post.ywre.net Open in urlscan Pro
20.220.68.29 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/
Submission: On January 23 via manual (January 23rd 2023, 8:41:40 am UTC) from NL — Scanned from CA

Summary HTTP 87 Redirects Links 37 Behaviour Indicators

Summary

This website contacted 12 IPs in 3 countries across 11 domains to perform 87 HTTP transactions. The main IP is 20.220.68.29, located in Québec, Canada and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is post.ywre.net.
TLS certificate: Issued by R3 on January 22nd 2023. Valid for: 3 months.

This is the only time post.ywre.net was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PostNL (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
51	20.220.68.29 20.220.68.29	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 15	2600:1400:d:5... 2600:1400:d:5a3::1040	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	46.235.40.60 46.235.40.60	213192 (NETBASE) (NETBASE)
1	2620:1ec:4f:1... 2620:1ec:4f:1::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2607:f8b0:400... 2607:f8b0:4006:81c::2004	15169 (GOOGLE) (GOOGLE)
6	2607:f8b0:400... 2607:f8b0:4006:816::2003	15169 (GOOGLE) (GOOGLE)
1	2600:1400:d:4... 2600:1400:d:491::1931	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	54.148.115.137 54.148.115.137	16509 (AMAZON-02) (AMAZON-02)
2	34.107.143.101 34.107.143.101	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	34.102.161.46 34.102.161.46	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	23.197.32.238 23.197.32.238	16625 (AKAMAI-AS) (AKAMAI-AS)
87	12

51 20.220.68.29 (Québec, Canada)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

post.ywre.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2600:1400:d:5a3::1040 (New York, United States) 3 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.postnl.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
jouw.postnl.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
shop.postnl.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
login.postnl.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.235.40.60 (Netherlands)

ASN213192 (NETBASE, NL)

x-tremesmile.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:4f:1::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

files.seniorweb.nl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:81c::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2607:f8b0:4006:816::2003 (United States)

ASN15169 (GOOGLE, US)

www.google.co.ma	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1400:d:491::1931 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

s.pinimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.148.115.137 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-148-115-137.us-west-2.compute.amazonaws.com

ssl.kaptcha.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.107.143.101 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 101.143.107.34.bc.googleusercontent.com

dcinfos-cache.abtasty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.161.46 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 46.161.102.34.bc.googleusercontent.com

ariane.abtasty.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.197.32.238 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-32-238.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
51	ywre.net post.ywre.net	578 KB
15	postnl.nl 3 redirects www.postnl.nl — Cisco Umbrella Rank: 118066 jouw.postnl.nl — Cisco Umbrella Rank: 41705 shop.postnl.nl — Cisco Umbrella Rank: 258386 login.postnl.nl — Cisco Umbrella Rank: 146872	319 KB
6	google.co.ma www.google.co.ma — Cisco Umbrella Rank: 39394	1 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
4	kaptcha.com ssl.kaptcha.com — Cisco Umbrella Rank: 8628	1 KB
3	abtasty.com dcinfos-cache.abtasty.com — Cisco Umbrella Rank: 10061 ariane.abtasty.com — Cisco Umbrella Rank: 9322	1 KB
1	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 969	216 B
1	pinimg.com s.pinimg.com — Cisco Umbrella Rank: 715	17 KB
1	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 373	808 B
1	seniorweb.nl files.seniorweb.nl	19 KB
1	x-tremesmile.nl x-tremesmile.nl
87	11

	Domain	Requested by
51	post.ywre.net	post.ywre.net
8	shop.postnl.nl	2 redirects post.ywre.net shop.postnl.nl
6	www.google.co.ma	post.ywre.net
6	www.google.com	post.ywre.net
5	jouw.postnl.nl	post.ywre.net jouw.postnl.nl
4	ssl.kaptcha.com	post.ywre.net
2	dcinfos-cache.abtasty.com	post.ywre.net
1	tags.tiqcdn.com	post.ywre.net
1	ariane.abtasty.com	post.ywre.net
1	login.postnl.nl	1 redirects
1	s.pinimg.com	post.ywre.net
1	px.ads.linkedin.com	post.ywre.net
1	files.seniorweb.nl	post.ywre.net
1	x-tremesmile.nl	post.ywre.net
1	www.postnl.nl	post.ywre.net
87	15

This site contains links to these domains. Also see Links.

