berichtbox-nl.com Open in urlscan Pro
2606:4700:3035::6815:1bb2 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://geduldeven-wachten.com/
Effective URL:
https://berichtbox-nl.com/
Submission Tags: falconsandbox
Submission: On January 20 via api (January 20th 2022, 1:51:44 pm UTC) from US — Scanned from DE

Summary HTTP 18 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 18 HTTP transactions. The main IP is 2606:4700:3035::6815:1bb2, located in United States and belongs to CLOUDFLARENET, US. The main domain is berichtbox-nl.com.
TLS certificate: Issued by E1 on January 20th 2022. Valid for: 3 months.

This is the only time berichtbox-nl.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic (Online)

Domain & IP information

	IP Address	AS Autonomous System
1	78.40.143.21 78.40.143.21	201133 (VERDINA) (VERDINA)
1 1	54.83.52.76 54.83.52.76	14618 (AMAZON-AES) (AMAZON-AES)
17	2606:4700:303... 2606:4700:3035::6815:1bb2	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	2

1 78.40.143.21 (Bulgaria)

ASN201133 (VERDINA, BZ)

geduldeven-wachten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.83.52.76 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-52-76.compute-1.amazonaws.com

bit.do	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2606:4700:3035::6815:1bb2 (United States)

ASN13335 (CLOUDFLARENET, US)

berichtbox-nl.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	berichtbox-nl.com berichtbox-nl.com	248 KB
1	bit.do 1 redirects bit.do — Cisco Umbrella Rank: 197725	105 B
1	geduldeven-wachten.com geduldeven-wachten.com	367 B
18	3

	Domain	Requested by
17	berichtbox-nl.com	berichtbox-nl.com
1	bit.do	1 redirects
1	geduldeven-wachten.com
18	3

This site contains no links.

Subject Issuer	Validity	Valid
www.geduldeven-wachten.com Sectigo RSA Domain Validation Secure Server CA	`2022-01-20` - `2023-01-20`	a year	crt.sh
*.berichtbox-nl.com E1	`2022-01-20` - `2022-04-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://berichtbox-nl.com/
Frame ID: 46C89FCFF4A906E35D7DFE50EA55FD9E
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Mijn Overheid | Belastingdienst

Page URL History Show full URLs

https://geduldeven-wachten.com/ Page URL
https://bit.do/mijnoverh HTTP 301
https://berichtbox-nl.com/ Page URL

