legsys.paketnord.info
Open in
urlscan Pro
2606:4700:3037::681b:b52e
Malicious Activity!
Public Scan
Effective URL: http://legsys.paketnord.info/postitrack/?cep=XisEDrhE-7pi4SiHAJ3vyNWC2JghdrGLOM7nHsNQ9M-9t8zIk7DW0UTB7JOjmLjAI9JULSIWRIquSe2g...
Submission: On March 27 via manual from IE
Summary
This is the only time legsys.paketnord.info was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: An Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 87.251.76.104 87.251.76.104 | 60558 (SECUREDSE...) (SECUREDSERVERS-EU) | |
1 1 | 18.197.36.77 18.197.36.77 | 16509 (AMAZON-02) (AMAZON-02) | |
10 | 2606:4700:303... 2606:4700:3037::681b:b52e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:1b | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
2 | 2a00:1450:400... 2a00:1450:4001:820::2003 | 15169 (GOOGLE) (GOOGLE) | |
14 | 5 |
ASN16509 (AMAZON-02, US)
PTR: ec2-18-197-36-77.eu-central-1.compute.amazonaws.com
track.blop.link |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
paketnord.info
legsys.paketnord.info |
2 MB |
2 |
gstatic.com
fonts.gstatic.com |
16 KB |
1 |
jquery.com
code.jquery.com |
30 KB |
1 |
googleapis.com
fonts.googleapis.com |
654 B |
1 |
blop.link
1 redirects
track.blop.link |
1 KB |
1 |
e16.us
1 redirects
e16.us |
284 B |
14 | 6 |
Domain | Requested by | |
---|---|---|
10 | legsys.paketnord.info |
legsys.paketnord.info
|
2 | fonts.gstatic.com |
legsys.paketnord.info
|
1 | code.jquery.com |
legsys.paketnord.info
|
1 | fonts.googleapis.com |
legsys.paketnord.info
|
1 | track.blop.link | 1 redirects |
1 | e16.us | 1 redirects |
14 | 6 |
This site contains links to these domains. Also see Links.
Domain |
---|
track.blop.link |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.storage.googleapis.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
jquery.org COMODO RSA Domain Validation Secure Server CA |
2018-10-17 - 2020-10-16 |
2 years | crt.sh |
*.google.com GTS CA 1O1 |
2020-03-03 - 2020-05-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://legsys.paketnord.info/postitrack/?cep=XisEDrhE-7pi4SiHAJ3vyNWC2JghdrGLOM7nHsNQ9M-9t8zIk7DW0UTB7JOjmLjAI9JULSIWRIquSe2gZEcDdxfUfSMxknKkNa47r7wo7l9IMHAZFbuGu1CAGOTKhR7yA1-96CX99SOyGAO3v_wRM_39RFNCJOi9ZXsUWc1b8jM-pK85rDxBij_G0FNOHPCpvIO0AlFhmhL6QFtY2GSVwWuYRBpq_OFrmhV5QXDHbkp1jmHY3GBRFIHJSYhNBkK0EV_IpI0CWafWj-02cLwBfYj0MArLtzz9lh7AHGf8sjZj9q2IkUoSiAOpsS_yG1uSfW5m-m6WxkIDuBnqDfPIGPsHOXVxHOHQTGHE6ECakIo&lptoken=15a685f93205746409f2
Frame ID: 9AA7951C6EA0A3A51C6B457B2A39E8C7
Requests: 30 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
http://e16.us/U2TOS
HTTP 302
https://track.blop.link/071b407e-e571-4632-a09c-89308e716554 HTTP 302
http://legsys.paketnord.info/postitrack/?cep=XisEDrhE-7pi4SiHAJ3vyNWC2JghdrGLOM7nHsNQ9M-9t8zIk7DW0UTB7JOj... Page URL
Detected technologies
Windows Server (Operating Systems) ExpandDetected patterns
- html /<input[^>]+name="__VIEWSTATE/i
Microsoft ASP.NET (Web Frameworks) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
IIS (Web Servers) Expand
Detected patterns
- html /<input[^>]+name="__VIEWSTATE/i
CloudFlare (CDN) Expand
Detected patterns
- headers server /^cloudflare$/i
Google Font API (Font Scripts) Expand
Detected patterns
- html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i
Google Tag Manager (Tag Managers) Expand
Detected patterns
- html /googletagmanager\.com\/ns\.html[^>]+><\/iframe>/i
Essential JS 2 () Expand
Detected patterns
- html /<[^<]+class="[^"]*[^-](?:e-control|e-lib)/i
Page Statistics
1 Outgoing links
These are links going to different origins than the main page.
