bpost-verzendkosten.su Open in urlscan Pro
165.231.143.114  Malicious Activity! Public Scan

1 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://s.id/tEoOU Page URL
2. https://bpost-verzendkosten.su/pakket/bezorging.php Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Cookie set tEoOU Show response s.id/	2 KB 2 KB	6643ms 6174ms	Document text/html	45.126.59.196 IDNIC-PANDI-AS-ID...
General Check archive.org Show headers Download Go to Full URL https://s.id/tEoOU Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 45.126.59.196 , Indonesia, ASN132647 (IDNIC-PANDI-AS-ID Pengelola Nama Domain Internet Indonesia, ID), Reverse DNS Software nginx/1.10.3 (Ubuntu) / Resource Hash 4a5fb2b519a589c14f8aa1e2ec4e7a1745d2aa9cda059c833c2619de1eb88b00 Request headers Host s.id Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site none Sec-Fetch-Mode navigate Sec-Fetch-User ?1 Sec-Fetch-Dest document Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Server nginx/1.10.3 (Ubuntu) Date Fri, 06 Nov 2020 20:06:17 GMT Content-Type text/html; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive Vary Accept-Encoding Cache-Control private, must-revalidate pragma no-cache expires -1 Set-Cookie XSRF-TOKEN=eyJpdiI6IkkwRThXZ2h1WkN1TDFBT25zeHNCQ2c9PSIsInZhbHVlIjoiRHoyS1lwV1NMQjFOR0xpbFhqdFhSZVZJY3o0VW52cmRsRGlvRGpVQllLUXlPN1RRNEFSRDFwdHJ1K3IwM2YzRmhVVGJnWFRGXC92WXFFdWNkTzFkdXp3PT0iLCJtYWMiOiI0ZTU5YzE2N2MwYjMxY2MzMzUxNDdjNzg4ODMwZTE4Zjk1NTU5ZDY5ZDg5Y2NkYzQ5ZmQ2OGYwYzVmOWZhOTE3In0%3D; expires=Fri, 06-Nov-2020 22:06:17 GMT; Max-Age=7200; path=/ major_tom=eyJpdiI6InVGWGM0VUI3ODFyUUFIOUpickh3M2c9PSIsInZhbHVlIjoiaE1MbEphQWNZbjNjdHNCcWpVK3NsOXpINHNrRDJaUWpGSXp4aXNHT2JEVklXVWp4amwyWHpyck1DcnFqY2s1eW5kNmtjS2NIbUhWZWxWK3BGOTdmT0E9PSIsIm1hYyI6IjdmMTFjNGU3MGMxM2U4NmI0MDNmNTUxZmU1ZWIwMzkwNWY0YjNkZTM0ZTQxNDk2NTgxY2EyODQyODFiYTdjYTgifQ%3D%3D; expires=Fri, 06-Nov-2020 22:06:17 GMT; Max-Age=7200; path=/; httponly Content-Encoding gzip
GET		piwik.js analytics.s.id/	0 0
GET H/1.1	200 OK	Primary Request bezorging.php Show response bpost-verzendkosten.su/pakket/	289 KB 289 KB	1127ms 798ms	Document text/html	165.231.143.114 FIBERGRID
General Check archive.org Show headers Download Go to Full URL https://bpost-verzendkosten.su/pakket/bezorging.php Requested by Host: s.id URL: https://s.id/tEoOU Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 165.231.143.114 Bandhagen, Sweden, ASN37518 (FIBERGRID, SC), Reverse DNS Software Microsoft-IIS/8.5 / PHP/7.2.26 Resource Hash 0abb5ffd9e626e05c5d431c42ba981fbc03c6fe68c63c0da0f694bc897452832 Request headers Host bpost-verzendkosten.su Connection keep-alive Pragma no-cache Cache-Control no-cache Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Accept text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site cross-site Sec-Fetch-Mode navigate Sec-Fetch-Dest document Referer https://s.id/tEoOU Accept-Encoding gzip, deflate, br Accept-Language en-US Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Referer https://s.id/tEoOU Response headers Cache-Control no-store, no-cache, must-revalidate, max-age=0, s-maxage=0,post-check=0, pre-check=0 Pragma no-cache Content-Type text/html; charset=UTF-8 Server Microsoft-IIS/8.5 X-Powered-By PHP/7.2.26 Date Sat, 07 Nov 2020 03:06:18 GMT Content-Length 296025
GET H/1.1	404 Not Found	OBP_logo_final_yellow_RGB.png bpost-verzendkosten.su/pakket/	1 KB 1 KB	285ms 168ms	Image text/html	165.231.143.114 FIBERGRID
General Check archive.org Show headers Download Go to Show image Full URL https://bpost-verzendkosten.su/pakket/OBP_logo_final_yellow_RGB.png Requested by Host: bpost-verzendkosten.su URL: https://bpost-verzendkosten.su/pakket/bezorging.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 165.231.143.114 Bandhagen, Sweden, ASN37518 (FIBERGRID, SC), Reverse DNS Software Microsoft-IIS/8.5 / Resource Hash dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Date Sat, 07 Nov 2020 03:06:18 GMT Server Microsoft-IIS/8.5 Content-Length 1245 Content-Type text/html
GET H2	200	js Show response maps.googleapis.com/maps/api/	120 KB 40 KB	78ms 52ms	Script text/javascript	2a00:1450:4001:825::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Requested by Host: bpost-verzendkosten.su URL: https://bpost-verzendkosten.su/pakket/bezorging.php Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash 7404a57b023e458614b9e40d8c0f89d55e2ce7dd729ba7824068e5722a31f372 Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Fri, 06 Nov 2020 20:06:19 GMT content-encoding gzip vary Accept-Language server mafe x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 status 200 cache-control public, max-age=1800 server-timing gfet4t7; dur=36 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 40376 x-xss-protection 0 expires Fri, 06 Nov 2020 20:36:19 GMT
