urlscan.io logo urlscan.io
SecurityTrails logo

mijnregister-gateway.click Open in urlscan Pro
104.21.2.72  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://url5444.tervisdesign.com/ls/click?upn=SM-2BnttiqieV6OehcgAbNKpnwsDH8uFxdZmRhyEerD0SWaui4cRJnvRMAjeGSoqMApgEh_-2FHxFKZdiux...
Effective URL: https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Submission Tags: malicious phishing govnl Search All
Submission: On April 12 via manual from NL — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 5 domains to perform 3 HTTP transactions. The main IP is 104.21.2.72, located in and belongs to CLOUDFLARENET, US. The main domain is mijnregister-gateway.click.
TLS certificate: Issued by GTS CA 1P5 on April 10th 2023. Valid for: 3 months.
This is the only time mijnregister-gateway.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.123.54 11377 (SENDGRID)
1 1 13.107.42.14 8068 (MICROSOFT...)
1 1 51.15.139.10 12876 (Online SAS)
2 104.21.2.72 13335 (CLOUDFLAR...)
1 69.16.175.42 20446 (STACKPATH...)
3 3
1    167.89.123.54 (Chicago, United States)

ASN11377 (SENDGRID, US)
PTR: o16789123x54.outbound-mail.sendgrid.net
url5444.tervisdesign.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
lnkd.in
1    51.15.139.10 (France)

ASN12876 (Online SAS, FR)
PTR: 10-139-15-51.instances.scw.cloud
pxlme.me
2    104.21.2.72 (None, )

ASN13335 (CLOUDFLARENET, US)
mijnregister-gateway.click
1    69.16.175.42 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net
code.jquery.com
Apex Domain
Subdomains		 Transfer
2 mijnregister-gateway.click
mijnregister-gateway.click
969 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 756
30 KB
1 pxlme.me
pxlme.me
276 B
1 lnkd.in
lnkd.in — Cisco Umbrella Rank: 46224
257 B
1 tervisdesign.com
url5444.tervisdesign.com
227 B
3 5
Domain Requested by
2 mijnregister-gateway.click mijnregister-gateway.click
1 code.jquery.com mijnregister-gateway.click
1 pxlme.me 1 redirects
1 lnkd.in 1 redirects
1 url5444.tervisdesign.com 1 redirects
3 5
Subject Issuer Validity Valid
*.mijnregister-gateway.click
GTS CA 1P5		 2023-04-10 -
2023-07-09		 3 months crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2022-08-03 -
2023-07-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Frame ID: 62C7A319A20A924D2FEAEADE553BE573
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Controle persoonsgegevens

Page URL History Show full URLs

  1. http://url5444.tervisdesign.com/ls/click?upn=SM-2BnttiqieV6OehcgAbNKpnwsDH8uFxdZmRhyEerD0SWaui4cRJnvRMAjeGSo... HTTP 302
    https://lnkd.in/g-j7Cciw HTTP 301
    https://pxlme.me/mlnnV8ht?yfguyegfuiqwhfubhwj HTTP 302
    https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