Title: Further details here
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://e16.us/U2TOS
HTTP 302
https://track.blop.link/071b407e-e571-4632-a09c-89308e716554 HTTP 302
http://legsys.paketnord.info/postitrack/?cep=XisEDrhE-7pi4SiHAJ3vyNWC2JghdrGLOM7nHsNQ9M-9t8zIk7DW0UTB7JOjmLjAI9JULSIWRIquSe2gZEcDdxfUfSMxknKkNa47r7wo7l9IMHAZFbuGu1CAGOTKhR7yA1-96CX99SOyGAO3v_wRM_39RFNCJOi9ZXsUWc1b8jM-pK85rDxBij_G0FNOHPCpvIO0AlFhmhL6QFtY2GSVwWuYRBpq_OFrmhV5QXDHbkp1jmHY3GBRFIHJSYhNBkK0EV_IpI0CWafWj-02cLwBfYj0MArLtzz9lh7AHGf8sjZj9q2IkUoSiAOpsS_yG1uSfW5m-m6WxkIDuBnqDfPIGPsHOXVxHOHQTGHE6ECakIo&lptoken=15a685f93205746409f2 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
legsys.paketnord.info/postitrack/ Redirect Chain
|
53 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 654 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.min.css
legsys.paketnord.info/postitrack/build/css/ |
3 MB 2 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
styles.css
legsys.paketnord.info/postitrack/build/css/ |
1 KB 762 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
anPostLogo.svg
legsys.paketnord.info/postitrack/img/ |
64 KB 48 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
preloader.gif
legsys.paketnord.info/postitrack/img/ |
30 KB 30 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
pikaday.min.js
legsys.paketnord.info/postitrack/js/external/ |
15 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
validate.min.js
legsys.paketnord.info/postitrack/js/external/ |
13 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
tiny-slider.min.js
legsys.paketnord.info/postitrack/js/external/ |
29 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
core.js
legsys.paketnord.info/postitrack/js/ |
204 KB 41 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.4.1.min.js
code.jquery.com/ |
86 KB 30 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
339 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
591 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
575 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
578 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
fonts.gstatic.com/s/poppins/v9/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
M03-fx-travel-ny.jpg
legsys.paketnord.info/postitrack/img/ |
116 KB 116 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v9/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
588 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
191 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
464 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
1 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: An Post (Transportation)117 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate function| PM_Postback function| PM_Callback object| CMS function| Pikaday function| $ function| jQuery function| validate function| tns function| _typeof function| _slicedToArray function| _createClass function| _defineProperty function| _classCallCheck boolean| seppuku boolean| isWindowDefined object| testNode boolean| isInitialized boolean| shadowRootExists object| stickies function| extend function| parseNumeric function| getDocOffsetTop function| Sticky object| Stickyfill function| init string| MOBILE_BREAKPOINT string| TABLET_BREAKPOINT string| DESKTOP_SMALL_BREAKPOINT string| DESKTOP_BREAKPOINT function| debounce function| doLoop function| wrap function| createEl function| toggleAriaExpanded function| toggleAriaHidden function| toggleAnswerVisibility function| calculateHeight function| trimHtml function| findAncestor function| reCAPTCHArenderer function| getQueryStringParams