belastingherkenning.digital Open in urlscan Pro
2606:4700:3034::6815:3e6b  Malicious Activity! Public Scan

URL: https://belastingherkenning.digital/herkenning.php
Submission Tags: falconsandbox
Submission: On August 11 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 2606:4700:3034::6815:3e6b, located in United States and belongs to CLOUDFLARENET, US. The main domain is belastingherkenning.digital.
TLS certificate: Issued by GTS CA 1P5 on August 10th 2022. Valid for: 3 months.
This is the only time belastingherkenning.digital was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

IP Address AS Autonomous System
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (STACKPATH...)
3 3
Apex Domain
Subdomains
Transfer
2 belastingherkenning.digital
belastingherkenning.digital
969 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 615
30 KB
3 2
Domain Requested by
2 belastingherkenning.digital belastingherkenning.digital
1 code.jquery.com belastingherkenning.digital
3 2
Subject Issuer Validity Valid
*.belastingherkenning.digital
GTS CA 1P5
2022-08-10 -
2022-11-08
3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA
2021-07-14 -
2022-08-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://belastingherkenning.digital/herkenning.php
Frame ID: 613540EF75CC60CE9AD9C5A73FFC8FA7
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

eHerkenning aanvragen

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

3
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1361 kB
Transfer

2843 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request herkenning.php
belastingherkenning.digital/
2 MB
967 KB
Document
General
Full URL
https://belastingherkenning.digital/herkenning.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
318e9a4798de13428ab37c78f7e318d1d064eae53f6c8ae034de19d4583fd1e1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7391df2ed8bebbaf-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 11 Aug 2022 15:05:51 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZWe5YkURIFVYD7zKYxpyKPIY7Yxa9BVcJAyVyz0zdz8m2Lb4ffmpdru1WW4%2BgwJMDIWM4vLBFPfhsA7XD5J3c8wZtblHTREqFpu%2BwKQHrzE5WorePoO%2FjbKfQrqrZcbIhtBdv4jS9TznsRVxCXYCnjt4FMra9xY2Rs%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
jquery-3.6.0.min.js
code.jquery.com/
87 KB
30 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: belastingherkenning.digital
URL: https://belastingherkenning.digital/herkenning.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:1a , Netherlands, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://belastingherkenning.digital/
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:05:51 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-15d9d"
vary
Accept-Encoding
x-hw
1660230351.dop159.fr8.t,1660230351.cds230.fr8.hn,1660230351.cds144.fr8.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
requests.js
belastingherkenning.digital/
4 KB
1 KB
Script
General
Full URL
https://belastingherkenning.digital/requests.js
Requested by
Host: belastingherkenning.digital
URL: https://belastingherkenning.digital/herkenning.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::6815:3e6b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f8a98838ea5cae13a20e34529149ac5731cfaf8a8a80261e368ed3ab76cf219

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://belastingherkenning.digital/herkenning.php
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Thu, 11 Aug 2022 15:05:51 GMT
content-encoding
br
cf-cache-status
EXPIRED
last-modified
Thu, 21 Jul 2022 04:04:58 GMT
server
cloudflare
etag
W/"117b-5e448d2256e80-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wapNWb23LoYFgaHyMu6SjDZa%2FHd8zVM7xQ0O%2F7qvNuNRizfZQYMh5jsIbJNP0nhO5p9rS4Hsz8N3GOH1EUp4y6mpTx4zGVBcwCEcHNUv6D%2FaPEIjajuAT1f17kd%2BebaGKaZFzW9C12lDqcv5Pl1rvw7VBKtKJyedSzc%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
7391df305bfbbbaf-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/
17 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
75 KB
75 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
103 KB
103 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76b7bb62d24c8ed3c3fa7b1b41af442199610e1c02d4d7fcbf275abdc69a1366

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
82 KB
82 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
68 KB
68 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c587d8fb801a7de62f7c1985e521ec81e771f58ae23224ab075e8bec59ddd46

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
266 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
479 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4b768e315d68a768157f6b6ba4120604b335ee856635d00f958566d4b4d5360

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
10 KB
10 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d52728361053f1db95f6e3d13a88b473c3a2dfa9ab23c5ec0771367c623fc13d

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/x-font-ttf;charset=utf-8
truncated
/
25 KB
25 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de04110c4fb35d40e49f9becb0c5e0c6b0252bd8eab6c4a1aae18b03249e8fbd

Request headers

Referer
Origin
https://belastingherkenning.digital
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| savepage_ShadowLoader function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
belastingherkenning.digital/ Name: PHPSESSID
Value: 85cio70o60gk6aupmcguqgmut3