berichtbox-nl.com
Open in
urlscan Pro
2606:4700:3035::6815:1bb2
Malicious Activity!
Public Scan
Effective URL: https://berichtbox-nl.com/
Submission Tags: falconsandbox
Submission: On January 20 via api from US — Scanned from DE
Summary
TLS certificate: Issued by E1 on January 20th 2022. Valid for: 3 months.
This is the only time berichtbox-nl.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Generic (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 78.40.143.21 78.40.143.21 | 201133 (VERDINA) (VERDINA) | |
1 1 | 54.83.52.76 54.83.52.76 | 14618 (AMAZON-AES) (AMAZON-AES) | |
17 | 2606:4700:303... 2606:4700:3035::6815:1bb2 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
18 | 2 |
ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-52-76.compute-1.amazonaws.com
bit.do |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
berichtbox-nl.com
berichtbox-nl.com |
248 KB |
1 |
bit.do
1 redirects
bit.do — Cisco Umbrella Rank: 197725 |
105 B |
1 |
geduldeven-wachten.com
geduldeven-wachten.com |
367 B |
18 | 3 |
Domain | Requested by | |
---|---|---|
17 | berichtbox-nl.com |
berichtbox-nl.com
|
1 | bit.do | 1 redirects |
1 | geduldeven-wachten.com | |
18 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.geduldeven-wachten.com Sectigo RSA Domain Validation Secure Server CA |
2022-01-20 - 2023-01-20 |
a year | crt.sh |
*.berichtbox-nl.com E1 |
2022-01-20 - 2022-04-20 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://berichtbox-nl.com/
Frame ID: 46C89FCFF4A906E35D7DFE50EA55FD9E
Requests: 18 HTTP requests in this frame
Screenshot
Page Title
Mijn Overheid | BelastingdienstPage URL History Show full URLs
- https://geduldeven-wachten.com/ Page URL
-
https://bit.do/mijnoverh
HTTP 301
https://berichtbox-nl.com/ Page URL
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://geduldeven-wachten.com/ Page URL
-
https://bit.do/mijnoverh
HTTP 301
https://berichtbox-nl.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
18 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
geduldeven-wachten.com/ |
123 B 367 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Primary Request
/
berichtbox-nl.com/ Redirect Chain
|
13 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
marktplaats.css
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
103 KB 14 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
client.min.css
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
120 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
normalize.112272e5.css
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
6 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
common.js.download
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
78 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js.download
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
143 KB 54 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
fod_logo.png
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
8 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
obp.dff79601.svg
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
js
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
116 KB 117 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
bancontact.svg
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
279 B 279 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Marktplaats.Sprite.svg
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
279 B 279 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Light-webfont.woff2
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Regular-webfont.woff2
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Regular-webfont.woff
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Light-webfont.woff
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Regular-webfont.ttf
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Roboto-Light-webfont.ttf
berichtbox-nl.com/FOD%20Financi%C3%ABn_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Generic (Online)11 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| radioselected boolean| tcsaccepted object| selectedbank function| closeselect function| openselect function| radiochange function| changevalues function| gm_authFailure object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
8 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
berichtbox-nl.com
bit.do
geduldeven-wachten.com
2606:4700:3035::6815:1bb2
54.83.52.76
78.40.143.21
0a13f7a510e9cb674c985ada9d5aa5e11b35c907cca576232354f55be52b9e57
3634b18c773c5f6a1d2f92ea8bbc0e94cf169ebec454e76ca4b93a4ad95c1905
398d74f87682fe45a49629d5ff966191f84310ad409efa2ff47a9affc3a5f0bf
4f5fd648840971ad3a8fb32ed104f0f20f2f112af4a5c9133dd248eb07bfc54d
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
584a2c05476de8bbc369a9094e3a888c305a750bf7f6282358a24419ba3c3eaf
5cfd99e98d1553ea3ca4aaa29ca88d8d07c3834d9556fb2a2efc07a0f999c4e9
6b0eedcff94b6a63aa4726b01dd0cd284710ca8b73f35ea018e141f9b778c758
bfe8034d6da06a3fb17b45b8d3813aa8e8e47b3bf650274da27eee2b2a47b0cb
cffd79ef5ba4424fdd951858e19523ad61fc440df90e251c60f658dd8ecdf418
daa392a442e0815ae90396224b9f6b0580cc98bbd3eb6f7c2e1f79a3c8689251