mijnpostnl-account.xyz
Open in
urlscan Pro
162.0.232.252
Malicious Activity!
Public Scan
Submission Tags: @andsyn1 phishing malicious Search All
Submission: On October 16 via api from NL
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on October 16th 2020. Valid for: a year.
This is the only time mijnpostnl-account.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: PostNL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
21 | 162.0.232.252 162.0.232.252 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 99.86.245.96 99.86.245.96 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 2a00:1450:400... 2a00:1450:4001:816::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 52.211.107.158 52.211.107.158 | 16509 (AMAZON-02) (AMAZON-02) | |
2 | 99.86.245.129 99.86.245.129 | 16509 (AMAZON-02) (AMAZON-02) | |
26 | 5 |
ASN22612 (NAMECHEAP-NET, US)
PTR: server290-4.web-hosting.com
mijnpostnl-account.xyz |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-245-96.vie50.r.cloudfront.net
d3u9kj2t4eazrw.cloudfront.net |
ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-107-158.eu-west-1.compute.amazonaws.com
w.usabilla.com |
ASN16509 (AMAZON-02, US)
PTR: server-99-86-245-129.vie50.r.cloudfront.net
d6tizftlrpuof.cloudfront.net |
Apex Domain Subdomains |
Transfer | |
---|---|---|
21 |
mijnpostnl-account.xyz
mijnpostnl-account.xyz |
399 KB |
3 |
cloudfront.net
d3u9kj2t4eazrw.cloudfront.net d6tizftlrpuof.cloudfront.net |
70 KB |
1 |
usabilla.com
w.usabilla.com |
13 KB |
1 |
googleapis.com
ajax.googleapis.com |
34 KB |
26 | 4 |
Domain | Requested by | |
---|---|---|
21 | mijnpostnl-account.xyz |
mijnpostnl-account.xyz
|
2 | d6tizftlrpuof.cloudfront.net |
mijnpostnl-account.xyz
w.usabilla.com |
1 | w.usabilla.com |
mijnpostnl-account.xyz
|
1 | ajax.googleapis.com |
mijnpostnl-account.xyz
|
1 | d3u9kj2t4eazrw.cloudfront.net |
mijnpostnl-account.xyz
|
26 | 5 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.postnl.nl |
jouw.postnl.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
mijnpostnl-account.xyz Sectigo RSA Domain Validation Secure Server CA |
2020-10-16 - 2021-10-16 |
a year | crt.sh |
*.cloudfront.net DigiCert Global CA G2 |
2020-05-26 - 2021-04-21 |
a year | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-09-22 - 2020-12-15 |
3 months | crt.sh |
w.usabilla.com Amazon |
2020-04-10 - 2021-05-10 |
a year | crt.sh |
This page contains 5 frames:
Primary Page:
https://mijnpostnl-account.xyz/Log%20in%20bij%20PostNL.html
Frame ID: 550B03E72C623F421A4140D459F49587
Requests: 19 HTTP requests in this frame
Frame:
https://mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/saved_resource.html
Frame ID: 5DD0CF3260796BCC832A41FFD4441272
Requests: 3 HTTP requests in this frame
Frame:
https://mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/saved_resource(1).html
Frame ID: 82B488837AB16204D30B9712C97A930B
Requests: 2 HTTP requests in this frame
Frame:
https://d6tizftlrpuof.cloudfront.net/themes/production/postnl-verzendservice-button-f7959c9f5c669177877770fc70b8636c.png
Frame ID: 1C7A9EBCD5F87725116486875119134B
Requests: 1 HTTP requests in this frame
Frame:
https://d6tizftlrpuof.cloudfront.net/themes/production/postnl-verzendservice-button-f7959c9f5c669177877770fc70b8636c.png
Frame ID: D0253C815F200D7B662A1759B179E5A7
Requests: 1 HTTP requests in this frame
6 Outgoing links
These are links going to different origins than the main page.
Title:
Search URL Search Domain Scan URL
Title: Wachtwoord vergeten?
Search URL Search Domain Scan URL
Title: create a new account!
