bpost-bezorgmoment.com Open in urlscan Pro
195.189.96.45  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://bitstress.net/ Page URL
2. https://bpost-bezorgmoment.com/pakket/bezorg.php Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	/ Show response bitstress.net/	97 B 366 B	204ms 85ms	Document text/html	185.178.208.156 DDOS-GUARD
General Check archive.org Show headers Download Go to Full URL https://bitstress.net/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 185.178.208.156 , Russian Federation, ASN57724 (DDOS-GUARD, RU), Reverse DNS ddos-guard.net Software ddos-guard / Resource Hash d8db559351b459ebb9b01a60ed3167c2ca4bbc353621ce546bbcbf774f45e527 Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; Request headers :method GET :authority bitstress.net :scheme https :path / pragma no-cache cache-control no-cache upgrade-insecure-requests 1 user-agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 sec-fetch-site none sec-fetch-mode navigate sec-fetch-user ?1 sec-fetch-dest document accept-encoding gzip, deflate, br accept-language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers server ddos-guard content-security-policy upgrade-insecure-requests; set-cookie __ddg1=AmbmiGvsledde8XtY3Ju; Domain=.bitstress.net; HttpOnly; Path=/; Expires=Fri, 21-Jan-2022 08:45:38 GMT date Thu, 21 Jan 2021 08:45:38 GMT last-modified Wed, 20 Jan 2021 17:07:23 GMT etag "61-5b957fd1a385c-gzip" accept-ranges bytes vary Accept-Encoding content-encoding gzip content-length 106 content-type text/html
GET H/1.1	200 OK	Primary Request bezorg.php Show response bpost-bezorgmoment.com/pakket/	289 KB 92 KB	146ms 46ms	Document text/html	195.189.96.45 CHERRYSERVERS2-AS
General Check archive.org Show headers Download Go to Full URL https://bpost-bezorgmoment.com/pakket/bezorg.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.189.96.45 , Lithuania, ASN59642 (CHERRYSERVERS2-AS, LT), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash 7a97ccb7a47938865aa7bc87fa6b5d715923cf98664ea3e99a21fdc762431000 Request headers Host bpost-bezorgmoment.com Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://bitstress.net/ Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://bitstress.net/ Response headers Date Thu, 21 Jan 2021 08:45:38 GMT Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding Content-Encoding gzip Keep-Alive timeout=5, max=100 Connection Keep-Alive Transfer-Encoding chunked Content-Type text/html; charset=UTF-8
GET H/1.1	404 Not Found	OBP_logo_final_yellow_RGB.png bpost-bezorgmoment.com/pakket/	285 B 285 B	60ms 49ms	Image text/html	195.189.96.45 CHERRYSERVERS2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bpost-bezorgmoment.com/pakket/OBP_logo_final_yellow_RGB.png Requested by Host: bpost-bezorgmoment.com URL: https://bpost-bezorgmoment.com/pakket/bezorg.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.189.96.45 , Lithuania, ASN59642 (CHERRYSERVERS2-AS, LT), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash dfe69d8177dd417dbdf25ddafc0f086be5fb141a48faca7fcf29d2a077f844c3 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 21 Jan 2021 08:45:38 GMT Server Apache/2.4.18 (Ubuntu) Connection Keep-Alive Keep-Alive timeout=5, max=99 Content-Length 285 Content-Type text/html; charset=iso-8859-1
GET H2	200	js Show response maps.googleapis.com/maps/api/	119 KB 39 KB	60ms 39ms	Script text/javascript	2a00:1450:4001:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Requested by Host: bpost-bezorgmoment.com URL: https://bpost-bezorgmoment.com/pakket/bezorg.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash c85e74b406a8b2c7088b01460a6b6ab62e74717388bd3d008cb147671f458a87 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 21 Jan 2021 08:45:38 GMT content-encoding gzip vary Accept-Language server mafe x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control public, max-age=1800 server-timing gfet4t7; dur=17 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 39839 x-xss-protection 0 expires Thu, 21 Jan 2021 09:15:38 GMT
GET DATA	200 OK	truncated /	60 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	bezorg.php bpost-bezorgmoment.com/pakket/	289 KB 92 KB	74ms 45ms	Font text/html	195.189.96.45 CHERRYSERVERS2-AS
General Check archive.org Show headers Download Go to Full URL https://bpost-bezorgmoment.com/pakket/bezorg.php Requested by Host: bpost-bezorgmoment.com URL: https://bpost-bezorgmoment.com/pakket/bezorg.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.189.96.45 , Lithuania, ASN59642 (CHERRYSERVERS2-AS, LT), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash 236210a1c26546ae00329f248def51b7df825f0b8e755c9d64d531d85522ef93 Request headers Origin https://bpost-bezorgmoment.com Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 21 Jan 2021 08:45:38 GMT Content-Encoding gzip Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection Keep-Alive Keep-Alive timeout=5, max=98
GET H/1.1	200 OK	bezorg.php bpost-bezorgmoment.com/pakket/	15 KB 15 KB	126ms 54ms	Image text/html	195.189.96.45 CHERRYSERVERS2-AS
General Check archive.org Show headers Download Go to Show image Full URL https://bpost-bezorgmoment.com/pakket/bezorg.php Requested by Host: bpost-bezorgmoment.com URL: https://bpost-bezorgmoment.com/pakket/bezorg.php Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 195.189.96.45 , Lithuania, ASN59642 (CHERRYSERVERS2-AS, LT), Reverse DNS Software Apache/2.4.18 (Ubuntu) / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Thu, 21 Jan 2021 08:45:38 GMT Content-Encoding gzip Server Apache/2.4.18 (Ubuntu) Vary Accept-Encoding Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection Keep-Alive Keep-Alive timeout=5, max=100
GET H3-Q050	200	common.js Show response maps.googleapis.com/maps-api-v3/api/js/42/9/	75 KB 28 KB	34ms 20ms	Script text/javascript	2a00:1450:4001:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/42/9/common.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash bbe862fecc8d22f26c0071a1283d1ee6302d0ee20663afe46caabbe16d11d59e Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 19 Jan 2021 12:38:20 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 14 Oct 2020 04:29:25 GMT server sffe age 158843 vary Accept-Encoding, Origin content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 28123 x-xss-protection 0 expires Wed, 19 Jan 2022 12:38:20 GMT
GET H3-Q050	200	util.js Show response maps.googleapis.com/maps-api-v3/api/js/42/9/	147 KB 54 KB	36ms 22ms	Script text/javascript	2a00:1450:4001:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/42/9/util.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a6f4d404865d30f5860c0ff6e39f0afb1f2a6465fb01b95cf34aaf225d768e61 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Thu, 14 Jan 2021 16:17:01 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 14 Oct 2020 04:29:25 GMT server sffe age 577722 vary Accept-Encoding, Origin content-type text/javascript cache-control public, max-age=31536000 cross-origin-resource-policy cross-origin accept-ranges bytes alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 55295 x-xss-protection 0 expires Fri, 14 Jan 2022 16:17:01 GMT
GET H3-Q050	200	AuthenticationService.Authenticate Show response maps.googleapis.com/maps/api/js/	252 B 386 B	23ms 22ms	Script text/javascript	2a00:1450:4001:815::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fbpost-bezorgmoment.com%2Fpakket%2Fbezorg.php&2sgme-marktplaats&3smp-messaging&callback=_xdc_._5fied3&client=gme-marktplaats&channel=mp-messaging&token=126625 Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps-api-v3/api/js/42/9/common.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash 42ebb131d27294c362e0444a038287899c5187e7cc947d8e55c11f57e8ad5337 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bpost-bezorgmoment.com/pakket/bezorg.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Thu, 21 Jan 2021 08:45:43 GMT content-encoding gzip server mafe x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 cache-control no-cache, must-revalidate content-disposition attachment server-timing gfet4t7; dur=8 alt-svc h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 202 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Belgian Post Group (Transportation)

