aupost.au1lfrm.express
Open in
urlscan Pro
43.134.109.119
Malicious Activity!
Public Scan
Effective URL: https://aupost.au1lfrm.express/index.html
Submission Tags: @phish_report
Submission: On April 14 via api from FI — Scanned from AU
Summary
TLS certificate: Issued by R3 on April 13th 2024. Valid for: 3 months.
This is the only time aupost.au1lfrm.express was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Australia Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 36 | 43.134.109.119 43.134.109.119 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
| 36 | 2 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
| aupost.au1lfrm.express | |
| u2.amadmin.xyz |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 32 |
au1lfrm.express
1 redirects
aupost.au1lfrm.express |
700 KB |
| 4 |
amadmin.xyz
u2.amadmin.xyz |
171 KB |
| 36 | 2 |
| Domain | Requested by | |
|---|---|---|
| 32 | aupost.au1lfrm.express |
1 redirects
aupost.au1lfrm.express
|
| 4 | u2.amadmin.xyz |
aupost.au1lfrm.express
|
| 36 | 2 |
This site contains links to these domains. Also see Links.
| Domain |
|---|
| auspost.com.au |
| merchant-portal.auspost.com.au |
| eparcel.auspost.com.au |
| auspost.app.link |
| www.digitalid.com |
| paypaperbills.postbillpay.com.au |
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| aupost.mypokc.express R3 |
2024-04-13 - 2024-07-12 |
3 months | crt.sh |
| u2.amadmin.xyz R3 |
2024-03-30 - 2024-06-28 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://aupost.au1lfrm.express/index.html
Frame ID: 74B231DC57A8FDE6BC325EBD8F7EA0AE
Requests: 37 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://aupost.au1lfrm.express/
HTTP 302
https://aupost.au1lfrm.express/index.html Page URL
Detected technologies
Vue.js
(JavaScript Frameworks)
Expand
Detected patterns
- (?:/([\d.]+))?/vue(?:\.min)?\.js
Page Statistics
100 Outgoing links
These are links going to different origins than the main page.
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://aupost.au1lfrm.express/
HTTP 302
https://aupost.au1lfrm.express/index.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
36 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
index.html
aupost.au1lfrm.express/ Redirect Chain
|
11 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
index.js
aupost.au1lfrm.express/static/js/ |
6 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loading.css
aupost.au1lfrm.express/static/css/ |
91 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
setting.json
aupost.au1lfrm.express/config/ |
164 B 320 B |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
axios.js
aupost.au1lfrm.express/static/js/ |
42 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
redSetting.js
aupost.au1lfrm.express/static/js/ |
18 KB 9 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
queryIpClick
u2.amadmin.xyz/index.php/click/ |
22 B 353 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
queryIpInfo
u2.amadmin.xyz/index.php/click/ |
123 B 438 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
favicon.ico
aupost.au1lfrm.express/ |
1 KB 1 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
loadMainPage
u2.amadmin.xyz/index.php/click/ |
2 MB 170 KB |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
f6170fbbb4mpB.css
aupost.au1lfrm.express/assets/ |
952 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
c233ec4aZjYsm.js
aupost.au1lfrm.express/assets/ |
3 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
2d6af207ZjYsm.js
aupost.au1lfrm.express/assets/ |
29 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
3c2b90e2ZjYsm.js
aupost.au1lfrm.express/assets/ |
112 KB 44 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
296cea10ZjYsm.js
aupost.au1lfrm.express/assets/ |
103 KB 42 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
09bf01f8ZjYsm.js
aupost.au1lfrm.express/assets/ |
1 KB 808 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
edff4021ZjYsm.js
aupost.au1lfrm.express/assets/ |
1 KB 994 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
459da548ZjYsm.js
aupost.au1lfrm.express/assets/ |
362 KB 78 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
c27b6911ZjYsm.js
aupost.au1lfrm.express/assets/ |
915 B 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
1d85313fb4mpB.css
aupost.au1lfrm.express/assets/ |
205 KB 111 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
8abe6372ZjYsm.js
aupost.au1lfrm.express/assets/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
4cd1ec68b4mpB.css
aupost.au1lfrm.express/assets/ |
323 B 526 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
7a4fb8a5ZjYsm.js
aupost.au1lfrm.express/assets/ |
97 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
e9841a77b4mpB.css
aupost.au1lfrm.express/assets/ |
389 B 592 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vue.js
