urlscan.io logo urlscan.io
SecurityTrails logo

achterstallige-betaling.com Open in urlscan Pro
193.143.1.14  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://achterstallige-betaling.com/betaalpagina.html
Submission Tags: @ecarlesi threat phishing belastingdienst Search All
Submission: On September 22 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 5 countries across 7 domains to perform 11 HTTP transactions. The main IP is 193.143.1.14, located in Moscow, Russian Federation and belongs to PROTON66, RU. The main domain is achterstallige-betaling.com.
TLS certificate: Issued by R10 on September 22nd 2024. Valid for: 3 months.
This is the only time achterstallige-betaling.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

IP Address AS Autonomous System
1 193.143.1.14 198953 (PROTON66)
1 2a04:9a01:100... 34663 (ASBELASTI...)
1 1 104.26.8.183 13335 (CLOUDFLAR...)
6 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.17.24.14 13335 (CLOUDFLAR...)
11 6
1    193.143.1.14 (Moscow, Russian Federation)

ASN198953 (PROTON66, RU)
achterstallige-betaling.com
1    2a04:9a01:1002::33 (Netherlands)

ASN34663 (ASBELASTINGDIENST, NL)
www.belastingdienst.nl
1    104.26.8.183 (None, )

ASN13335 (CLOUDFLARENET, US)
code.tidio.co
6    2606:4700:20::681a:98b (United States)

ASN13335 (CLOUDFLARENET, US)
widget-v4.tidiochat.com
2    2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s2.googleusercontent.com
2    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
t1.gstatic.com
1    104.17.24.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
Apex Domain
Subdomains		 Transfer
6 tidiochat.com
widget-v4.tidiochat.com — Cisco Umbrella Rank: 21827
350 KB
2 gstatic.com
t1.gstatic.com
959 B
2 googleusercontent.com
s2.googleusercontent.com — Cisco Umbrella Rank: 25085
644 B
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
2 KB
1 tidio.co
code.tidio.co — Cisco Umbrella Rank: 18418
639 B
1 belastingdienst.nl
www.belastingdienst.nl — Cisco Umbrella Rank: 307411
19 KB
1 achterstallige-betaling.com
achterstallige-betaling.com
865 KB
11 7
Domain Requested by
6 widget-v4.tidiochat.com achterstallige-betaling.com
code.tidio.co
2 t1.gstatic.com
2 s2.googleusercontent.com 2 redirects
1 cdnjs.cloudflare.com
1 code.tidio.co 1 redirects
1 www.belastingdienst.nl achterstallige-betaling.com
1 achterstallige-betaling.com
11 7

This site contains links to these domains. Also see Links.

Domain
www.cjib.nl
www.facebook.com
twitter.com
www.linkedin.com
api.whatsapp.com
Subject Issuer Validity Valid
*.achterstallige-betaling.com
R10		 2024-09-22 -
2024-12-21		 3 months crt.sh
www.belastingdienst.nl
DigiCert G2 TLS EU RSA4096 SHA384 2022 CA1		 2024-05-02 -
2025-05-01		 a year crt.sh
tidiochat.com
WE1		 2024-09-10 -
2024-12-09		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-07-31 -
2024-10-29		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://achterstallige-betaling.com/betaalpagina.html
Frame ID: 63779280C18D0E217C89C0F987F7D71B
Requests: 17 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/1_246_0/static/js/chunk-WidgetIframe-9c611ef76d3ca0c5cea7.js
Frame ID: 9C32E7F245C31EE20007DECAC8F4C91C
Requests: 4 HTTP requests in this frame

Frame: https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Frame ID: FB325245B32E780570BF93018CFA9199
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Belastingdienst Nederland |

Page Statistics

11
Requests

73 %
HTTPS

57 %
IPv6

7
Domains

7
Subdomains

6
IPs

5
Countries

1462 kB
Transfer

4223 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://code.tidio.co/ob1hxznik3zbotw8oeycacp4zci7ffmz.js HTTP 302
  • https://widget-v4.tidiochat.com/1_246_0/static/js/render.9c611ef76d3ca0c5cea7.js
Request Chain 17
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Request Chain 19
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request betaalpagina.html
achterstallige-betaling.com/ 		3 MB
865 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://achterstallige-betaling.com/betaalpagina.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.143.1.14 Moscow, Russian Federation, ASN198953 (PROTON66, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
11f59c1b1f345d63080b67a54d4391419522cfaa206877d05fd24bbbe07dca00