GET DATA	200 OK	truncated /	60 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash 4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308 Request headers Referer User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Content-Type image/png
GET H/1.1	200 OK	bezorging.php bpost-verzendkosten.su/pakket/	289 KB 289 KB	548ms 547ms	Font text/html	165.231.143.114 FIBERGRID
General Check archive.org Show headers Download Go to Full URL https://bpost-verzendkosten.su/pakket/bezorging.php Requested by Host: bpost-verzendkosten.su URL: https://bpost-verzendkosten.su/pakket/bezorging.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 165.231.143.114 Bandhagen, Sweden, ASN37518 (FIBERGRID, SC), Reverse DNS Software Microsoft-IIS/8.5 / PHP/7.2.26 Resource Hash 3c8ac50b2664d8230f0003d402bc6c06f1eb0f57dfb5340710ba8acdba8484aa Request headers Origin https://bpost-verzendkosten.su Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Sat, 07 Nov 2020 03:06:18 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, s-maxage=0,post-check=0, pre-check=0 Server Microsoft-IIS/8.5 X-Powered-By PHP/7.2.26 Content-Length 296025 Content-Type text/html; charset=UTF-8
GET H/1.1	200 OK	bezorging.php bpost-verzendkosten.su/pakket/	16 KB 16 KB	772ms 618ms	Image text/html	165.231.143.114 FIBERGRID
General Check archive.org Show headers Download Go to Show image Full URL https://bpost-verzendkosten.su/pakket/bezorging.php Requested by Host: bpost-verzendkosten.su URL: https://bpost-verzendkosten.su/pakket/bezorging.php Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_GCM Server 165.231.143.114 Bandhagen, Sweden, ASN37518 (FIBERGRID, SC), Reverse DNS Software Microsoft-IIS/8.5 / PHP/7.2.26 Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers Pragma no-cache Date Sat, 07 Nov 2020 03:06:19 GMT Cache-Control no-store, no-cache, must-revalidate, max-age=0, s-maxage=0,post-check=0, pre-check=0 Server Microsoft-IIS/8.5 X-Powered-By PHP/7.2.26 Content-Length 296025 Content-Type text/html; charset=UTF-8
GET H3-Q050	200	common.js Show response maps.googleapis.com/maps-api-v3/api/js/41/8/	78 KB 29 KB	35ms 22ms	Script text/javascript	2a00:1450:4001:825::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/41/8/common.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3d61f511a1bdc441e3b0e1ce33ead66e051aa0f6e39f6c2e428468a1de6d5496 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Tue, 03 Nov 2020 21:23:50 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 29 Jul 2020 06:13:00 GMT server sffe age 254554 vary Accept-Encoding, Origin content-type text/javascript status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 29287 x-xss-protection 0 expires Wed, 03 Nov 2021 21:23:50 GMT
GET H3-Q050	200	util.js Show response maps.googleapis.com/maps-api-v3/api/js/41/8/	144 KB 54 KB	34ms 20ms	Script text/javascript	2a00:1450:4001:825::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps-api-v3/api/js/41/8/util.js Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash aee55f1d6a13bb89ad87b393b9a3b335ef580e75d08b50e9efb21699da4fe857 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers date Mon, 02 Nov 2020 03:26:49 GMT content-encoding gzip x-content-type-options nosniff last-modified Wed, 29 Jul 2020 06:13:00 GMT server sffe age 405575 vary Accept-Encoding, Origin content-type text/javascript status 200 cache-control public, max-age=31536000 accept-ranges bytes alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 54471 x-xss-protection 0 expires Tue, 02 Nov 2021 03:26:49 GMT
GET H3-Q050	200	AuthenticationService.Authenticate Show response maps.googleapis.com/maps/api/js/	252 B 390 B	20ms 19ms	Script text/javascript	2a00:1450:4001:825::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fbpost-verzendkosten.su%2Fpakket%2Fbezorging.php&2sgme-marktplaats&3smp-messaging&callback=_xdc_._dbxwbh&client=gme-marktplaats&channel=mp-messaging&token=126967 Requested by Host: maps.googleapis.com URL: https://maps.googleapis.com/maps-api-v3/api/js/41/8/common.js Protocol H3-Q050 Security QUIC, , AES_128_GCM Server 2a00:1450:4001:825::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software mafe / Resource Hash 23593691a6ed5c680fbcb235f38267f0a5c5f5c1c39079022079b8b00ada7fdb Security Headers Name Value X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Referer https://bpost-verzendkosten.su/pakket/bezorging.php User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Response headers pragma no-cache date Fri, 06 Nov 2020 20:06:24 GMT content-encoding gzip server mafe x-frame-options SAMEORIGIN content-type text/javascript; charset=UTF-8 status 200 cache-control no-cache, must-revalidate content-disposition attachment server-timing gfet4t7; dur=3 alt-svc h3-Q050=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 206 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

