customs.unpaid-taxes.info Open in urlscan Pro
104.21.36.82 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://unpaid-taxes.info/
Effective URL:
https://customs.unpaid-taxes.info/
Submission Tags: @ecarlesi threat #phishing #postvox Search All
Submission: On September 19 via api (September 19th 2023, 3:15:09 am UTC) from PL — Scanned from PL

Summary HTTP 14 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 14 HTTP transactions. The main IP is 104.21.36.82, located in and belongs to CLOUDFLARENET, US. The main domain is customs.unpaid-taxes.info.
TLS certificate: Issued by GTS CA 1P5 on September 18th 2023. Valid for: 3 months.

This is the only time customs.unpaid-taxes.info was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: An Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	172.67.190.171 172.67.190.171	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	104.21.36.82 104.21.36.82	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2

1 172.67.190.171 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpaid-taxes.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 104.21.36.82 (None, )

ASN13335 (CLOUDFLARENET, US)

customs.unpaid-taxes.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	unpaid-taxes.info 1 redirects unpaid-taxes.info customs.unpaid-taxes.info	2 MB
14	1

	Domain	Requested by
14	customs.unpaid-taxes.info	customs.unpaid-taxes.info
1	unpaid-taxes.info	1 redirects
14	2

This site contains no links.

Subject Issuer	Validity	Valid
*.unpaid-taxes.info GTS CA 1P5	`2023-09-18` - `2023-12-17`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://customs.unpaid-taxes.info/
Frame ID: E048F0D77AC4D0DA460E25F74032C06E
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Track your post and parcels | Personal | An Post

Page URL History Show full URLs

http://unpaid-taxes.info/ HTTP 302
https://customs.unpaid-taxes.info/ Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