Domain
www.postnl.nl
shop.postnl.nl
www.collectwereld.nl
www.nordfrim.com
jouw.postnl.nl
itunes.apple.com
play.google.com

Subject Issuer	Validity	Valid
post.ywre.net R3	`2023-01-22` - `2023-04-22`	3 months	crt.sh
postnl.nl QuoVadis Global SSL ICA G2	`2022-04-05` - `2023-04-05`	a year	crt.sh
*.webreus.nl COMODO RSA Domain Validation Secure Server CA	`2018-09-23` - `2020-12-21`	2 years	crt.sh
files.seniorweb.nl DigiCert TLS RSA SHA256 2020 CA1	`2022-08-16` - `2023-08-16`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2023-01-05` - `2023-07-05`	6 months	crt.sh
www.google.com GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.google.co.ma GTS CA 1C3	`2023-01-02` - `2023-03-27`	3 months	crt.sh
*.pinterest.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-01` - `2023-08-08`	a year	crt.sh
ssl.kaptcha.com Sectigo RSA Organization Validation Secure Server CA	`2022-10-18` - `2023-10-18`	a year	crt.sh
dcinfos-cache.abtasty.com R3	`2022-11-24` - `2023-02-22`	3 months	crt.sh
ariane.abtasty.com R3	`2022-11-11` - `2023-02-09`	3 months	crt.sh
*.tiqcdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-12` - `2024-01-14`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/
Frame ID: ED598A0891F0AF84B471050B574E3398
Requests: 74 HTTP requests in this frame

Frame: https://shop.postnl.nl/dist/client/openid-refresh.html?ec_error=login_required&ec_state=1ji1c62ZVA7EZQY4GqnOcRQCYCWtokeP
Frame ID: 692DA3A6FE30B58D50D63B5F1671DB3F
Requests: 4 HTTP requests in this frame

Frame: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/pixel_004.html
Frame ID: 187A11D7176FAB4846017EA0E2A3355F
Requests: 1 HTTP requests in this frame

Frame: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/pixel_004.html
Frame ID: FF90DFC31302CED2EF3C4F2C9418EAF3
Requests: 1 HTTP requests in this frame

Frame: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/logo.html
Frame ID: 07B8644B638742CE36FE2442D2E05B3A
Requests: 5 HTTP requests in this frame

Frame: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/pixel_004.html
Frame ID: 203036EDD95212A945517E0A5C83D179
Requests: 1 HTTP requests in this frame

Frame: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/pixel_004.html
Frame ID: 48EAE6557FF929709FB822608889E8AE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bestellen

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

87
Requests

99 %
HTTPS

50 %
IPv6

11
Domains

15
Subdomains

12
IPs

3
Countries

931 kB
Transfer

2596 kB
Size

6
Cookies

37 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postnl.nl/en/cookie-statement/
Title: cookie policy

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/privacy-statement/
Title: privacy policy

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/Images/algemene-voorwaarden-webshop_tcm10-88125.pdf
Title: algemene voorwaarden

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/privacy-verklaring/
Title: privacyverklaring

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/post-en-pakketzegels
Title: Post- & pakketzegels

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/kantoorartikelen
Title: Kantoorartikelen

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/cadeaus
Title: Cadeaus

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/collect-club
Title: Collect Club

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/zakelijke-hulpmiddelen
Title: Zakelijke hulpmiddelen

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/klantenservice/vragen/webshop/wanneer-ontvang-ik-mijn-bestelling-van-de-postnl-webshop.html
Title: Bestellen & Leveren

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/klantenservice/vragen/webshop/kan-ik-mijn-bestelling-nog-wijzigen.html
Title: Bestelling wijzigen

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/klantenservice/vragen/webshop/hoe-kan-ik-een-of-meerdere-artikelen-retourneren.html
Title: Retouren

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/klantenservice/vragen/webshop/met-welke-methoden-kan-ik-betalen-in-de-postnl-webshop.html
Title: Betalen

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/klantenservice/vragen/webshop/ik-heb-een-klacht-over-mijn-bestelling-in-de-postnl-webshop.html
Title: Klachten

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/digitale-collect/
Title: Digitale Collect #107

Search URL Search Domain Scan URL

URL: http://www.collectwereld.nl/collect#&pMin=0&pMax=0&sCol=mostsold&pSz=36&pNr=1/
Title: CollectWereld Collect #103

Search URL Search Domain Scan URL

URL: https://www.nordfrim.com/netherland_new_stamp_issues#&pMin=0&pMax=0&sCol=news&pSz=36&pNr=1
Title: Dutch new issues

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/versturen/postzegels/postzegels-verzamelen/collect-nieuwsbrief/
Title: Aanmelden nieuwsbrief

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/Images/actievoorwaarden-collectclub-premiums-20210325_tcm10-179736.pdf
Title: Actievoorwaarden

Search URL Search Domain Scan URL

URL: https://jouw.postnl.nl/#!/persoonlijke-postzegel
Title: Eigen postzegel maken

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/post-en-pakketzegels/rol-postzegels
Title: Postzegelrollen

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/cadeaus/vvv-bonnen
Title: VVV Cadeaukaarten

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/webshop/kantoorartikelen/verzenddozen
Title: Verzenddozen

Search URL Search Domain Scan URL

URL: https://jouw.postnl.nl/#!/track-en-trace/zoeken
Title: Track & trace

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/find-a-postcode/
Title: Find a postcode

