urlscan.io logo urlscan.io
SecurityTrails logo

szin.nl Open in urlscan Pro
78.40.143.117  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://szin.nl/
Submission: On January 29 via api from GB — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 3 HTTP transactions. The main IP is 78.40.143.117, located in Bulgaria and belongs to VESTITEL-AS, BG. The main domain is szin.nl.
TLS certificate: Issued by R3 on January 9th 2024. Valid for: 3 months.
This is the only time szin.nl was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: IRS (Government)

Domain & IP information

IP Address AS Autonomous System
1 78.40.143.117 39505 (VESTITEL-AS)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 2607:f8b0:400... 15169 (GOOGLE)
3 3
Apex Domain
Subdomains		 Transfer
1 googleusercontent.com
lh4.googleusercontent.com — Cisco Umbrella Rank: 658
206 KB
1 irs.gov
www.irs.gov — Cisco Umbrella Rank: 17489
2 KB
1 szin.nl
szin.nl
5 KB
3 3
Domain Requested by
1 lh4.googleusercontent.com szin.nl
1 www.irs.gov szin.nl
1 szin.nl
3 3

This site contains no links.

Subject Issuer Validity Valid
webmail.szin.nl
R3		 2024-01-09 -
2024-04-08		 3 months crt.sh
www.irs.gov
Entrust Certification Authority - L1F		 2023-09-26 -
2024-10-26		 a year crt.sh
*.googleusercontent.com
GTS CA 1C3		 2024-01-02 -
2024-03-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://szin.nl/
Frame ID: 4B8ED1B6EC6214F87F23CA6A6D85F8DC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

IRS Application PortalIRS Application Portal

Page Statistics

3
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

214 kB
Transfer

230 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
szin.nl/ 		19 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://szin.nl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
78.40.143.117 , Bulgaria, ASN39505 (VESTITEL-AS, BG),
Reverse DNS
Software
LiteSpeed / PHP/8.1.27
Resource Hash
01db081c6231035c821129e4cedd45f41f26d9bca929a3844424f4eae515d217

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 29 Jan 2024 13:31:46 GMT
server
LiteSpeed
vary
Accept-Encoding,User-Agent
x-powered-by
PHP/8.1.27
IRS-Logo.svg
www.irs.gov/themes/custom/pup_base/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.irs.gov/themes/custom/pup_base/IRS-Logo.svg
Requested by
Host: szin.nl
URL: https://szin.nl/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:1986::f50 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0f43618580dd31a8096effd969ca2af7e26ba8555ab8d732e5b32fe2ef8e8cf6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
en-US,en;q=0.9
Referer
https://szin.nl/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

expires
Tue, 30 Jan 2024 13:31:46 GMT
x-edgeconnect-origin-mex-latency
21
date
Mon, 29 Jan 2024 13:31:46 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
x-edgeconnect-midmile-rtt
1
x-age
742263
x-ah-environment
prod
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1706535106280_398664842_774212_15_4902_66_132_219";dur=1
content-length
1941
x-request-id
v-2af622aa-513a-11ee-baf6-9744598b0ab4
last-modified
Wed, 25 Oct 2023 14:34:30 GMT
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=86400
accept-ranges
bytes
x-cache-hits
11
slbyNOaBOTjuMVaQSZqFyq47pnNwURIRlORgx-Cp-m3UFTbBTAizPJFPk6s2R4kOpPZXv-N7ov0JwiAsxtGCX_9QS_x3ViWPb94JVVUCIRAZ983mhaCpnLS4V8ylqKI3yg=w642
lh4.googleusercontent.com/ 		206 KB
206 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://lh4.googleusercontent.com/slbyNOaBOTjuMVaQSZqFyq47pnNwURIRlORgx-Cp-m3UFTbBTAizPJFPk6s2R4kOpPZXv-N7ov0JwiAsxtGCX_9QS_x3ViWPb94JVVUCIRAZ983mhaCpnLS4V8ylqKI3yg=w642
Requested by
Host: szin.nl
URL: https://szin.nl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2001 Colchester, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
fife /
Resource Hash
35f764542c3428078c1f525920a2d95afdcb8674af6a9f97d347770c0a943985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://szin.nl/
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date
Mon, 29 Jan 2024 13:23:47 GMT
x-content-type-options
nosniff
age
479
content-disposition
inline;filename="Untitled.png"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
210913
x-xss-protection
0
server
fife
etag
"v1"
vary
Origin
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length
cache-control
public, max-age=86400, no-transform
timing-allow-origin
*
expires
Tue, 30 Jan 2024 13:23:47 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: IRS (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| hideLoadingScreen

0 Cookies