81bd710740ac6bd36b5224b
9cc716ced99e06f73bde5b243e02d025c73b729dda7c3fcfe9dc3e53fef59542
afe3985c011d7cbc5f6168a5c9d7b7a73e34777e562ea6e3b53d863f9bb38417
c857dae952d63106e3f04798dd093bb195f9a71cd9a10ed0f1e6e7e73d92c105
d8186aeb84757afd4b275b9feed286d34167a456484674e0426d45479a1c0903
d8c43cf67bc4e94b485b7bd7fee8f16f478fb917c29ba2773ffcc32862a4e806
da54d12ab3a8a8470c6aec32293c7e3c10c48500f2b52dc1bb99ef784603f736
e198cd2049e0b399572e653fbd659c10dfe03cbf3e372960b1776cebf9c50fd0
ede45d6058237d579eb8358a7dce12ecb368bf9c64ec8c88bc63780191dfa768

31.42.186.42 Open in urlscan Pro 31.42.186.42 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

11 Requests

91 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

4 IPs

3 Countries

729 kBTransfer

1277 kBSize

1 Cookies

19 Outgoing links

Redirected requests

11 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

5 Console Messages

Indicators

31.42.186.42 Open in urlscan Pro
31.42.186.42 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

11
Requests

91 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

4
IPs

3
Countries

729 kB
Transfer

1277 kB
Size

1
Cookies

11 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!