5
Domains

5
Subdomains

3
IPs

3
Countries

1279 kB
Transfer

2761 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://url5444.tervisdesign.com/ls/click?upn=SM-2BnttiqieV6OehcgAbNKpnwsDH8uFxdZmRhyEerD0SWaui4cRJnvRMAjeGSoqMApgEh_-2FHxFKZdiuxrDvrU0kLmE5AaJUa3D-2FIn-2B7NoX487OjOSVraCygQBrQGcOOo9oPk9QxIokncbiQEUWBcDGkpDoZzVEMAqPUO0-2FPXNilEFuxt4XRvwxwpCdDEUecEMHngAsi14M2faJhrr-2B9yAsnwYND7m3cUNRAN2smqsPuU5JKa-2BlhsiRkAJ35SSLFOsbC55JQBrAVW651EdBQjeHnQODFjH1caLvItge7zgfT-2FC-2FPys-3D HTTP 302
    https://lnkd.in/g-j7Cciw HTTP 301
    https://pxlme.me/mlnnV8ht?yfguyegfuiqwhfubhwj HTTP 302
    https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request UBO.php
mijnregister-gateway.click/
Redirect Chain
  • http://url5444.tervisdesign.com/ls/click?upn=SM-2BnttiqieV6OehcgAbNKpnwsDH8uFxdZmRhyEerD0SWaui4cRJnvRMAjeGSoqMApgEh_-2FHxFKZdiuxrDvrU0kLmE5AaJUa3D-2FIn-2B7NoX487OjOSVraCygQBrQGcOOo9oPk9QxIokncbiQEU...
  • https://lnkd.in/g-j7Cciw
  • https://pxlme.me/mlnnV8ht?yfguyegfuiqwhfubhwj
  • https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
2 MB
967 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.2.72 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
913bc2d928ebe15c181154695cc3b496cdefbfe6b7ff6f6c7f0bd122fffa8c2a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
7b6c30124c8e9196-FRA
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 12 Apr 2023 14:34:02 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0802gte8KedPmFeDDvHnwg%2F3pOhyPh8ii1RtkHpodC8nhBBSTIFzCVpctUYgH50C2tcrg649iAXhBMp86hpn45ipTReTppxT2dUxn%2B59dGObVSYsoMjiuaSrRqov4%2Bj6BagDPQAIySDdhZC0cw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

Cache-Control
no-cache, no-store, must-revalidate
Content-Length
86
Content-Type
text/html; charset=utf-8
Date
Wed, 12 Apr 2023 14:34:01 GMT
Expires
0
Location
https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Pragma
no-cache
jquery-3.6.0.min.js
code.jquery.com/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.6.0.min.js
Requested by
Host: mijnregister-gateway.click
URL: https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.16.175.42 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
tlb.hwcdn.net
Software
nginx /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Referer
https://mijnregister-gateway.click/
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 14:34:02 GMT
content-encoding
gzip
last-modified
Wed, 16 Feb 2022 10:50:39 GMT
server
nginx
etag
W/"620cd6ff-15d9d"
vary
Accept-Encoding
x-hw
1681310042.dop256.am5.t,1681310042.cds146.am5.hn,1681310042.cds004.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30875
requests.js
mijnregister-gateway.click/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mijnregister-gateway.click/requests.js
Requested by
Host: mijnregister-gateway.click
URL: https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.2.72 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f8a98838ea5cae13a20e34529149ac5731cfaf8a8a80261e368ed3ab76cf219

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://mijnregister-gateway.click/UBO.php?yfguyegfuiqwhfubhwj=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Wed, 12 Apr 2023 14:34:02 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 11 Feb 2023 20:34:46 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"117b-5f4728b6a4580-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4XwXWGuSwojJEcZbYbxaHrWW99K6uHMnK02HeedRHyuLGNydjcl1CGJkpbynrXJsMVWwKQKLjYNfa2otaHsNM325kAhWus2P9GHQWTdCF%2FP%2FY04%2BVfb8lGYbZJ4%2BCwazWfLmMXPpEcl0O5qBLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
7b6c3013fe819196-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		103 KB
103 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76b7bb62d24c8ed3c3fa7b1b41af442199610e1c02d4d7fcbf275abdc69a1366

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/font-woff
truncated
/ 		10 KB
10 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d52728361053f1db95f6e3d13a88b473c3a2dfa9ab23c5ec0771367c623fc13d

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/x-font-ttf;charset=utf-8
truncated
/ 		25 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
de04110c4fb35d40e49f9becb0c5e0c6b0252bd8eab6c4a1aae18b03249e8fbd

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/font-woff;charset=utf-8
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2c587d8fb801a7de62f7c1985e521ec81e771f58ae23224ab075e8bec59ddd46

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		266 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		479 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d4b768e315d68a768157f6b6ba4120604b335ee856635d00f958566d4b4d5360

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

Referer
Origin
https://mijnregister-gateway.click
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
application/font-woff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| savepage_ShadowLoader function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
mijnregister-gateway.click/ Name: PHPSESSID
Value: oe3f3vhvep8nulq32e8gdtntgq