analytics.s.id

URL

https://analytics.s.id/piwik.js

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Belgian Post Group (Transportation)

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes function| _ShadowLoader boolean| radioselected boolean| tcsaccepted object| selectedbank function| closeselect function| redirect function| openselect function| radiochange function| changevalues function| gm_authFailure object| google object| module$contents$MapsEvent_MapsEvent object| module$contents$mapsapi$overlay$OverlayView_OverlayView object| _xdc_

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://maps.googleapis.com/maps/api/js?client=gme-marktplaats&channel=mp-messaging(Line 71) Message: Google Maps JavaScript API error: UnauthorizedURLForClientIdMapError https://developers.google.com/maps/documentation/javascript/error-messages#unauthorized-url-for-client-id-map-error Your site URL to be authorized: https://bpost-verzendkosten.su/pakket/bezorging.php

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.s.id
bpost-verzendkosten.su
maps.googleapis.com
s.id
analytics.s.id
165.231.143.114
2a00:1450:4001:825::200a
45.126.59.196
0abb5ffd9e626e05c5d431c42ba981fbc03c6fe68c63c0da0f694bc897452832
23593691a6ed5c680fbcb235f38267f0a5c5f5c1c39079022079b8b00ada7fdb
3c8ac50b2664d8230f0003d402bc6c06f1eb0f57dfb5340710ba8acdba8484aa
3d61f511a1bdc441e3b0e1ce33ead66e051aa0f6e39f6c2e428468a1de6d5496
4a5fb2b519a589c14f8aa1e2ec4e7a1745d2aa9cda059c833c2619de1eb88b00
4d8efc1a08795aa0356e37486d13806335fa2024a5999dd36284b9e0c7ef2308
7404a57b023e458614b9e40d8c0f89d55e2ce7dd729ba7824068e5722a31f372
aee55f1d6a13bb89ad87b393b9a3b335ef580e75d08b50e9efb21699da4fe857
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855