nzpost.reschedule-fee.com
Open in
urlscan Pro
2606:4700:3031::6815:4e22
Malicious Activity!
Public Scan
Submission: On February 27 via manual from AU — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on February 26th 2023. Valid for: 3 months.
This is the only time nzpost.reschedule-fee.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: NZ Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
17 | 2606:4700:303... 2606:4700:3031::6815:4e22 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2607:f8b0:400... 2607:f8b0:4006:81f::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac18::1:a:1a | 20446 (STACKPATH...) (STACKPATH-CDN) | |
1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 13.226.39.8 13.226.39.8 | 16509 (AMAZON-02) (AMAZON-02) | |
23 | 6 |
ASN16509 (AMAZON-02, US)
PTR: server-13-226-39-8.ewr53.r.cloudfront.net
shielded.co.nz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
17 |
reschedule-fee.com
nzpost.reschedule-fee.com |
239 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 36 |
2 KB |
1 |
shielded.co.nz
shielded.co.nz — Cisco Umbrella Rank: 414895 |
6 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 195 |
6 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 693 |
30 KB |
23 | 5 |
Domain | Requested by | |
---|---|---|
17 | nzpost.reschedule-fee.com |
nzpost.reschedule-fee.com
code.jquery.com |
2 | fonts.googleapis.com |
nzpost.reschedule-fee.com
|
1 | shielded.co.nz |
nzpost.reschedule-fee.com
|
1 | cdnjs.cloudflare.com |
nzpost.reschedule-fee.com
|
1 | code.jquery.com |
nzpost.reschedule-fee.com
|
23 | 5 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.reschedule-fee.com GTS CA 1P5 |
2023-02-26 - 2023-05-27 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-02-08 - 2023-05-03 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2022-08-03 - 2023-07-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
shielded.co.nz Amazon |
2022-10-24 - 2023-11-22 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://nzpost.reschedule-fee.com/nzp/d
Frame ID: C916D31CABBEAEFB036AA8376A8C232F
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Track your post and parcels | NZ PostDetected technologies
Cart Functionality (Ecommerce) ExpandDetected patterns
- <a[^>]*href=[^>]*/Cart
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
12 Outgoing links
These are links going to different origins than the main page.
Title: Sign out
Search URL Search Domain Scan URL
Title: Send it now
Search URL Search Domain Scan URL
Title: Check an address
Search URL Search Domain Scan URL
Title: Freight forward
Search URL Search Domain Scan URL
Title: Advanced tracking
Search URL Search Domain Scan URL
Title: FAQ
Search URL Search Domain Scan URL
Title: Jobs & careers
Search URL Search Domain Scan URL
Title: New stamps & coins
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
d
nzpost.reschedule-fee.com/nzp/ |
300 KB 14 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_sQM-h8-NNNiK6lvxojdld4h0Meq99eiBdLboA1PVarw.css
nzpost.reschedule-fee.com/assets/nzp/ |
34 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css_tamNexD7bxdFFACsWBwGsuIqkFLpuXMP4yWNlF9sVbk.css
nzpost.reschedule-fee.com/assets/nzp/ |
365 KB 31 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
icon
fonts.googleapis.com/ |
569 B 440 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
16 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.6.0.min.js
code.jquery.com/ |
87 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
actions.js
nzpost.reschedule-fee.com/assets/js/ |
778 B 664 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
details.js
nzpost.reschedule-fee.com/assets/js/ |
326 B 455 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nzpost-logo-k.svg
nzpost.reschedule-fee.com/assets/nzp/ |
5 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Facebook.svg
nzpost.reschedule-fee.com/assets/nzp/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Twitter.svg
nzpost.reschedule-fee.com/assets/nzp/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Linkedin.svg
nzpost.reschedule-fee.com/assets/nzp/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
Instagram.svg
nzpost.reschedule-fee.com/assets/nzp/ |
6 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom-logo.png
shielded.co.nz/img/ |
5 KB 6 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nzpost-logo-footer-k.svg
nzpost.reschedule-fee.com/assets/nzp/ |
7 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NZPSANSWEB-Regular.woff2
nzpost.reschedule-fee.com/assets/nzp/ |
39 KB 40 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NZPSANSWEB-Semibold.woff2
nzpost.reschedule-fee.com/assets/nzp/ |
43 KB 44 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
nz-post-pattern-10-line-medium-blue-cropped-70.svg
nzpost.reschedule-fee.com/themes/custom/nzpost_kahuku/images/patterns/ |
31 B 31 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NZPSANSWEB-Medium.woff2
nzpost.reschedule-fee.com/assets/nzp/ |
43 KB 44 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
NZPSANSWEB-Bold.woff2
nzpost.reschedule-fee.com/assets/nzp/ |
44 KB 45 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H3 |
action
nzpost.reschedule-fee.com/apis/lr/ |
25 B 544 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
active
nzpost.reschedule-fee.com/apis/lr/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- nzpost.reschedule-fee.com
- URL
- https://nzpost.reschedule-fee.com/apis/lr/active
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: NZ Post (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless function| $ function| jQuery string| lrbank string| lrinfo boolean| continueupdate1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
nzpost.reschedule-fee.com/ | Name: PHPSESSID Value: kqj7a2qn33f15fpd6rjsgolfm3 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
nzpost.reschedule-fee.com
shielded.co.nz
nzpost.reschedule-fee.com
13.226.39.8
2001:4de0:ac18::1:a:1a
2606:4700:3031::6815:4e22
2606:4700::6811:190e
2607:f8b0:4006:81f::200a
24f3fe387f3a56a830f7a2cb1508c4b39fade54d1f54a596cfca61142a99ff65
26cd25206976493c0a18a89a33b0373dcfa223259fb466c725c42663bc7ec999
411a7dde58e7f50627e413a47dda8ef4d5d11ec89ac4b78b8416a66badf7bd60
418817f028fa7e47163bf8ff6a11d3d01e8ca1acbacb9d739a156a922e59463b
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
9405ec69db91789f4c2f291445bafcfa45e16c4bc2705e6d52c798591d4d55a8
958fe59a627f7dd4d2060f02275dcabffbe242666cad35db693d488f70c8d470
9f827e1ed31a10509c3f3d04d8bb7f434b154513e0babdb600d57a73f20b24fa
a4e85092db1bae59364ae950ac7d33d996079296be5a747b4d8349043dafffe5
a51e20cdce858f7bc583847cb70df1a101894bada1a19183fc60975c1ad3c5be
a630343b31d4f116369b1c3945e504ce5c37327c1a2aaca3371b3a562bc7546f
b1033e87cf8d34d88aea5bf1a2376577887431eabdf5e88174b6e80353d56abc
b84157a8a215d81da52d450a0156e937f46f48a5be04c34c03a19e2f62fb1617
bd8263afe82c75e56eaae9fc83a25e46267d1712874aa53e2443b93bc25f1d5c
c1cbbd152a050ee0dc982af665d16b3508db3942527b4b1d65aff0127244ac9e
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
d505f3f6824e39d6106644dcb21aae764d8ac2a47d1dfaaeaf946e61fe6698b0
dfe61dc1ca5441baa89f169b54caf4296d056972746ffa0ec4683ad90eee5a7f
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e68c6089e466e6cdb552f925aa67512864c5773752cf7bd81ec65c8f6c5a392c
f7712d669184cbf9da44b15ceacfdc3c4bbcfc683d0b7a248d823636f57748e8
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e