www.bbb.post-customs.info Open in urlscan Pro
91.92.246.32 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bbb.post-customs.info/
Submission: On March 05 via automatic, source certstream-suspicious (March 5th 2024, 4:02:00 pm UTC) — Scanned from DE

Summary HTTP 12 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 91.92.246.32, located in Levski, Bulgaria and belongs to LIMENET, US. The main domain is www.bbb.post-customs.info.
TLS certificate: Issued by R3 on March 5th 2024. Valid for: 3 months.

This is the only time www.bbb.post-customs.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
12	91.92.246.32 91.92.246.32		394711 (LIMENET) (LIMENET)
12	1

12 91.92.246.32 (Levski, Bulgaria)

ASN394711 (LIMENET, US)

www.bbb.post-customs.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	post-customs.info www.bbb.post-customs.info	80 KB
12	1

	Domain	Requested by
12	www.bbb.post-customs.info	www.bbb.post-customs.info
12	1

This site contains no links.

Subject Issuer	Validity	Valid
bbb.post-customs.info R3	`2024-03-05` - `2024-06-03`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.bbb.post-customs.info/
Frame ID: 1EF0E0EB887A769AF6D017CB4B8D2643
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign In

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

80 kB
Transfer

335 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response www.bbb.post-customs.info/	15 KB 4 KB	1879ms 296ms	Document text/html	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PHP/8.2.16 PleskLin Resource Hash `e12a9553c10a4b2fef273792ff684e30210319c54d69fdbe3fc3d714b9a66988` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers cache-control no-store, no-cache, must-revalidate content-encoding gzip content-length 3559 content-type text/html; charset=UTF-8 date Tue, 05 Mar 2024 16:01:56 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server nginx vary Accept-Encoding x-powered-by PHP/8.2.16 PleskLin
GET H2	200	jquery.js Show response www.bbb.post-customs.info/files/	87 KB 30 KB	177ms 176ms	Script text/javascript	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/jquery.js Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 01:10:04 GMT server nginx etag W/"60e10a6c-15d9d" x-powered-by PleskLin content-type text/javascript
GET H2	200	bactouch.css www.bbb.post-customs.info/files/	154 KB 25 KB	140ms 139ms	Stylesheet text/css	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/bactouch.css Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `b0e10de8952a3febcf5a7956975c0d5511a4d17c0d1258f7604c445dca69af5e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 13:22:32 GMT server nginx etag W/"60e1b618-26745" x-powered-by PleskLin content-type text/css
GET H2	200	toolbar.css www.bbb.post-customs.info/files/	5 KB 1 KB	217ms 216ms	Stylesheet text/css	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/toolbar.css Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `e64f31484659019a5e67f0941d8c3cb3005e8af8131ae27cc1e00c52ae5c3990` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 13:23:14 GMT server nginx etag W/"60e1b642-1435" x-powered-by PleskLin content-type text/css
GET H2	200	bact_listview.css www.bbb.post-customs.info/files/	51 KB 9 KB	217ms 216ms	Stylesheet text/css	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/bact_listview.css Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `f435a1006b3ab5ff59845a75bc1e042770f753bc1bdf4e47240f7fac874819ee` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 01:01:08 GMT server nginx etag W/"60e10854-cbdd" x-powered-by PleskLin content-type text/css
GET H2	200	footer.css www.bbb.post-customs.info/files/	1 KB 542 B	69ms 69ms	Stylesheet text/css	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/footer.css Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `1675cd002bcba57fe2a36a87457398d6848cdb73061ae4fab14696294aa232fc` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 00:34:38 GMT server nginx etag W/"60e1021e-47c" x-powered-by PleskLin content-type text/css
GET H2	200	slidemenu.css www.bbb.post-customs.info/files/	12 KB 1 KB	61ms 61ms	Stylesheet text/css	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Full URL https://www.bbb.post-customs.info/files/slidemenu.css Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `16f8bae6e50fc836a23ce8d003222c307f3853491e8564d677697a04662710a6` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Sun, 04 Jul 2021 00:34:52 GMT server nginx etag W/"60e1022c-3193" x-powered-by PleskLin content-type text/css
GET H2	200	ico_alert@2x.png www.bbb.post-customs.info/files/	1 KB 1 KB	217ms 216ms	Image image/png	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bbb.post-customs.info/files/ico_alert@2x.png Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `115dac9e0522a37964cf69e50bc9a9b30edc78aca06ebe3c7f03cc4712b1b357` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT last-modified Sun, 04 Jul 2021 00:55:28 GMT server nginx etag "60e10700-54c" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 1356
GET H2	200	secure_lock.png www.bbb.post-customs.info/files/	352 B 521 B	217ms 217ms	Image image/png	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bbb.post-customs.info/files/secure_lock.png Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/ Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `b1f1b36d5a72970f7331a6d62472b2183611314a6535cb5f691a89c0aca8b52e` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT last-modified Sun, 04 Jul 2021 01:05:33 GMT server nginx x-accel-version 0.01 etag "160-5c641c91f5140" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 352
GET H2	200	header.png www.bbb.post-customs.info/files/	5 KB 5 KB	58ms 58ms	Image image/png	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bbb.post-customs.info/files/header.png Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/files/toolbar.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `b23046e43a658d66847d3fb771a26e1673ab267b77427eab293f537de496f7e2` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/files/toolbar.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT last-modified Sun, 04 Jul 2021 13:23:40 GMT server nginx etag "60e1b65c-12eb" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 4843
GET H2	200	toggle.png www.bbb.post-customs.info/files/	1 KB 2 KB	57ms 57ms	Image image/png	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bbb.post-customs.info/files/toggle.png Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/files/bactouch.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / PleskLin Resource Hash `52184077c38ffa89369d9ac64b03c61b78305e405676310c13bc52850c0c6c73` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/files/bactouch.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT last-modified Sun, 04 Jul 2021 01:03:27 GMT server nginx etag "60e108df-5c5" x-powered-by PleskLin content-type image/png accept-ranges bytes content-length 1477
GET H2	404	EHLbrown@2x.png www.bbb.post-customs.info/images/	808 B 808 B	58ms 57ms	Image text/html	91.92.246.32 LIMENET
General Check archive.org Show headers Download Go to Show image Full URL https://www.bbb.post-customs.info/images/EHLbrown@2x.png Requested by Host: www.bbb.post-customs.info URL: https://www.bbb.post-customs.info/files/footer.css Protocol H2 Security TLS 1.3, , AES_256_GCM Server 91.92.246.32 Levski, Bulgaria, ASN394711 (LIMENET, US), Reverse DNS Software nginx / Resource Hash `b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187` Request headers accept-language de-DE,de;q=0.9 Referer https://www.bbb.post-customs.info/files/footer.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36 Response headers date Tue, 05 Mar 2024 16:01:56 GMT content-encoding br last-modified Mon, 04 Mar 2024 15:44:05 GMT server nginx etag W/"328-612d798705657" content-type text/html