Page Statistics

18
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

248 kB
Transfer

590 kB
Size

0
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://geduldeven-wachten.com/ Page URL
https://bit.do/mijnoverh HTTP 301
https://berichtbox-nl.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response geduldeven-wachten.com/	123 B 367 B	458ms 149ms	Document text/html	78.40.143.21 VERDINA
General Check archive.org Show headers Download Go to Full URL https://geduldeven-wachten.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 78.40.143.21 , Bulgaria, ASN201133 (VERDINA, BZ), Reverse DNS Software LiteSpeed / PHP/8.0.14 Resource Hash `3634b18c773c5f6a1d2f92ea8bbc0e94cf169ebec454e76ca4b93a4ad95c1905` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Response headers x-powered-by PHP/8.0.14 content-type text/html; charset=UTF-8 content-length 104 content-encoding br vary Accept-Encoding date Thu, 20 Jan 2022 13:51:38 GMT server LiteSpeed alt-svc h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
GET H2	200	Primary Request / Show response berichtbox-nl.com/ Redirect Chain https://bit.do/mijnoverh https://berichtbox-nl.com/	13 KB 3 KB	354ms 175ms	Document text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `4f5fd648840971ad3a8fb32ed104f0f20f2f112af4a5c9133dd248eb07bfc54d` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Accept-Language de-DE,de;q=0.9 Referer https://geduldeven-wachten.com/ Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-type text/html last-modified Wed, 05 Jan 2022 06:41:20 GMT vary Accept-Encoding cf-cache-status DYNAMIC expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Do4sQh3zZPy3Vi8%2BJctlGd4mYcm9bGrrycKMCP4cpCXYzOjMw%2Ff0dz7xuJEyttuuFjz2VIzUgkYI0okoOeNv9eMP6mOEQwvnrlZFhYuRrHUzLj4PUi4djsMps7gMaWaimwRu%2FDSpHEMrSTvP7EQIA%3D%3D"}],"group":"cf-nel","max_age":604800} nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare cf-ray 6d08c765ad2f599b-MXP content-encoding br alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 Redirect headers server nginx/1.18.0 date Thu, 20 Jan 2022 13:51:40 GMT content-type text/html; charset=iso-8859-1 content-length 305 location https://berichtbox-nl.com
GET H2	200	marktplaats.css berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	103 KB 14 KB	163ms 162ms	Stylesheet text/css	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `398d74f87682fe45a49629d5ff966191f84310ad409efa2ff47a9affc3a5f0bf` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"19a85-5a18748d30880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxmDWUpq%2B%2FLgBIkWuhkZzW6P%2FplePL2xAgAiT9d2avKMh8lKWdRhRE8iN3FP3C06GzpYJBRHoOANzra2HZod8zrkK4go3F2sbNIQ4w1uI23cHOlcrk4RX39F88xwywpJuDrbUg5YYaapAVnI6clt3A%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c766c912599b-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	client.min.css berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	120 KB 18 KB	187ms 187ms	Stylesheet text/css	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/client.min.css Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `6b0eedcff94b6a63aa4726b01dd0cd284710ca8b73f35ea018e141f9b778c758` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"1df98-5a18748d30880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kkwounMhlcBAIVkdwJpAX%2BHmdAxLdo0yP5l%2BStdc4bjSlgwX5ait8gizx1MlxRhJItpvolEP%2Fv80x0ecc38cqJ8O5vLo3qBNCE9DbDLlbV%2FrNcNR5KdHef38jBukZ%2Fzimc4RTL5pOFmOTRyrWIB0w%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c766c918599b-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	normalize.112272e5.css berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	6 KB 2 KB	137ms 137ms	Stylesheet text/css	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/normalize.112272e5.css Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"17fa-5a18748d30880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nv8DrNl%2F4XtSgagLXinmLaQSB%2Bye44g%2B0FnvFtB3lJYxeBy5P4NnF9Pzw32B%2BRnLfRl73H%2FmAF4j22F8EOktPuesJObszQ8Sh2lW6qFwaWtXimFRnKcCCGvXYPmzQeAMPX8jyyeFVFqCSHRyiY8yxw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c766c91a599b-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	common.js.download Show response berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	78 KB 30 KB	105ms 105ms	Script application/javascript	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/common.js.download Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bfe8034d6da06a3fb17b45b8d3813aa8e8e47b3bf650274da27eee2b2a47b0cb` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status DYNAMIC last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"136e8-5a18748d30880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDTsQXg5oOvt%2Fa%2Fd72CFTUHW%2FNh2o4%2B%2F6jZiMBJNUSQ8WnKkl4LwOpRkeRlukb38ADBpjhkVwYyUuUVKlzts3mY3mTf2oCI2ExV6wwB6Ako8YGlUka3ypop3ixvLD4fZEY5IuxM0QNR9qMrcTb0Ehg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c766c91d599b-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H2	200	util.js.download Show response berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	143 KB 54 KB	150ms 150ms	Script application/javascript	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/util.js.download Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `584a2c05476de8bbc369a9094e3a888c305a750bf7f6282358a24419ba3c3eaf` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status DYNAMIC last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"23a6c-5a18748d30880-gzip" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OwmFy0mTxF5owjqhQFfUaf3Ep2NRkaCR7caeWbQyXcWQ3k%2FNnz%2F5Um0oSHahI%2BtQSWG8rapn3WTaN%2B6KeLntYnokwMzdl%2BphzauLFJAy2DZb4a3VCylG7JmObrajzrzsJrT7jKLI5Bn8DyYaDvOsLA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type application/javascript nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c766c92c599b-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	fod_logo.png berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	8 KB 9 KB	174ms 174ms	Image image/png	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/fod_logo.png Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `daa392a442e0815ae90396224b9f6b0580cc98bbd3eb6f7c2e1f79a3c8689251` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT cf-cache-status MISS last-modified Wed, 08 Apr 2020 15:43:56 GMT server cloudflare etag "2048-5a2c95e31c700" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2FlfRsZnnUTfNc9ZLpYgYV2C0MMJ17liTOAcjXgenyjVfmhHepBWr%2FEsXnQY%2BeyeMEuTczh4%2BwjJl1TFe6ObUdW9Z7zb6D%2Fgr3yhFGOCt76MP%2FrP9FgsRz%2F3N3%2FK3uqNUrzlOgWjctkXpOBupWOa9g%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/png cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6d08c767cb52374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 8264