aupost.au1lfrm.express/static/js/ |
334 KB 104 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
55.svg
aupost.au1lfrm.express/assets/ |
324 B 480 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
56.svg
aupost.au1lfrm.express/assets/ |
742 B 898 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
57.svg
aupost.au1lfrm.express/assets/ |
391 B 547 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
58.svg
aupost.au1lfrm.express/assets/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
59.svg
aupost.au1lfrm.express/assets/ |
41 KB 41 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
vueConfig.js
aupost.au1lfrm.express/static/js/ |
64 KB 27 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
373 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
362e7038b4mpB.woff2
aupost.au1lfrm.express/assets/ |
49 KB 49 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
dff0abedb4mpB.woff2
aupost.au1lfrm.express/assets/ |
50 KB 50 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
006d08fcb4mpB.woff2
aupost.au1lfrm.express/assets/ |
43 KB 43 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
addClick
u2.amadmin.xyz/index.php/click/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
config
u2.amadmin.xyz/index.php/click/ |
492 B 613 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- u2.amadmin.xyz
- URL
- https://u2.amadmin.xyz/index.php/click/addClick?ip=66.203.112.166&behaviour=index.html
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Australia Post (Transportation)30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| _0x23d1 function| _0x59226a function| _0x3db7 function| _0x9997 function| _0x5a7443 string| _0x2f object| pre_window_load object| pre_href function| restore_href number| _0xodc function| _0x14b280 function| _0x8b08 function| _0x3fe5 string| version_ object| config function| axios number| _0xody function| _0x3361a2 function| _0x1475 function| _0x201e function| getPageName string| domain string| pageName boolean| isTrue undefined| htmlcode function| Vue string| _0xodd function| _0x4562 function| _0x30bc78 function| _0x30451 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| aupost.au1lfrm.express/ | Name: PHPSESSID Value: 65hnn1jga5ijpfm0pfpag9te76 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
| Header | Value |
|---|---|
| Strict-Transport-Security | max-age=31536000 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
aupost.au1lfrm.express
u2.amadmin.xyz
u2.amadmin.xyz
43.134.109.119
006d08fc5f5fb333ff490338d5a7f50cd8e7b4b4493f7a1735526266efdb9456
065859db8fc8bbfddccc38f8d738bff72c85caa07d51560b3bc5169fd236c8c5
159f0ac0c8f517aaa736003b6e13ebc959b5f7129db87e4e56bf2eec8d6d02d7
17d7e4d691ca0d2d31965d05f4eba2729ea43f6ceb5ec81941d42ac6266b8a95
1d85313fdf461238f494eabaf3a049e50068e6b06dcb95943bdca80802d28d9b
1dee0226f90da10ab0eb239dbf015af02b2ae365671aa9338b9e4a05695603c5
20ddbaf916ce9abc479410108badd6a3fc475974003f6daaecd23bd6950f4b3b
27641ec07a84a4ecf91d62e77776a5121532c22682293128c49f1f90b8879dbf
31718f867a5302cc9118acc454211fab3d4ce363ac6cb5397a284e9ef0ff86c8
32c8cb1e84184e2c82fdd5c905c3a14176ac1ccfa1327ad3e642281c55d9600a
33fc6ccda08385c9226321d694b249f6ee91e33c84b9fb094b206854f3a8e4db
3482dadd2384a08c249b915d25470d4f135bd4d2066c1f1b30f23d6b5d775e9a
362e7038da1d1ab321763dec9c75a702b1b3d8ef1f8b3d5870546b8abccde090
3e3d3cd295cdeacdb9ae31f38d721754eb1a855f004047e8225fe9ff183ad445
4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64
59a73d06ac336437bc9fd6e1e9b1ba75d631f78e7eb43fa2cbc2657b1602114c
5c2dd5079cbefae119106475f88eecd0789431c465405e2e3e65d5559f604a86
625276eaae045e7fae553e9a30f96083e0e5132b7ab98890f93ee3a0d3fd877a
65cac8d871c524eba9629993ceb2ba67c926081992435b2355ece1ef70f94cee
798a3f07cb7081e9367ed51ad11b9cbaa6a6845aa9c77ad214485f241d91ff02
7b7c595cb8637f4511c3a66a2fc4d5a8a559ea7ca688206c1b0ceec420a7b7e9
85a28bc1430a6322b8bed83ac2508d8ad274cf098d3485b6a0f5def45040397c
96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455
9cbf2ee0497bc263bbf0474eb2e475b73b4b377b590bcf27f1fb66befdeb1d65
b35069f139e352d0b7111ded610f47f68613376490017e88ebfe56bac99a9e08
b519a4c17153565bc4fb1e91d5147d72c84fda6187b9406175a1a5814dc212b6
b668d928704514e4f8d65cbfd495e078bf576335e8983e0b7d849f7d90b542f6
c3c477050f5602a7f00a342d1d4fd549d85501ee3e3ab9c2c3ba1eb306555d39
dd1e4a4b06cd742176e6a824da29a5a8fd9f9fa39b58abcb2cd646b777cbb627
dff0abeded7891c13f876cd227706a2dae374575146a8f5a01ba5adf7acf1c14
e9841a77f4566e799dbcc67059041cd351a5cdb626be21b2db57b8c0ad660021
eae8cffe46dc860e4d6de92342a986b8d5f4ae5dc74267fa53a5adf8bd30a3d0
eae9a837196db87c27a6c3fdc75833ee524fd5b535903df06c3e9d86f8e962ed
f247a57077b871ff5f7ec43cdd5f50c0ec7f185ad352736a7f73927f085a46cc
f48b5b48b9da899bdb3ba28a622fe842fa6bc3779a5ad3088bf189cab0c1539b
f6170fbbee0af98d737510b5689b31d78cf4e9a152590e594175b79212210911