bpost-bezorgmoment.com
Open in
urlscan Pro
195.189.96.45
Malicious Activity!
Public Scan
Effective URL: https://bpost-bezorgmoment.com/pakket/bezorg.php
Submission: On January 21 via manual from JP
Summary
TLS certificate: Issued by R3 on January 20th 2021. Valid for: 3 months.
This is the only time bpost-bezorgmoment.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Belgian Post Group (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 185.178.208.156 185.178.208.156 | 57724 (DDOS-GUARD) (DDOS-GUARD) | |
4 | 195.189.96.45 195.189.96.45 | 59642 (CHERRYSER...) (CHERRYSERVERS2-AS) | |
4 | 2a00:1450:400... 2a00:1450:4001:815::200a | 15169 (GOOGLE) (GOOGLE) | |
9 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
googleapis.com
maps.googleapis.com |
122 KB |
4 |
bpost-bezorgmoment.com
bpost-bezorgmoment.com |
199 KB |
1 |
bitstress.net
bitstress.net |
366 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
4 | maps.googleapis.com |
bpost-bezorgmoment.com
maps.googleapis.com |
4 | bpost-bezorgmoment.com |
bpost-bezorgmoment.com
|
1 | bitstress.net | |
9 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
onlinebetaalplatform.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
bitstress.net Let's Encrypt Authority X3 |
2020-11-02 - 2021-01-31 |
3 months | crt.sh |
bpost-bezorgmoment.com R3 |
2021-01-20 - 2021-04-20 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-12-15 - 2021-03-09 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bpost-bezorgmoment.com/pakket/bezorg.php
Frame ID: 9EEB6C7DAE41B32DCAA681E4E237655E
Requests: 10 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://bitstress.net/ Page URL
- https://bpost-bezorgmoment.com/pakket/bezorg.php Page URL
Detected technologies
Google Maps (Maps) ExpandDetected patterns
- script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Algemene voorwaarden
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://bitstress.net/ Page URL
- https://bpost-bezorgmoment.com/pakket/bezorg.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
/
bitstress.net/ |
97 B 366 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
bezorg.php
bpost-bezorgmoment.com/pakket/ |
289 KB 92 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OBP_logo_final_yellow_RGB.png
bpost-bezorgmoment.com/pakket/ |
285 B 285 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
119 KB 39 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
60 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bezorg.php
bpost-bezorgmoment.com/pakket/ |
289 KB 92 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bezorg.php
bpost-bezorgmoment.com/pakket/ |
15 KB 15 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
common.js
maps.googleapis.com/maps-api-v3/api/js/42/9/ |
75 KB 28 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
util.js
maps.googleapis.com/maps-api-v3/api/js/42/9/ |
147 KB 54 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ |
252 B 386 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Belgian Post Group (Transportation)23 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| _ShadowLoader boolean| radioselected boolean| tcsaccepted object| selectedbank function| closeselect function| redirect function| openselect function| radiochange function| changevalues function| gm_authFailure object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _xdc_0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | upgrade-insecure-requests; |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
bitstress.net
bpost-bezorgmoment.com
maps.googleapis.com
185.178.208.156
195.189.96.45
2a00:1450:4001:815::200a
236210a1c26546ae00329f248def51b7df825f0b8e755c9d64d531d85522ef93
42ebb131d27294c362e0444a038287899c5187e7cc947d8e55c11f57e8ad5337
4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308
7a97ccb7a47938865aa7bc87fa6b5d715923cf98664ea3e99a21fdc762431000
a6f4d404865d30f5860c0ff6e39f0afb1f2a6465fb01b95cf34aaf225d768e61
bbe862fecc8d22f26c0071a1283d1ee6302d0ee20663afe46caabbe16d11d59e
c85e74b406a8b2c7088b01460a6b6ab62e74717388bd3d008cb147671f458a87
d8db559351b459ebb9b01a60ed3167c2ca4bbc353621ce546bbcbf774f45e527
dfe69d8177dd417dbdf25ddafc0f086be5fb141a48faca7fcf29d2a077f844c3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855