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
884837
content-type
text/html
date
Sun, 22 Sep 2024 20:34:06 GMT
last-modified
Sun, 22 Sep 2024 13:44:28 GMT
server
LiteSpeed
vary
Accept-Encoding
bld_logo.svg
www.belastingdienst.nl/bld-assets/bld/rhslogos/ 		17 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.belastingdienst.nl/bld-assets/bld/rhslogos/bld_logo.svg
Requested by
Host: achterstallige-betaling.com
URL: https://achterstallige-betaling.com/betaalpagina.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a04:9a01:1002::33 , Netherlands, ASN34663 (ASBELASTINGDIENST, NL),
Reverse DNS
Software
/
Resource Hash
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e
Security Headers
Name Value
Content-Security-Policy default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://achterstallige-betaling.com/

Response headers

Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline'
ETag
"454b-603698a9b53a0"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
17739
Keep-Alive
timeout=5, max=28
Date
Sun, 22 Sep 2024 20:34:10 GMT
X-XSS-Protection
1; mode=block;
Last-Modified
Mon, 21 Aug 2023 07:08:12 GMT
Content-Type
image/svg+xml
X-Frame-Options
SAMEORIGIN
truncated
/ 		325 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e1259c7006dfe0d19f6bcc4fc622c4ce555250e9924fa20cafbe137e64d72eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://achterstallige-betaling.com
Referer

Response headers

Content-Type
font/woff
truncated
/ 		68 KB
68 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://achterstallige-betaling.com
Referer

Response headers

Content-Type
font/woff
truncated
/ 		82 KB
82 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://achterstallige-betaling.com
Referer

Response headers

Content-Type
font/woff
truncated
/ 		29 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ec0583dd05c9ae23e4f612829312af92f4b38961c0b1fbf53a266f20d4eb182

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/jpeg
truncated
/ 		673 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c922548cfe09320db090d544611419072db72918c07a3588e8138bd474eb41d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		847 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea24041f1bf773952f69e1e98082de62b89f24ca6b60b147f2f052b21e3b6861

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		686 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f325b8b3a6c772d7ebef4dea572c8da501e9c6ee286df0d96dfa49441258fd2f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc9b62c0c22ee9ed9efc6b63664e860df4979d42279d6d76d5720beec4c8b239

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76cba8c616494b98ce3232bb080e8beef3583aa75368c65b5e121508f92bb6a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85f028fadd26412f3ff050e58fab1c791a172e44f078db492c89bbb950053695

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc4b94fbd1ec10e1ed4e130d8c785c2f0f7a6dacee88c019d3d77782b86d43ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
render.9c611ef76d3ca0c5cea7.js
widget-v4.tidiochat.com/1_246_0/static/js/
Redirect Chain
  • https://code.tidio.co/ob1hxznik3zbotw8oeycacp4zci7ffmz.js
  • https://widget-v4.tidiochat.com/1_246_0/static/js/render.9c611ef76d3ca0c5cea7.js
5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com/1_246_0/static/js/render.9c611ef76d3ca0c5cea7.js
Requested by
Host: achterstallige-betaling.com
URL: https://achterstallige-betaling.com/betaalpagina.html
Protocol
H2
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c64a51f4b1e3f0935a46df30aa7d76edab725a829eccb20803e059074e889b8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://achterstallige-betaling.com/

Response headers

cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66ec17d5-14a0"
age
262
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TOj2py%2Bn22%2BMwucwGIrh%2BE84W7tTsfCV1EmQDN2F6cCWSfoK%2F4fHhQYCYq%2FuI92HzaW53YWwSXCCl43nyOI01WZmZHaaAVvV3h1Srd8cYV%2BYHc22m%2BWZtSdDcuJVE4ktB%2BvW7Je9SoSqYTFoFwC%2F1%2Fcx1Fji"}],"group":"cf-nel","max_age":604800}
cf-ray
8c75130dbc26839d-MXP
date
Sun, 22 Sep 2024 20:34:12 GMT
content-type
application/javascript
last-modified
Thu, 19 Sep 2024 12:23:49 GMT
vary
Accept-Encoding
server
cloudflare