Search URL Search Domain Scan URL
Title: Privacy statement
Search URL Search Domain Scan URL
Title: Cookie statement
Search URL Search Domain Scan URL
Title: General Terms and Conditions
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
26 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
Log%20in%20bij%20PostNL.html
mijnpostnl-account.xyz/ |
20 KB 6 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
resetCSS.css
mijnpostnl-account.xyz/Mijn%20PostNL2%20-%20Login_files/ |
0 0 |
Stylesheet
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.css
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
42 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
264fa781.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
1 MB 214 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon.png
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
21 KB 21 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
illustration_login.svg
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo-grey_tcm10.svg
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.min.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.unobtrusive.min.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
6 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bundle.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
29 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e884050ad1fti199e517d383de81ffef6
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
71 KB 71 KB |
Script
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
analytics_global_new_v2.js
d3u9kj2t4eazrw.cloudfront.net/ |
51 KB 51 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.12.2/ |
95 KB 34 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource.html
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ Frame 5DD0 |
882 B 733 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postnlweb-regular-webfont.75c6bb574a9e6e998ed94381a9ce8510.woff2
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postnlweb-medium-webfont.743b342f6716a0240cbf7845dbd83ebf.woff2
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postnlweb-light-webfont.1189657e7ae3a7702d675bfa01a05c0c.woff2
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
15be2732a9f4.js.download
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ Frame 5DD0 |
47 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
e884050ad1fti199e517d383de81ffef6
mijnpostnl-account.xyz/static/ |
315 B 418 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
saved_resource(1).html
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ Frame 82B4 |
1 KB 878 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
15be2732a9f4.js
w.usabilla.com/ Frame 5DD0 |
48 KB 13 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
postnl-verzendservice-button-f7959c9f5c669177877770fc70b8636c.png
mijnpostnl-account.xyz/Log%20in%20bij%20PostNL_files/ Frame 82B4 |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postnl-verzendservice-button-f7959c9f5c669177877770fc70b8636c.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame 1C7A |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
postnl-verzendservice-button-f7959c9f5c669177877770fc70b8636c.png
d6tizftlrpuof.cloudfront.net/themes/production/ Frame D025 |
9 KB 10 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
e884050ad1fti199e517d383de81ffef6
mijnpostnl-account.xyz/static/ |
315 B 418 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: PostNL (Transportation)54 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| 2 object| 3 object| 4 function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| ElyArray object| ely object| Ely object| ElyTools object| ElyClass function| ElyStorage function| ElyBRule function| ElyCore function| SiteCatalystAdapter function| ProfileCloudDCAdapter function| lightningjs function| usabilla_live function| $ function| jQuery function| $sJQ string| s_version string| s_account object| omt_s string| host_name string| siteHostName string| applicationName string| rsID object| regExpression object| regexMatch string| regexPageURL function| s_doPlugins function| s_getLoadTime function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq object| s_c_il number| s_c_in number| s_objectID number| s_giq function| sha256 object| Info function| createTrackingObject function| setTrackingInformation object| _cf object| _ac object| bmak string| _sd_trace function| op object| TriggeredRuleNames2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.mijnpostnl-account.xyz/ | Name: elytis Value: 182712 |
|
.mijnpostnl-account.xyz/ | Name: ely_cc_answ Value: %7B%22privacy-control-usabilla%22%3A0%2C%22privacy-control-analytics%22%3A0%2C%22privacy-control-rtb%22%3A0%7D |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
d3u9kj2t4eazrw.cloudfront.net
d6tizftlrpuof.cloudfront.net
mijnpostnl-account.xyz
w.usabilla.com
162.0.232.252
2a00:1450:4001:816::200a
52.211.107.158
99.86.245.129
99.86.245.96
0497a8d2a9bde7db8c0466fae73e347a3258192811ed1108e3e096d5f34ac0e8
1e3f03434aadecc286a1ce14148616fcc6ea525453c43dcabfb10a3dc3aeb2ac
1e6daf29ff70bac542d27dd9e76b8a1aef12c06e4ee4cc58f083eee3b7f99c21
28839848a34ff2925dfe8c723ac1eb87eeb8c14ae88a93d2536d2151bdcc2532
3e682949c0d0cf70e3ab6b89de5ef7c53cf81a6b013847f11fa606d130d7dbcb
65fafbca04d41042aa987845b775a3b0c17b954461c39a90833a1bd3fdad5473
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
6f2e0c077188961d74b7cbe40d6d9f993baec77e5bb4322e68b083a46d49af6d
8a5da4fab6bb7e0161fd213b955b46b6cbcb2e12ebccdb3b1fed5fe604084d15
8d972d15c0f0a3bb8365230c19bfb535e98086e7801b8822fe3e5b5caf499a09
95914789b5f3307a3718679e867d61b9d4c03f749cd2e2970570331d7d6c8ed9
9afb19236652db969869d392e8b9df9db16f47b6580ef46ef0c67c72ef701a10
a303840c5a1e16a153d9da320dfc40626d4a04c2cd121575651ab56293d2e137
bc1bba78efbdc924f9d206801d1dfb61902bd0bee029755a03134195d6f7e16f
bd014dc5d5f4d435a81a6f7860d3db2b4a09e568b67c7dfd30e9060623fc85fe
c89aebc2a78060be614943849f6c4f31fe9516b1bdbd33816f5e2b60cbd74ae9
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f46c9ca499e58948c90d50ea3f4504bbf6ec9bd53eddd9d0507f3edd6d74be46
f53900cb3306c52c6ae3e7c2883ff601f37ebab711861e47d05d9927d1322efa