2273 kB
Transfer

5613 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://unpaid-taxes.info/ HTTP 302
https://customs.unpaid-taxes.info/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions
7 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response customs.unpaid-taxes.info/ Redirect Chain http://unpaid-taxes.info/ https://customs.unpaid-taxes.info/	56 KB 8 KB	313ms 220ms	Document text/html	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `ea6e4eeb0657eaa022da14c547528b40a17e2f84b534fb6790e12c53df57e019` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 accept-language pl-PL,pl;q=0.9 Response headers alt-svc h3=":443"; ma=86400 cache-control no-store, no-cache, must-revalidate cf-cache-status DYNAMIC cf-ray 808ea97dfb263bd2-WAW content-encoding br content-type text/html; charset=UTF-8 date Tue, 19 Sep 2023 03:15:04 GMT expires Thu, 19 Nov 1981 08:52:00 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} pragma no-cache report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTq0xwFm8w2DjhDbz3Y7RMB784o0adPy%2FLxJb%2Fb9LFGk5GRG%2B7leQo7BSx50mqFmbI%2BBhUKfmG241iYYiBZB93bLQJZ3%2BRD1FMXTfmbkZIbxDcsPZxcbP1z2%2FJuURkwhvXjQbldKWRhXOHLT"}],"group":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding Redirect headers CF-Cache-Status DYNAMIC CF-RAY 808ea97cca3e3509-WAW Connection keep-alive Content-Type text/html; charset=UTF-8 Date Tue, 19 Sep 2023 03:15:03 GMT Location https://customs.unpaid-taxes.info NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m0E2XZrTEQPNyZ7U0XdSbsh4doin%2BoK0eXHMRLpXVT4fGU1gHP7l87Vime25zGUbVVAG5WqbtpgFltTr3Ro%2BfIF5oIy%2FWVzEJaCMkKLqynzrK9XIoI6B6q%2BPhhBuNpHcsgVRXQ%3D%3D"}],"group":"cf-nel","max_age":604800} Server cloudflare Transfer-Encoding chunked alt-svc h3=":443"; ma=86400
GET H2	200	core.min.css customs.unpaid-taxes.info/assets/	5 MB 2 MB	200ms 199ms	Stylesheet text/css	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/assets/core.min.css Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `5acb69db0d8275e5fa0a5000bdd413529779277177bcdf90af13a09632f59eb7` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:26:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"4f332f-5fff9b25e0900-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MFmBZG%2BPwVJc1SXcCDa94mkPpy2rv3SJBFNURUAmWmCZdk0E2CB79qvUPJTKiMiqcLnHcrzl0vqa8j0AcP9e3GtWJp71suLTuNt6oKm6kBlDL2FcqLJcoiDjY7gp0lEHivfnCnze11IC693B"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808ea97f6ba83bd2-WAW alt-svc h3=":443"; ma=86400
GET H2	200	jquery.js Show response customs.unpaid-taxes.info/cntdjs/	88 KB 32 KB	131ms 130ms	Script application/javascript	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/cntdjs/jquery.js Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bde63cda98d2198a19933540edb43bb53931a352202bffe75067ac9ba722673a` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sun, 17 Sep 2023 14:31:28 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"15f86-6058ee18ef000-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wRvO1gfiFhtD5YdLtJ0qK6DUEgfDUAvVsROmAXUysg9QcI%2B6UpV1E26eooYrtAoGwHaYPXhb0exUIFVnpsHcQ%2BROvYjouHuvReStih2C9Zk9jUbC03GJxjoYe9%2FPuEwgh%2Br%2BquqNxJH%2BND9r"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 808ea97f6bab3bd2-WAW alt-svc h3=":443"; ma=86400
GET H2	200	jquery.mask.js Show response customs.unpaid-taxes.info/cntdjs/	23 KB 6 KB	96ms 95ms	Script application/javascript	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/cntdjs/jquery.mask.js Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"5a88-5fff9ac0c9a80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e4APVqMhjhBKcKg7DzD8O%2FhLLQcU5T0JXWYAK8Ts6aTN1B%2BHdYk53va3s5K%2FkC2vTAZiuVT94vYdf5rVCX%2BTsi3qkBOD9rAj%2BrZn6iwxFYcp7%2Br%2BD2Pg1OMddtzs%2FXYyPrpLTnLsdBE4l7P4"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 808ea97f6bac3bd2-WAW alt-svc h3=":443"; ma=86400
GET H2	200	loading.js Show response customs.unpaid-taxes.info/cntdjs/	2 KB 1 KB	94ms 94ms	Script application/javascript	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/cntdjs/loading.js Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `577839abe20e3b1915725950d51b8d7b8363ccb0b2dbaf2835075893b83739dc` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:42 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"91e-5fff9ac0c9a80-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KqdMY%2Bf5gz2CZpF9YnOrW3Ku50WADVbXolxUCJ2a78QnkaC6qSQBkTr5CI0fsvibt%2BScbfrn0XyVqhpmPBVXpR0Dn4cNUNjAbyim%2FLLh5IFSrG7HZ%2BkdXkR%2Bq5JHnGXGdXbPj1ccAplaHiAy"}],"group":"cf-nel","max_age":604800} content-type application/javascript cache-control max-age=14400 cf-ray 808ea97f6bad3bd2-WAW alt-svc h3=":443"; ma=86400