Redirect headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control
public, s-maxage=300, max-age=0
location
https://widget-v4.tidiochat.com/1_246_0/static/js/render.9c611ef76d3ca0c5cea7.js
widget-cache-status
HIT
cf-cache-status
MISS
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GS31c0HnQf0mCKGjBSGObuB7gOIcJvsxNulufjtn9nA4ctUStBI9lQC1g3z5MXyX7XTDFe829Ctw0%2FtCB5b2Z1kiiesxQZbQpIx5cgSUYXizqtoHemkqE%2F8ect0iVdc%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8c75130cda5bd260-FRA
date
Sun, 22 Sep 2024 20:34:12 GMT
content-type
text/html
vary
Accept-Encoding
server
cloudflare
chunk-WidgetIframe-9c611ef76d3ca0c5cea7.js
widget-v4.tidiochat.com/1_246_0/static/js/ Frame 9C32 		472 KB
150 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com/1_246_0/static/js/chunk-WidgetIframe-9c611ef76d3ca0c5cea7.js
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/ob1hxznik3zbotw8oeycacp4zci7ffmz.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeff066967aa3a413ddad26eee94c22094d7f7edb85f8ac111fa7af6ad8acbab

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66ec17d5-75e8b"
age
241
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Wx4FNxJ3Isq838MxFysroYrJEY01RiRvEjxS1NBhW8%2BT44rPJ0UfrpY1vLx7apgIgZFnvR0t51Jf35OTuPcszrQjslGnof6TVrtVCz2SNbnzYNXhMnbSZZXWawjKjxNSr5vh%2B0rE4ZkK%2B3xR03MTvKL9WMrA"}],"group":"cf-nel","max_age":604800}
cf-ray
8c75130e4d04839d-MXP
date
Sun, 22 Sep 2024 20:34:12 GMT
content-type
application/javascript
last-modified
Thu, 19 Sep 2024 12:23:49 GMT
vary
Accept-Encoding
server
cloudflare
mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame 9C32 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/ob1hxznik3zbotw8oeycacp4zci7ffmz.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://achterstallige-betaling.com
Referer

Response headers

cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
etag
"66ec17d3-6b08"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXulyv67F3b%2BKjAOQHZ6TYiomZWFbdun8ZxokSDO9fRmPKgpqDrdKMgC%2Bzrw6xAAXzMecuCJc%2BVkcfGqFQXGq7%2FFGU8FBil3e6%2BB0Qx2YSQnoNJnpFODt6PLjVvkPwHfrVQkHemyG6OcdL8Nn%2Ffh9eOwafnZ"}],"group":"cf-nel","max_age":604800}
cf-ray
8c7513126e82baa5-MXP
accept-ranges
bytes
access-control-allow-origin
*
content-length
27400
date
Sun, 22 Sep 2024 20:34:13 GMT
content-type
font/woff2
last-modified
Thu, 19 Sep 2024 12:23:47 GMT
vary
Accept-Encoding
server
cloudflare
tururu.mp3
widget-v4.tidiochat.com// Frame 9C32 		7 KB
7 KB 		Media
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com//tururu.mp3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f

Request headers

Referer
Accept-Encoding
identity;q=1, *;q=0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Range
bytes=0-

