bpost-verzendkosten.su
Open in
urlscan Pro
165.231.143.114
Malicious Activity!
Public Scan
Effective URL: https://bpost-verzendkosten.su/pakket/bezorging.php
Submission: On November 06 via manual from NL
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on October 29th 2020. Valid for: 3 months.
This is the only time bpost-verzendkosten.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Belgian Post Group (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 45.126.59.196 45.126.59.196 | 132647 (IDNIC-PAN...) (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia) | |
4 | 165.231.143.114 165.231.143.114 | 37518 (FIBERGRID) (FIBERGRID) | |
4 | 2a00:1450:400... 2a00:1450:4001:825::200a | 15169 (GOOGLE) (GOOGLE) | |
10 | 4 |
ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID)
s.id |
Apex Domain Subdomains |
Transfer | |
---|---|---|
4 |
googleapis.com
maps.googleapis.com |
122 KB |
4 |
bpost-verzendkosten.su
bpost-verzendkosten.su |
596 KB |
1 |
s.id
s.id analytics.s.id Failed |
2 KB |
10 | 3 |
Domain | Requested by | |
---|---|---|
4 | maps.googleapis.com |
bpost-verzendkosten.su
maps.googleapis.com |
4 | bpost-verzendkosten.su |
s.id
bpost-verzendkosten.su |
1 | s.id | |
0 | analytics.s.id Failed |
s.id
|
10 | 4 |
This site contains links to these domains. Also see Links.
Domain |
---|
onlinebetaalplatform.nl |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.s.id Let's Encrypt Authority X3 |
2020-09-08 - 2020-12-07 |
3 months | crt.sh |
bpost-sorteercentrum.su Let's Encrypt Authority X3 |
2020-10-29 - 2021-01-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1O1 |
2020-10-20 - 2021-01-12 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://bpost-verzendkosten.su/pakket/bezorging.php
Frame ID: 90DD1288C88617442D14256A56A9299C
Requests: 11 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
- https://s.id/tEoOU Page URL
- https://bpost-verzendkosten.su/pakket/bezorging.php Page URL
Detected technologies
Google Maps (Maps) ExpandDetected patterns
- script /\/\/maps\.googleapis\.com\/maps\/api\/js/i
Ubuntu (Operating Systems) Expand
Detected patterns
- headers server /Ubuntu/i
Nginx (Web Servers) Expand
Detected patterns
- headers server /nginx(?:\/([\d.]+))?/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Algemene voorwaarden
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://s.id/tEoOU Page URL
- https://bpost-verzendkosten.su/pakket/bezorging.php Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
10 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Cookie set
tEoOU
s.id/ |
2 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
piwik.js
analytics.s.id/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
bezorging.php
bpost-verzendkosten.su/pakket/ |
289 KB 289 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
OBP_logo_final_yellow_RGB.png
bpost-verzendkosten.su/pakket/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
maps.googleapis.com/maps/api/ |
120 KB 40 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
60 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bezorging.php
bpost-verzendkosten.su/pakket/ |
289 KB 289 KB |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bezorging.php
bpost-verzendkosten.su/pakket/ |
16 KB 16 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
common.js
maps.googleapis.com/maps-api-v3/api/js/41/8/ |
78 KB 29 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
util.js
maps.googleapis.com/maps-api-v3/api/js/41/8/ |
144 KB 54 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3-Q050 |
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/ |
252 B 390 B |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- analytics.s.id
- URL
- https://analytics.s.id/piwik.js
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Belgian Post Group (Transportation)18 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| _ShadowLoader boolean| radioselected boolean| tcsaccepted object| selectedbank function| closeselect function| redirect function| openselect function| radiochange function| changevalues function| gm_authFailure object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _xdc_0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
analytics.s.id
bpost-verzendkosten.su
maps.googleapis.com
s.id
analytics.s.id
165.231.143.114
2a00:1450:4001:825::200a
45.126.59.196
0abb5ffd9e626e05c5d431c42ba981fbc03c6fe68c63c0da0f694bc897452832
23593691a6ed5c680fbcb235f38267f0a5c5f5c1c39079022079b8b00ada7fdb
3c8ac50b2664d8230f0003d402bc6c06f1eb0f57dfb5340710ba8acdba8484aa
3d61f511a1bdc441e3b0e1ce33ead66e051aa0f6e39f6c2e428468a1de6d5496
4a5fb2b519a589c14f8aa1e2ec4e7a1745d2aa9cda059c833c2619de1eb88b00
4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308
7404a57b023e458614b9e40d8c0f89d55e2ce7dd729ba7824068e5722a31f372
aee55f1d6a13bb89ad87b393b9a3b335ef580e75d08b50e9efb21699da4fe857
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855