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| _ShadowLoader boolean| radioselected boolean| tcsaccepted object| selectedbank function| closeselect function| redirect function| openselect function| radiochange function| changevalues function| gm_authFailure object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _xdc_

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging(Line 70) Message: Google Maps JavaScript API error: UnauthorizedURLForClientIdMapError https://developers.google.com/maps/documentation/javascript/error-messages#unauthorized-url-for-client-id-map-error Your site URL to be authorized: https://bpost-bezorgmoment.com/pakket/bezorg.php

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bitstress.net
bpost-bezorgmoment.com
maps.googleapis.com
185.178.208.156
195.189.96.45
2a00:1450:4001:815::200a
236210a1c26546ae00329f248def51b7df825f0b8e755c9d64d531d85522ef93
42ebb131d27294c362e0444a038287899c5187e7cc947d8e55c11f57e8ad5337
4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308
7a97ccb7a47938865aa7bc87fa6b5d715923cf98664ea3e99a21fdc762431000
a6f4d404865d30f5860c0ff6e39f0afb1f2a6465fb01b95cf34aaf225d768e61
bbe862fecc8d22f26c0071a1283d1ee6302d0ee20663afe46caabbe16d11d59e
c85e74b406a8b2c7088b01460a6b6ab62e74717388bd3d008cb147671f458a87
d8db559351b459ebb9b01a60ed3167c2ca4bbc353621ce546bbcbf774f45e527
dfe69d8177dd417dbdf25ddafc0f086be5fb141a48faca7fcf29d2a077f844c3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855