bpostbe.postblm.com - urlscan.io

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 1 HTTP transactions. The main IP is 209.74.74.12, located in Minneapolis, United States and belongs to NAMECHEAP-NET, US. The main domain is bpostbe.postblm.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on January 5th 2025. Valid for: a year.

This is the only time bpostbe.postblm.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: PayPal (Financial)

Domain & IP information

	IP Address	AS Autonomous System
1 1	34.102.239.211 34.102.239.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	198.54.115.142 198.54.115.142	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1 2	209.74.74.12 209.74.74.12	22612 (NAMECHEAP...) (NAMECHEAP-NET)
1	2

1 34.102.239.211 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 211.239.102.34.bc.googleusercontent.com

email.yardsalesearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.54.115.142 (United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server200-3.web-hosting.com

bpst-centrumbe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.74.74.12 (Minneapolis, United States) 1 redirects

ASN22612 (NAMECHEAP-NET, US)
PTR: server801-4.web-hosting.com

bpostbe.postblm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
2	postblm.com 1 redirects bpostbe.postblm.com	115 KB
1	bpst-centrumbe.com 1 redirects bpst-centrumbe.com	947 B
1	yardsalesearch.com 1 redirects email.yardsalesearch.com	566 B
1	3

	Domain	Requested by
2	bpostbe.postblm.com	1 redirects
1	bpst-centrumbe.com	1 redirects
1	email.yardsalesearch.com	1 redirects
1	3

This site contains links to these domains. Also see Links.

Domain
www.bancontact.com
www.multisafepay.com

Subject Issuer	Validity	Valid
bpostbe.postblm.com Sectigo RSA Domain Validation Secure Server CA	`2025-01-05` - `2026-01-05`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://bpostbe.postblm.com/bevestigen/
Frame ID: FB3141ACA3C69C4D5876A3F02FE2DEA6
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Betalen met Bancontact, maakt betalen makkelijk

Page URL History Show full URLs

https://email.yardsalesearch.com/c/eJwczLFuxCAMANCvCVsR2GCSgaHL_YcNPiVSjouARurfV7396dWMQiJGs09IDlLcyOxZkJXo6c... HTTP 302
https://bpst-centrumbe.com/ HTTP 301
https://bpostbe.postblm.com/bevestigen HTTP 301
https://bpostbe.postblm.com/bevestigen/ Page URL

Page Statistics

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

114 kB
Transfer

286 kB
Size

0
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bancontact.com/nl/wat-doet-bancontact
Title: Wat doet Bancontact?

Search URL Search Domain Scan URL

URL: https://www.bancontact.com/nl/veelgestelde-vragen
Title: Veelgestelde vragen

Search URL Search Domain Scan URL

URL: https://www.bancontact.com/nl/online-betalen
Title: Online betalen

Search URL Search Domain Scan URL

URL: http://www.multisafepay.com/
Title: www.multisafepay.com

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://email.yardsalesearch.com/c/eJwczLFuxCAMANCvCVsR2GCSgaHL_YcNPiVSjouARurfV7396dWMQiJGs09IDlLcyOxZkJXo6crGaQvJE9KqpUStEWmtzhwZHETnXQAf0ZMN6angBFcJVMn7Jbhf7nXwqUO5l92W98uceZ_zGgt-L_BY4CHXmF9F2-w_L9EP6fl9HvfB9uZmqzYrnVvV9j9OPbXptKLmzvAXAAD__4-hORs HTTP 302
https://bpst-centrumbe.com/ HTTP 301
https://bpostbe.postblm.com/bevestigen HTTP 301
https://bpostbe.postblm.com/bevestigen/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

1 HTTP transactions
6 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response bpostbe.postblm.com/bevestigen/ Redirect Chain https://email.yardsalesearch.com/c/eJwczLFuxCAMANCvCVsR2GCSgaHL_YcNPiVSjouARurfV7396dWMQiJGs09IDlLcyOxZkJXo6crGaQvJE9KqpUStEWmtzhwZHETnXQAf0ZMN6angBFcJVMn7Jbhf7nXwqUO5l92W98uceZ_zGgt-L_BY4CHXmF9F2-... https://bpst-centrumbe.com/ https://bpostbe.postblm.com/bevestigen https://bpostbe.postblm.com/bevestigen/	211 KB 114 KB	79ms 79ms	Document text/html	209.74.74.12 NAMECHEAP-NET
General Check archive.org Show headers Download Go to Full URL https://bpostbe.postblm.com/bevestigen/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 209.74.74.12 Minneapolis, United States, ASN22612 (NAMECHEAP-NET, US), Reverse DNS server801-4.web-hosting.com Software LiteSpeed / PHP/8.1.31 Resource Hash `1d23ced4f8025b4a3ce832db19538d0f1aa1e09c2bf0846fa187f9c9bc4fc945` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers content-encoding br content-type text/html; charset=UTF-8 date Sun, 05 Jan 2025 09:50:59 GMT server LiteSpeed vary Accept-Encoding x-powered-by PHP/8.1.31 x-turbo-charged-by LiteSpeed Redirect headers content-length 795 content-type text/html date Sun, 05 Jan 2025 09:50:59 GMT location https://bpostbe.postblm.com/bevestigen/ server LiteSpeed x-turbo-charged-by LiteSpeed
GET DATA	200 OK	truncated /	60 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `550f730c219c972437a9d8d93c9a5208d1be0975bad2a1927cff3ab417deaf61` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	11 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `53b1c513cc6d18b99e89a2b2ee41a723a5cea0bc1b3680840a11da010d33556c` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	3 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `9dfe069208bd9cccc0dc3881c8f647bdb5e8aaba87ea85262c011cc2407dde35` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	173 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `c0d73ee666c0e306d48866edb9751ee5267c80d4ab92854bd99001fb38c1cee0` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	231 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `380a7c67491f1505097d5acb3326a5b6a633f32a6cbe15d45bd1bfb907126df5` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png
GET DATA	200 OK	truncated /	242 B 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `b1ea71dc52673d71125646c6c17896976a17ea0ad9ec2fc28e06869df1717995` Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers Content-Type image/png

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: PayPal (Financial)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| addHyphen

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bpostbe.postblm.com
bpst-centrumbe.com
email.yardsalesearch.com
198.54.115.142
209.74.74.12
34.102.239.211
1d23ced4f8025b4a3ce832db19538d0f1aa1e09c2bf0846fa187f9c9bc4fc945
380a7c67491f1505097d5acb3326a5b6a633f32a6cbe15d45bd1bfb907126df5
53b1c513cc6d18b99e89a2b2ee41a723a5cea0bc1b3680840a11da010d33556c
550f730c219c972437a9d8d93c9a5208d1be0975bad2a1927cff3ab417deaf61
9dfe069208bd9cccc0dc3881c8f647bdb5e8aaba87ea85262c011cc2407dde35
b1ea71dc52673d71125646c6c17896976a17ea0ad9ec2fc28e06869df1717995
c0d73ee666c0e306d48866edb9751ee5267c80d4ab92854bd99001fb38c1cee0

bpostbe.postblm.com Open in urlscan Pro 209.74.74.12 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

1 Requests

100 %HTTPS

0 %IPv6

3 Domains

3 Subdomains

2 IPs

1 Countries

114 kBTransfer

286 kBSize

0 Cookies

4 Outgoing links

Page URL History

Redirected requests

1 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

0 Cookies

Indicators

bpostbe.postblm.com Open in urlscan Pro
209.74.74.12 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

1
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

114 kB
Transfer

286 kB
Size

0
Cookies

1 HTTP transactions
6 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!