GET H2	200	styles.c14fce2ba80c26a0.css customs.unpaid-taxes.info/reepay/	16 KB 4 KB	97ms 97ms	Stylesheet text/css	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/reepay/styles.c14fce2ba80c26a0.css Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `bd7d3930d3c7da4bb809eeb3cf92cc5937fd3aa1a0e61cee26cef208dda2f457` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:27 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"3f22-5fff9ab27b8c0-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3T0Xb9KfeT8Z0Je1ZdmunThITx45CbUn45bSECtDKLya%2BeLaoYEgfb3PJfltr9pfBdj22E8GB%2BoKRyHE2G0o%2F4gz%2F4hREn%2Fw546KURyRN4lL0TWD1YrPM%2FZQbI1LDtuO1S%2BUere7jw%2BKkEzR"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808ea97f6ba93bd2-WAW alt-svc h3=":443"; ma=86400
GET H2	200	infile.css customs.unpaid-taxes.info/reepay/	18 KB 3 KB	101ms 100ms	Stylesheet text/css	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/reepay/infile.css Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d4da046a6f3e5fa7da0adde486f45170afd7db9ae0261331c59fd5c59b822760` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:29 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"49a4-5fff9ab463d40-gzip" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eDXzccbKN1ZZDY0VDwkMLifJmZlJQLuvlZhexPWZriTBI4rPzuESJeyc3ZKRBTpf%2FtTFYDhDpewqr%2FjifeQ5tq%2Bj5y8ZV%2FfA9SCSK5zd2EVg8jUft6L0LdoRTnFQWWuai79ILp6%2B9%2FCLwZoS"}],"group":"cf-nel","max_age":604800} content-type text/css cache-control max-age=14400 cf-ray 808ea97f6baa3bd2-WAW alt-svc h3=":443"; ma=86400
GET H3	200	anPostLogo.svg customs.unpaid-taxes.info/assets/	64 KB 48 KB	151ms 150ms	Image image/svg+xml	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://customs.unpaid-taxes.info/assets/anPostLogo.svg Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:25:50 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"10052-5fff9b01a3380" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zPm77TiV6%2F3ycF8KVf5y%2BfxisYcmArJibKAD1xlXn6drp%2Fl4xthHSBNVazCjnnoMs6dUKDqp9i6alI4m0WspdQAVlD152bOXtWF2T7gxArd2erz1GiFv65ArtUvz0Cp4fcAREnjZZfnHXM4B"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 808ea980397a3491-WAW alt-svc h3=":443"; ma=86400
GET H3	200	loadblack.svg customs.unpaid-taxes.info/reepay/	2 KB 1007 B	91ms 91ms	Image image/svg+xml	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://customs.unpaid-taxes.info/reepay/loadblack.svg Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/ Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `d32cb065414482445f33d9dfba971f8bbd224bf159d03d7e75668bafcb05f1ad` Request headers accept-language pl-PL,pl;q=0.9 Referer https://customs.unpaid-taxes.info/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:04 GMT content-encoding br cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:35 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag W/"69d-5fff9aba1cac0" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbgN55596%2FQxMuHL%2BbTtTgvWMuxgb0AcHanRkpxT0j%2BQuDcYx0tsc5OTAbl97%2F6VofYxQlLWbG0uKXoV2A5N%2B0FT%2F9HvWuUUyLYlMMeR4%2FGcLGsa05GgtvSTncWPe1A8A8tM7p%2FL0hC1tPru"}],"group":"cf-nel","max_age":604800} content-type image/svg+xml cache-control max-age=14400 cf-ray 808ea98189e33491-WAW alt-svc h3=":443"; ma=86400
GET DATA	200 OK	truncated /	339 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `db5cf0db08370f66dfe81f2c25aa8b4d07cb193f62977789ce1dab2c9f6132ee` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `e841c6f5f8f054f298a9e19a91e0df68808eb3a903a6cb579575429f6872950e` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	591 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `7cd0db0364af9c5f016833323e7a4c884a3a5b6c7ed5c4878693c658710e6c1e` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `f9f472a3d07ae1e0266ee943531b5f9112275284c02b6c6458ae2f44024e1b3f` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	588 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `752d28e0ed8ba234bf1e696f47c756c8a8843f6940229eba6bbf5bf464f22999` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET DATA	200 OK	truncated /	191 KB 0		Image image/png
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `37f2ae330fef28c671b6cbf03d88ef430cd67e41da243dd638551b3d1fa19700` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/png