Response headers

cf-cache-status
HIT
etag
"66ec17d3-1c38"
age
276589
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pjst7xg24Rxv3e%2FoStdSCTDYCBo%2BntzmimmdmbaqvOu7NZ9pUUObDw0Icy3RHvXTi9LWKgDMF6WJKUHA%2BScKMDSMoC%2FhimgbmNSz2aFlya%2FBK7L8KcSY9Vk5yLug7xGa1qF1BD6RcdgnDk8ZOqu2PhZH%2FATp"}],"group":"cf-nel","max_age":604800}
expires
Thu, 03 Oct 2024 15:44:23 GMT
date
Sun, 22 Sep 2024 20:34:12 GMT
content-type
audio/mpeg
last-modified
Thu, 19 Sep 2024 12:23:47 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
public
Content-Range
bytes 0-7223/7224
cf-ray
8c75130e4d0c839d-MXP
Content-Length
7224
server
cloudflare
faviconV2
t1.gstatic.com/
Redirect Chain
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
399 B
959 B 		Other
General
Check archive.org
Download Go to
Full URL
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Protocol
H2
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://achterstallige-betaling.com/

Response headers

age
23320
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
x-content-type-options
nosniff
content-location
https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires
Sun, 29 Sep 2024 14:05:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 14:05:33 GMT
last-modified
Wed, 19 Jun 2019 07:23:14 GMT
content-type
image/png
cache-control
public, max-age=604800
cross-origin-opener-policy
same-origin; report-to="media-favicon"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
accept-ranges
bytes
content-length
399
x-xss-protection
0
server
sffe

Redirect headers

cache-control
public, max-age=1800
location
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
age
1343
x-content-type-options
nosniff
expires
Sun, 22 Sep 2024 20:41:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
338
x-xss-protection
0
date
Sun, 22 Sep 2024 20:11:49 GMT
content-type
text/html; charset=UTF-8
server
sffe
widget.9c611ef76d3ca0c5cea7.js
widget-v4.tidiochat.com/1_246_0/static/js/ Frame 9C32 		441 KB
163 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com/1_246_0/static/js/widget.9c611ef76d3ca0c5cea7.js
Requested by
Host: code.tidio.co
URL: https://code.tidio.co/ob1hxznik3zbotw8oeycacp4zci7ffmz.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92c87c7b72514d9b303dc35e5a126b2373c4e6d84511005308998b1420d6d81d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66ec17d5-6e4f3"
age
260
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jSl5jFImBOLLCh%2FdonLfzcFdCaw%2Fr9mOyERWUjOtSganjtoVPfj5l1Zw7YsMo9IA6duNWeFRH4z4tgDoGXh4xpFxwYhlgDCrTwK4t1tIXSJvkon01AQBXnq8QyNtrMd%2BGFtExPWYHDOnOR0ThFjJwCN0WPF%2B"}],"group":"cf-nel","max_age":604800}
cf-ray
8c75130e5d27839d-MXP
date
Sun, 22 Sep 2024 20:34:12 GMT
content-type
application/javascript
last-modified
Thu, 19 Sep 2024 12:23:49 GMT
vary
Accept-Encoding
server
cloudflare
faviconV2
t1.gstatic.com/
Redirect Chain
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
  • https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
399 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Protocol
H2
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://achterstallige-betaling.com/

Response headers

age
23320
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
x-content-type-options
nosniff
content-location
https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires
Sun, 29 Sep 2024 14:05:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 22 Sep 2024 14:05:33 GMT
last-modified
Wed, 19 Jun 2019 07:23:14 GMT
content-type
image/png
cache-control
public, max-age=604800
cross-origin-opener-policy
same-origin; report-to="media-favicon"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
accept-ranges
bytes
content-length
399
x-xss-protection
0
server
sffe

Redirect headers

cache-control
public, max-age=1800
location
https://t1.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
age
1343
x-content-type-options
nosniff
expires
Sun, 22 Sep 2024 20:41:49 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
338
x-xss-protection
0
date
Sun, 22 Sep 2024 20:11:49 GMT
content-type
text/html; charset=UTF-8
server
sffe
mulish_SGhgqk3wotYKNnBQ.woff2
widget-v4.tidiochat.com/fonts/ Frame FB32 		27 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://widget-v4.tidiochat.com/fonts/mulish_SGhgqk3wotYKNnBQ.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:98b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://achterstallige-betaling.com
Referer
https://achterstallige-betaling.com/