Search URL Search Domain Scan URL

URL: https://jouw.postnl.nl/#!/overzicht
Title: Send

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/en/location-finder
Title: PostNL locations

Search URL Search Domain Scan URL

URL: https://itunes.apple.com/nl/app/postnl/id513218878?mt=8
Title: iOS

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=nl.tpp.mobile.android
Title: Android

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/customer-service/
Title: Customer service

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/terms-and-conditions/
Title: Terms and conditions

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/about-postnl/
Title: About PostNL

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/about-postnl/investors/
Title: Investors

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/about-postnl/press-news/
Title: Press and news

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/over-postnl/werkenbij/
Title: Careers

Search URL Search Domain Scan URL

URL: https://shop.postnl.nl/en/
Title: © Koninklijke PostNL

Search URL Search Domain Scan URL

URL: https://www.postnl.nl/en/terms-of-use/
Title: Terms of Use

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82

https://shop.postnl.nl/external_customer/login/start/type/consumer/?return_url=https%3A%2F%2Fshop.postnl.nl%2Fdist%2Fclient%2Fopenid-refresh.html&state=1ji1c62ZVA7EZQY4GqnOcRQCYCWtokeP&code_challenge=DxNa4fOlsdJwVN49YIrSmN9cXOyp0ZxCd7PkGEINWNg&prompt=none HTTP 302
https://login.postnl.nl/101112a0-4a0f-4bbb-8176-2f1b2d370d7c/login/authorize?state=MjAyMzAxMjMwODQxMzbxe2QivjyoeVWau5qleLg&prompt=none&code_challenge=YEW3bvry9Hy1vQIkFZGpeCbbQjwPwpe7rl2p4tgrWZQ&code_challenge_method=S256&scope=openid%20email%20profile%20poa-profiles-api&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fshop.postnl.nl%2Fexternal_customer%2Foauth2%2Fcallback%2Ftype%2Fconsumer%2F&client_id=2f1cbfe4-428a-4def-8914-42b9a6f7fe7a HTTP 302
https://shop.postnl.nl/external_customer/oauth2/callback/type/consumer/?error=login_required&error_description=No+authenticated+session+found.&state=MjAyMzAxMjMwODQxMzbxe2QivjyoeVWau5qleLg HTTP 302
https://shop.postnl.nl/dist/client/openid-refresh.html?ec_error=login_required&ec_state=1ji1c62ZVA7EZQY4GqnOcRQCYCWtokeP

87 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/ 34 KB
8 KB 162ms
54ms Document
text/html 20.220.68.29
MICROSOFT-CORP-MS...

General

Domain/Path	Expires	Name / Value
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 17:53:19	Name: bcookie Value: "v=2&bb8bb6bf-7873-4ee6-8a7d-7512ed7eec6c"
.linkedin.com/	1970-01-20 09:09:09	Name: lidc Value: "b=TGST02:s=T:r=T:a=T:p=T:g=2936:u=1:x=1:i=1674463295:t=1674549695:v=2:sig=AQFNkpgaApsyNWodjkSsthiCq8xzGi_T"
.ywre.net/	1970-01-20 17:53:19	Name: utag_main Value: v_id:0185ddca392e001a8f799607698603073005706b00b08$_sn:1$_se:1$_ss:1$_st:1674465095791$ses_id:1674463295791%3Bexp-session$_pn:1%3Bexp-session
.ywre.net/	1970-01-20 18:26:26	Name: ABTasty Value: uid=y6zx4gfz9hefjens&fst=1674463295941&pst=-1&cst=1674463295941&ns=1&pvt=1&pvis=1&th=
.ywre.net/	1970-01-20 09:07:45	Name: ABTastySession Value: mrasn=&sen=0&lp=https%253A%252F%252Fpost.ywre.net%252F2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824%252F

Source	Level	URL Text
network	error	URL: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/19001382.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://post.ywre.net/2d6f45c4f20e09004631ca084d0798242d6f45c4f20e09004631ca084d079824/Order_files/0.txt Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://post.ywre.net/dist/client/assets/select-dropdown-arrow.d62299ee.png Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://x-tremesmile.nl/image/cache/catalog/postNL-animation-def-700x350.gif Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://shop.postnl.nl/dist/client/app.8a70964fbe9669a222cd.js(Line 1) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://shop.postnl.nl') does not match the recipient window's origin ('https://post.ywre.net').

post.ywre.net Open in urlscan Pro 20.220.68.29 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

87 Requests

99 %HTTPS

50 %IPv6

11 Domains

15 Subdomains

12 IPs

3 Countries

931 kBTransfer

2596 kBSize

6 Cookies

37 Outgoing links

Redirected requests

87 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

post.ywre.net Open in urlscan Pro
20.220.68.29 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

87
Requests

99 %
HTTPS

50 %
IPv6

11
Domains

15
Subdomains

12
IPs

3
Countries

931 kB
Transfer

2596 kB
Size

6
Cookies

87 HTTP transactions
0 data transactions