GET H3	200	obp.dff79601.svg berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	4 KB 2 KB	123ms 123ms	Image image/svg+xml	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/obp.dff79601.svg Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `0a13f7a510e9cb674c985ada9d5aa5e11b35c907cca576232354f55be52b9e57` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag W/"eae-5a18748d30880" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNSqUPtf2jXiofHPD%2Fg4rURsJzQ0XAcNY4yVDLn%2Fk9nnUNa9J%2B3gnmjfUKebWlx0r7yZrw95ELFJsXnEgrMoQB4%2FnZGxhTs5iraXgp0xcP%2FcMvfXoX5YBsXN1z1NoPXYr4HfDHfq8chdrTRGxWl2Kw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cf-ray 6d08c767fbeb374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	200	js Show response berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	116 KB 117 KB	81ms 81ms	Script text/plain	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/js Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/ Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `cffd79ef5ba4424fdd951858e19523ad61fc440df90e251c60f658dd8ecdf418` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT cf-cache-status DYNAMIC last-modified Mon, 23 Mar 2020 15:28:18 GMT server cloudflare etag "1d067-5a18748d30880" expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fNQyMjS2OmhYNdTIMfh2VwYX%2FYWaEvW3Yng55etsBMzqnlZ1AOCN9xzr6oPvo9Aj%2BNpxTNCvnetoBXChlzMEFJnYWx%2BmE0QthNqVszYfBCPpZ1rppEPuB7b5t2s%2FivX3wS4LerkdrJYysivYbWxXuw%3D%3D"}],"group":"cf-nel","max_age":604800} accept-ranges bytes cf-ray 6d08c7680c25374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 content-length 118887
GET H3	404	bancontact.svg berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	279 B 279 B	131ms 131ms	Image text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/bancontact.svg Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5cfd99e98d1553ea3ca4aaa29ca88d8d07c3834d9556fb2a2efc07a0f999c4e9` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nHMH1CUP9ixabTLLlD%2BJLP%2F1xLnnuzaNdBymGpuNa5U3nT3u8ey03ING7UkabdgLQHbxPSUVTKXd9gn0V5v7pqlUXBWXREZYB7nJO8%2Fc7x3i%2Fjqvi1VZZO171Uwp4Nb4YsmVVyZzqyU9w2yFcG%2FdKA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c7680c32374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Marktplaats.Sprite.svg berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	279 B 279 B	131ms 131ms	Image text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Marktplaats.Sprite.svg Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5cfd99e98d1553ea3ca4aaa29ca88d8d07c3834d9556fb2a2efc07a0f999c4e9` Request headers Accept-Language de-DE,de;q=0.9 Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0LFcEgMy2mjTXWYN%2Bs4%2B5ZP7k1i8lSLcNa3I4HQa5%2FTZIBQMjY7T278SfXtmov0Pc0qnOf%2BeUYuBznNtVitET9FsXD1vxBuXOOKOKulUQGvCVpBfeib7pW%2FRlv8Kotte9bmh7wCWVM1jJOlcFJsJw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c7680c34374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Light-webfont.woff2 berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	727ms 727ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.woff2 Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:41 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YWRXaoIQ65jlU4FhS%2B1ZCW8BArfFqy3fqB%2FlIDOK1oBgGGmU0GD5aRD1R1xyC4bCDZiCiuFNm3Li3srmxttxUzGWQ7yr8ix%2FV08RBknWri7XV4guZF9nqk8lbji8cAMV%2BOgMXFYJcFfeCcPCt7pLw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c7680c36374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Regular-webfont.woff2 berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	131ms 131ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.woff2 Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:40 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9G%2BN%2FmbpGdutsHiqPrsy2UdF0GQaaiZ91GLvBs67xbs90bbNmUrrHEqoimD5gKZvnSsY9Pnkfe05ipDWC5RoecaF4rj9X97pyf0yzCwntOmEcW6662OARc%2F3IrcDb4x%2BBp36xm6s506MaWvVbWZyaw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c7680c38374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Regular-webfont.woff berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	1576ms 1576ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.woff Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:42 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UNDmHl2vgLlcYdiFVD0SNebtHmeLUoY1fyvf2stKhY46fWHaSnqaUs4WRVr3DMVdT6vKX%2BSDVH%2FWV%2FkgxWkQ0v4nGY44P9ngQ3A1uARPF8KiR6E%2FfS02SUiUDnGo2UE3mU1t6ftO%2FNWdkMA%2FEHkSEw%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c768eed9374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Light-webfont.woff berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	985ms 985ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.woff Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:42 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x4yWOaZNo038BqSynI6au5tMIXHxJLy3abYPs2q9nmWqBBMytifBuP3nX3NVEasNyD7LmtSz3VpMqFfiorIwuBgPR%2FOLdqhtu7gWkmyIhm41tePWFvJHAbkeTwCN67TBRx6y%2B7L0tKN0E46GOrl1Ww%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c76cafe9374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Regular-webfont.ttf berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	1017ms 1017ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.ttf?v1 Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:43 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MuqoltHF%2FcpFa8EBcZ200%2FN7%2FBm39TSNB6VhElhztypuNOsS4bnTZCwRFPYebkM7p6%2FjuOyNgOAyRcnltMDfdI44QM8uXIBvl79Vyq3QHFcIu7zTCKTany8Xmxj6hzUaGjKGZjjcEmann0RbktnmgA%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c772cf17374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400
GET H3	404	Roboto-Light-webfont.ttf berichtbox-nl.com/FOD%20Financi%C3%ABn_files/	0 0	1000ms 1000ms	Font text/html	2606:4700:3035::6815:1bb2 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.ttf?v1 Requested by Host: berichtbox-nl.com URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Protocol H3 Security QUIC, , AES_128_GCM Server 2606:4700:3035::6815:1bb2 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/marktplaats.css Origin https://berichtbox-nl.com Accept-Language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 Response headers date Thu, 20 Jan 2022 13:51:43 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare expect-ct max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e3PMBt6KBvPu7rD7UOkhvkXZIYuxEGmbAd3SsUuBUe4Vtr8%2Bvs%2FDspo%2F0fY9dil6AKriuYAW4eFLwlSyTtMpkOVRw%2FzjcT1EYynRF5vHN2LBid%2BcT0803nesKJ9y0ybHvy7%2F8kGuWHA2MDsGQ28PLg%3D%3D"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 6d08c772cf22374d-MXP alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic (Online)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/bancontact.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Marktplaats.Sprite.svg Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Light-webfont.ttf?v1 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://berichtbox-nl.com/FOD%20Financi%C3%ABn_files/Roboto-Regular-webfont.ttf?v1 Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