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| submit_signin

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.bbb.post-customs.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: oscult2sivf1t1pm154dubiljh

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.bbb.post-customs.info/images/EHLbrown@2x.png Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

www.bbb.post-customs.info
91.92.246.32
115dac9e0522a37964cf69e50bc9a9b30edc78aca06ebe3c7f03cc4712b1b357
1675cd002bcba57fe2a36a87457398d6848cdb73061ae4fab14696294aa232fc
16f8bae6e50fc836a23ce8d003222c307f3853491e8564d677697a04662710a6
52184077c38ffa89369d9ac64b03c61b78305e405676310c13bc52850c0c6c73
b0e10de8952a3febcf5a7956975c0d5511a4d17c0d1258f7604c445dca69af5e
b1f1b36d5a72970f7331a6d62472b2183611314a6535cb5f691a89c0aca8b52e
b23046e43a658d66847d3fb771a26e1673ab267b77427eab293f537de496f7e2
b9347f234dc3c8d56e015e86d88a1400415db8f7a5ad91f02b6a2323c10a4187
e12a9553c10a4b2fef273792ff684e30210319c54d69fdbe3fc3d714b9a66988
e64f31484659019a5e67f0941d8c3cb3005e8af8131ae27cc1e00c52ae5c3990
f435a1006b3ab5ff59845a75bc1e042770f753bc1bdf4e47240f7fac874819ee
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.bbb.post-customs.info Open in urlscan Pro 91.92.246.32 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

12 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

80 kBTransfer

335 kBSize

1 Cookies

0 Outgoing links

Redirected requests

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

3 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

www.bbb.post-customs.info Open in urlscan Pro
91.92.246.32 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

80 kB
Transfer

335 kB
Size

1
Cookies

12 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!