uitstaand-bedrag.com Open in urlscan Pro
193.143.1.14  Malicious Activity! Public Scan

Submitted URL: http://uitstaand-bedrag.com/
Effective URL: https://uitstaand-bedrag.com/
Submission Tags: @phish_report
Submission: On September 24 via api from FI — Scanned from FI

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 193.143.1.14, located in Moscow, Russian Federation and belongs to PROTON66, RU. The main domain is uitstaand-bedrag.com.
TLS certificate: Issued by R10 on September 20th 2024. Valid for: 3 months.
This is the only time uitstaand-bedrag.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: NL Government (Government)

Domain & IP information

IP Address AS Autonomous System
2 193.143.1.14 198953 (PROTON66)
1 2a04:9a01:100... 34663 (ASBELASTI...)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 4
Apex Domain
Subdomains
Transfer
2 gstatic.com
t0.gstatic.com
960 B
2 googleusercontent.com
s2.googleusercontent.com — Cisco Umbrella Rank: 25085
644 B
2 uitstaand-bedrag.com
uitstaand-bedrag.com
915 KB
1 belastingdienst.nl
www.belastingdienst.nl — Cisco Umbrella Rank: 307411
19 KB
5 4
Domain Requested by
2 t0.gstatic.com
2 s2.googleusercontent.com 2 redirects
2 uitstaand-bedrag.com uitstaand-bedrag.com
1 www.belastingdienst.nl uitstaand-bedrag.com
5 4

This site contains links to these domains. Also see Links.

Domain
www.cjib.nl
www.facebook.com
twitter.com
www.linkedin.com
api.whatsapp.com
Subject Issuer Validity Valid
*.uitstaand-bedrag.com
R10
2024-09-20 -
2024-12-19
3 months crt.sh
www.belastingdienst.nl
DigiCert G2 TLS EU RSA4096 SHA384 2022 CA1
2024-05-02 -
2025-05-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://uitstaand-bedrag.com/
Frame ID: 91AE3A1220EEB95DA7A87DF2A93C0664
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Belastingdienst Nederland

Page URL History Show full URLs

  1. http://uitstaand-bedrag.com/ HTTP 307
    https://uitstaand-bedrag.com/ Page URL

Page Statistics

5
Requests

60 %
HTTPS

75 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

1160 kB
Transfer

3295 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://uitstaand-bedrag.com/ HTTP 307
    https://uitstaand-bedrag.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
  • https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Request Chain 15
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32 HTTP 301
  • https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
uitstaand-bedrag.com/
Redirect Chain
  • http://uitstaand-bedrag.com/
  • https://uitstaand-bedrag.com/
3 MB
865 KB
Document
General
Full URL
https://uitstaand-bedrag.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.143.1.14 Moscow, Russian Federation, ASN198953 (PROTON66, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
23bd40642eee01519340418eb8ee4bceb417788e6e3d4b39aebba070b16361bf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
884701
content-type
text/html
date
Tue, 24 Sep 2024 12:30:26 GMT
last-modified
Sat, 21 Sep 2024 12:31:33 GMT
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

Location
https://uitstaand-bedrag.com/
Non-Authoritative-Reason
HttpsUpgrades
bld_logo.svg
www.belastingdienst.nl/bld-assets/bld/rhslogos/
17 KB
19 KB
Image
General
Full URL
https://www.belastingdienst.nl/bld-assets/bld/rhslogos/bld_logo.svg
Requested by
Host: uitstaand-bedrag.com
URL: https://uitstaand-bedrag.com/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a04:9a01:1002::33 , Netherlands, ASN34663 (ASBELASTINGDIENST, NL),
Reverse DNS
Software
/
Resource Hash
24c2c8d65ef0423159d5505ed54492d1346611b076c14fd3af08e5364ce83d9e
Security Headers
Name Value
Content-Security-Policy default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://uitstaand-bedrag.com/

Response headers

Strict-Transport-Security
max-age=31536000
Content-Security-Policy
default-src https://*.belastingdienst.nl https://vinden.belastingdienst.nl https://*.readspeaker.com; connect-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com https://*.abtasty.com https://api.pdok.nl; child-src 'self' https://belastingdienst.nl https://*.belastingdienst.nl https://secure.opinionlab.com https://*.readspeaker.com https://www.youtube.com https://www.youtube-nocookie.com ; frame-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com https://secure.opinionlab.com https://www.youtube.com https://www.youtube-nocookie.com https://survey.alchemer.eu https://douane.livepresence.net; frame-ancestors 'self' https://*.belastingdienst.nl https://*.pagefreezer.com https://*.pagefreezer.nl ; img-src 'self' https://*.readspeaker.com https://img.youtube.com data: https://*.belastingdienst.nl blob: data: *.abtasty.com; font-src 'self' https://*.belastingdienst.nl blob: data: *.abtasty.com; script-src 'self' https://*.belastingdienst.nl https://enquete.agconsult.com https://*.readspeaker.com 'unsafe-eval' 'unsafe-inline' blob: *.abtasty.com ; style-src 'self' https://*.belastingdienst.nl https://*.readspeaker.com *.abtasty.com 'unsafe-inline'
ETag
"454b-603698a9b53a0"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
17739
Keep-Alive
timeout=5, max=62
Date
Tue, 24 Sep 2024 12:30:27 GMT
X-XSS-Protection
1; mode=block;
Last-Modified
Mon, 21 Aug 2023 07:08:12 GMT
Content-Type
image/svg+xml
X-Frame-Options
SAMEORIGIN
truncated
/
29 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4ec0583dd05c9ae23e4f612829312af92f4b38961c0b1fbf53a266f20d4eb182