berichtbox-nl.com
bit.do
geduldeven-wachten.com
2606:4700:3035::6815:1bb2
54.83.52.76
78.40.143.21
0a13f7a510e9cb674c985ada9d5aa5e11b35c907cca576232354f55be52b9e57
3634b18c773c5f6a1d2f92ea8bbc0e94cf169ebec454e76ca4b93a4ad95c1905
398d74f87682fe45a49629d5ff966191f84310ad409efa2ff47a9affc3a5f0bf
4f5fd648840971ad3a8fb32ed104f0f20f2f112af4a5c9133dd248eb07bfc54d
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
584a2c05476de8bbc369a9094e3a888c305a750bf7f6282358a24419ba3c3eaf
5cfd99e98d1553ea3ca4aaa29ca88d8d07c3834d9556fb2a2efc07a0f999c4e9
6b0eedcff94b6a63aa4726b01dd0cd284710ca8b73f35ea018e141f9b778c758
bfe8034d6da06a3fb17b45b8d3813aa8e8e47b3bf650274da27eee2b2a47b0cb
cffd79ef5ba4424fdd951858e19523ad61fc440df90e251c60f658dd8ecdf418
daa392a442e0815ae90396224b9f6b0580cc98bbd3eb6f7c2e1f79a3c8689251

berichtbox-nl.com Open in urlscan Pro 2606:4700:3035::6815:1bb2 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

18 Requests

100 %HTTPS

33 %IPv6

3 Domains

3 Subdomains

2 IPs

2 Countries

248 kBTransfer

590 kBSize

0 Cookies

0 Outgoing links

Page URL History

Redirected requests

18 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

0 Cookies

8 Console Messages

Indicators

berichtbox-nl.com Open in urlscan Pro
2606:4700:3035::6815:1bb2 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

18
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

248 kB
Transfer

590 kB
Size

0
Cookies

18 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!