function| validateAnPostCode function| numberWithCommas function| checkIsValidDate object| apgigya object| autoAddress object| Tabs function| trackItem function| doValidation function| handleFormSubmit function| isFormValid function| showErrors function| showErrorsForInput function| closestParent function| resetFormGroup function| addError function| disableButtonAfterSubmission object| BannerImages object| Christmascountdowntimer object| customRangeSlider object| DesktopMenu object| f00 object| F01 object| f02 object| f02b object| F03 object| f04 object| f04a object| f04b object| f04c object| f05 object| f06 object| F07 object| F08 object| f09 object| f10 object| LangSelect object| Forms object| M02 undefined| M14 undefined| M16 undefined| m17 undefined| M18 undefined| m19 undefined| M20 undefined| M23 undefined| M26 undefined| M33 undefined| M35 undefined| M38 undefined| M41 undefined| m43 undefined| M46 undefined| M47 undefined| M48 undefined| M49 undefined| M52 undefined| M54 undefined| M55 undefined| M58 undefined| m59 undefined| M61 undefined| m62 undefined| m63 undefined| m67 undefined| m68 undefined| m69 undefined| m71 undefined| MobileMenu undefined| myAddress undefined| MY01 undefined| ResponsiveTable undefined| SS02 undefined| Tabbing object| dataLayer1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.paketnord.info/ | Name: __cfduid Value: d71596b6166f096353d8be0c6747af1c61585325609 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
code.jquery.com
e16.us
fonts.googleapis.com
fonts.gstatic.com
legsys.paketnord.info
track.blop.link
18.197.36.77
2001:4de0:ac19::1:b:1b
2606:4700:3037::681b:b52e
2a00:1450:4001:80b::200a
2a00:1450:4001:820::2003
87.251.76.104
0475254b13c7417184e2844dcfa98bbd37b9526127b8bfe1bbc3d70cc4855a6c
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
37f2ae330fef28c671b6cbf03d88ef430cd67e41da243dd638551b3d1fa19700
4c65566094b2e232df0cd48226725e0fa2fd2565e1154f13dbd6520e5e5f9a3d
4e3ede69a106784567c0a8b340e960b5941b11058536ece55d3fc6bc482b0bfd
56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
5ccc147dc6c6ffdcb41622f9d2982d49ccd95fddd9cd990c930222fcaf737e46
752d28e0ed8ba234bf1e696f47c756c8a8843f6940229eba6bbf5bf464f22999
7cd0db0364af9c5f016833323e7a4c884a3a5b6c7ed5c4878693c658710e6c1e
7ce7cf4dd3f77fc024712aa796e0c7b3614ced1982a18187885f29f56c0aec36
8d6ffb55338fbc7967a57ed0a0dbbd2ba2b3f259c8499ef225ac31cf19ffea84
9b1267c3f681dc4246679c6ccc5b24545443d7f18c9d1b67fd49fc64e3b79dc7
ab82606ba85a53c62dfa7833280a45861b1dc60627a2cec4e4ab52dfb7a3fb8b
abc0f2687621c76a3dc20d5069300c4397ca2ee84e95e589b7c5337008b16682
b8d58d90bc9281634812f29d8f579d1fe39dde8fd5df3ecef9a8d480a9193645
bac102e1d09cbbfd4e6ae9ad4c9f1fc4ad7d3cc0876076c26effe87d4c35ddb4
c294bbb814c3d56a731d9b0a8f51ff9ea55fd6aa8aa68f7690c6cac456ceb58b
d54c1518ce33ab12522ef7de2dc7a290c1f75af649cc35b4fe166114ff41e680
db5cf0db08370f66dfe81f2c25aa8b4d07cb193f62977789ce1dab2c9f6132ee
de8c75c97b20c8d809b89a46bf2ccfda3e94a996a43cdadeb7bf79cd3453d580
e364690287af97b38470ed8e1c2c84ebbfecc9b3d7280510eba82b1225e64257
e841c6f5f8f054f298a9e19a91e0df68808eb3a903a6cb579575429f6872950e
eb641a8fe382db0ef9ed82b9f8528f0a4eeb512b0fddbba4163b8938fe72df1c
edaa9809a1399479f53a2d50c072f3a65109d10b43c927cc6b8a9e045a8ecc62
f7fb48bd3bb7fb057ed52d05ef60aa6ce62b11d8cbd861e66866f92d1f9310d9
f9f472a3d07ae1e0266ee943531b5f9112275284c02b6c6458ae2f44024e1b3f
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388
fe15a1ade11ef621bddcab69ab566ea3d1754686b8219ed0bf614008f82ccd9f
ffd88afcf595884cd06c91023c45f007fc7644cbc3f74c91695d905fa1451a38