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/jpeg
truncated
/
325 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
8e1259c7006dfe0d19f6bcc4fc622c4ce555250e9924fa20cafbe137e64d72eb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
75 KB
75 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
54039c085acfdaf5124e55514d4153752a8526dc55b1d76c3bc731bfa4c3863a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://uitstaand-bedrag.com
Referer

Response headers

Content-Type
font/woff
truncated
/
68 KB
68 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27c094142b294677babfd410f01ab0ef6450c30f0ced804477f1b98adfc3a591

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://uitstaand-bedrag.com
Referer

Response headers

Content-Type
font/woff
truncated
/
82 KB
82 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95b8c28ae6c0c9d5657a44d5a6ca24c04165eef39d6a8e1e93627c8d755ffe3a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://uitstaand-bedrag.com
Referer

Response headers

Content-Type
font/woff
ideal-logo-1024.png
uitstaand-bedrag.com/www.ideal.nl/img/logo/
51 KB
51 KB
Image
General
Full URL
https://uitstaand-bedrag.com/www.ideal.nl/img/logo/ideal-logo-1024.png
Requested by
Host: uitstaand-bedrag.com
URL: https://uitstaand-bedrag.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.143.1.14 Moscow, Russian Federation, ASN198953 (PROTON66, RU),
Reverse DNS
Software
LiteSpeed /
Resource Hash
8c48b81b373e6dac8c9c39072db0ab401be309a8a2a4e2f032cb5d5f2017ae4c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://uitstaand-bedrag.com/

Response headers

cache-control
public, max-age=604800
expires
Tue, 01 Oct 2024 12:30:27 GMT
accept-ranges
bytes
content-length
51733
date
Tue, 24 Sep 2024 12:30:27 GMT
content-type
image/png
last-modified
Thu, 05 Sep 2024 03:02:48 GMT
server
LiteSpeed
truncated
/
673 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c922548cfe09320db090d544611419072db72918c07a3588e8138bd474eb41d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
847 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea24041f1bf773952f69e1e98082de62b89f24ca6b60b147f2f052b21e3b6861

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
686 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f325b8b3a6c772d7ebef4dea572c8da501e9c6ee286df0d96dfa49441258fd2f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85f028fadd26412f3ff050e58fab1c791a172e44f078db492c89bbb950053695

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc4b94fbd1ec10e1ed4e130d8c785c2f0f7a6dacee88c019d3d77782b86d43ba

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
dc9b62c0c22ee9ed9efc6b63664e860df4979d42279d6d76d5720beec4c8b239

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
76cba8c616494b98ce3232bb080e8beef3583aa75368c65b5e121508f92bb6a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml;charset=utf-8
faviconV2
t0.gstatic.com/
Redirect Chain
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
  • https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
399 B
960 B
Other
General
Full URL
https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Protocol
H2
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://uitstaand-bedrag.com/

Response headers

age
286092
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
x-content-type-options
nosniff
content-location
https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires
Sat, 28 Sep 2024 05:02:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 21 Sep 2024 05:02:15 GMT
last-modified
Wed, 19 Jun 2019 07:23:14 GMT
content-type
image/png
cache-control
public, max-age=604800
cross-origin-opener-policy
same-origin; report-to="media-favicon"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
accept-ranges
bytes
content-length
399
x-xss-protection
0
server
sffe

Redirect headers

cache-control
public, max-age=1800
location
https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
age
567
x-content-type-options
nosniff
expires
Tue, 24 Sep 2024 12:51:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
338
x-xss-protection
0
date
Tue, 24 Sep 2024 12:21:00 GMT
content-type
text/html; charset=UTF-8
server
sffe
faviconV2
t0.gstatic.com/
Redirect Chain
  • https://s2.googleusercontent.com/s2/favicons?domain=belastingdienst.nl&sz=32
  • https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
399 B
0
Other
General
Full URL
https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
Protocol
H2
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
64fd48770f59ad0d509ab6664933095321f797323c9965a8ef92cbb060acfa40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://uitstaand-bedrag.com/

Response headers

age
286092
report-to
{"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
x-content-type-options
nosniff
content-location
https://www.belastingdienst.nl/bld-assets/bld/images/favicon.ico
expires
Sat, 28 Sep 2024 05:02:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 21 Sep 2024 05:02:15 GMT
last-modified
Wed, 19 Jun 2019 07:23:14 GMT
content-type
image/png
cache-control
public, max-age=604800
cross-origin-opener-policy
same-origin; report-to="media-favicon"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
accept-ranges
bytes
content-length
399
x-xss-protection
0
server
sffe

Redirect headers

cache-control
public, max-age=1800
location
https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://belastingdienst.nl&size=32
age
567
x-content-type-options
nosniff
expires
Tue, 24 Sep 2024 12:51:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
338
x-xss-protection
0
date
Tue, 24 Sep 2024 12:21:00 GMT
content-type
text/html; charset=UTF-8
server
sffe

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: NL Government (Government)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| savepage_ShadowLoader

0 Cookies