Response headers

cache-control
max-age=691200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status
MISS
etag
"66ec17d3-6b08"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eXulyv67F3b%2BKjAOQHZ6TYiomZWFbdun8ZxokSDO9fRmPKgpqDrdKMgC%2Bzrw6xAAXzMecuCJc%2BVkcfGqFQXGq7%2FFGU8FBil3e6%2BB0Qx2YSQnoNJnpFODt6PLjVvkPwHfrVQkHemyG6OcdL8Nn%2Ffh9eOwafnZ"}],"group":"cf-nel","max_age":604800}
cf-ray
8c7513126e82baa5-MXP
accept-ranges
bytes
access-control-allow-origin
*
content-length
27400
date
Sun, 22 Sep 2024 20:34:13 GMT
content-type
font/woff2
last-modified
Thu, 19 Sep 2024 12:23:47 GMT
vary
Accept-Encoding
server
cloudflare
1f44b.png
cdnjs.cloudflare.com/ajax/libs/twemoji/12.1.1/72x72/ Frame FB32 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twemoji/12.1.1/72x72/1f44b.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dfee1561c6e59c90f7a292f90157bae85f75ccb3ae27b655898a51429e3a8910
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://achterstallige-betaling.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5fdd6306-505"
age
188476
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSz56uGTBdhgoD7Ki%2F6kEY8iiiytQ4btvOTKvGHjLCoLDsg1nzcwfD6Q6pKrtqMjuDK9jdhhcv56WRvG5JaK5o6UV0ymT%2BFLp1N8Cu9M2hehl98wit%2Fo1o1rFkh%2B4TgZDcaOHTNb"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Fri, 12 Sep 2025 20:34:15 GMT
date
Sun, 22 Sep 2024 20:34:15 GMT
content-type
image/png; charset=utf-8
last-modified
Sat, 19 Dec 2020 02:18:46 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8c75131bbba4baf4-MXP
accept-ranges
bytes
access-control-allow-origin
*
content-length
1224
server
cloudflare

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| savepage_ShadowLoader object| SENTRY_RELEASE object| tidioChatApi

0 Cookies

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

achterstallige-betaling.com
cdnjs.cloudflare.com
code.tidio.co
s2.googleusercontent.com
t1.gstatic.com
widget-v4.tidiochat.com
www.belastingdienst.nl
104.17.24.14
104.26.8.183
193.143.1.14
2606:4700:20::681a:98b
2a00:1450:4001:80e::2001
2a00:1450:4001:82f::2004
2a04:9a01:1002::33
11f59c1b1f345d63080b67a54d4391419522cfaa206877d05fd24bbbe07dca00
12c7687514ca85ba2157ed61914ac526bb9dd15cb5a2a2d9e4d88f919349284f
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591
4ec0583dd05c9ae23e4f612829312af92f4b38961c0b1fbf53a266f20d4eb182
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a
577db921a554af3596942d3c48b5c91feaac8c767e183d518a8de8de86e5c7d8
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
76cba8c616494b98ce3232bb080e8beef3583aa75368c65b5e121508f92bb6a4
85f028fadd26412f3ff050e58fab1c791a172e44f078db492c89bbb950053695
8e1259c7006dfe0d19f6bcc4fc622c4ce555250e9924fa20cafbe137e64d72eb
92c87c7b72514d9b303dc35e5a126b2373c4e6d84511005308998b1420d6d81d
95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a
aeff066967aa3a413ddad26eee94c22094d7f7edb85f8ac111fa7af6ad8acbab
c64a51f4b1e3f0935a46df30aa7d76edab725a829eccb20803e059074e889b8a
c922548cfe09320db090d544611419072db72918c07a3588e8138bd474eb41d3
dc4b94fbd1ec10e1ed4e130d8c785c2f0f7a6dacee88c019d3d77782b86d43ba
dc9b62c0c22ee9ed9efc6b63664e860df4979d42279d6d76d5720beec4c8b239
dfee1561c6e59c90f7a292f90157bae85f75ccb3ae27b655898a51429e3a8910
ea24041f1bf773952f69e1e98082de62b89f24ca6b60b147f2f052b21e3b6861
f325b8b3a6c772d7ebef4dea572c8da501e9c6ee286df0d96dfa49441258fd2f