GET DATA	200 OK	truncated /	575 B 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `ab82606ba85a53c62dfa7833280a45861b1dc60627a2cec4e4ab52dfb7a3fb8b` Request headers accept-language pl-PL,pl;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers Content-Type image/svg+xml;charset=utf8
GET H3	200	rawline-400.ea42a37247439622.woff2 customs.unpaid-taxes.info/reepay/	79 KB 80 KB	762ms 761ms	Font font/woff2	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/reepay/rawline-400.ea42a37247439622.woff2 Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/reepay/styles.c14fce2ba80c26a0.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash `8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401` Request headers Referer https://customs.unpaid-taxes.info/reepay/styles.c14fce2ba80c26a0.css Origin https://customs.unpaid-taxes.info accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:05 GMT cf-cache-status MISS last-modified Sat, 08 Jul 2023 13:24:34 GMT nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare etag "13d80-5fff9ab928880" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DMokNFqOUXvgsDkOmJeRgTEGhS79so93KGz5pMtQUh83YLry1wdarUHuWl%2BNHYPvz9r2HhMAe1i62r%2Fe7fQdIw6NDZofpoDhHyoVFcNR43fRwpNsup1rPDpAXSRGO1GmAcZv8DoZxJaXj441"}],"group":"cf-nel","max_age":604800} content-type font/woff2 cache-control max-age=14400 accept-ranges bytes cf-ray 808ea983aa753491-WAW alt-svc h3=":443"; ma=86400 content-length 81280
GET H3	404	AnPostSans-Bold.woff2 customs.unpaid-taxes.info/webfonts/	0 0	1708ms 1707ms	Font text/html	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/webfonts/AnPostSans-Bold.woff2 Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/assets/core.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://customs.unpaid-taxes.info/assets/core.min.css Origin https://customs.unpaid-taxes.info accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:06 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3e0xRtowjCkZAMsynZIBN5PQYkLkuZEGAsUybDZgahwCfHHDXE4W05bQeTTBajCkBvCr7Eb5exzKlHACkjiymJ66LNatnPT%2BXydwhSaS4YCVWLaJQAuI58QjjEUj4QoX4kbXHsz96CTzCghh"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808ea983aa763491-WAW alt-svc h3=":443"; ma=86400
GET H3	404	AnPostSans-Regular.woff2 customs.unpaid-taxes.info/webfonts/	0 0	702ms 701ms	Font text/html	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/webfonts/AnPostSans-Regular.woff2 Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/assets/core.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://customs.unpaid-taxes.info/assets/core.min.css Origin https://customs.unpaid-taxes.info accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:05 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WNPGIOSxogQlBy5rJJ6cdUYVNblViKfzE6pIeM57QoiqRT2o%2BKuoLJlZyo8TbgLVgM%2BzFewpnvOKZ3fG67owarfQXiGrmQdiqJIf841hcrvlYOXHKUx9cW3IbyOpzrGZiTMuu3%2FyAA5ib4jG"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808ea983aa773491-WAW alt-svc h3=":443"; ma=86400
GET H3	404	AnPostSans-Regular.woff customs.unpaid-taxes.info/webfonts/	0 0	1006ms 1005ms	Font text/html	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/webfonts/AnPostSans-Regular.woff Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/assets/core.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://customs.unpaid-taxes.info/assets/core.min.css Origin https://customs.unpaid-taxes.info accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:06 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xisG84YUfRfX%2FU6Hsde7Fg2TziXnQ7VuECfI67OoUgIuXNHiGsAgoHKM4zZkQuZX%2Bn%2BHLeEPopSL1e0DGaKiiPAQCE3Uf1nBhd095Xme2399284eLfejheViTnaHulE1w4GNjh7uehEmwc02"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808ea9881b753491-WAW alt-svc h3=":443"; ma=86400
GET H3	404	AnPostSans-Bold.woff customs.unpaid-taxes.info/webfonts/	0 0	95ms 93ms	Font text/html	104.21.36.82 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customs.unpaid-taxes.info/webfonts/AnPostSans-Bold.woff Requested by Host: customs.unpaid-taxes.info URL: https://customs.unpaid-taxes.info/assets/core.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.21.36.82 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Referer https://customs.unpaid-taxes.info/assets/core.min.css Origin https://customs.unpaid-taxes.info accept-language pl-PL,pl;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36 Response headers date Tue, 19 Sep 2023 03:15:06 GMT content-encoding br cf-cache-status MISS nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server cloudflare vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5bL%2Fmw%2BFX5JpjHnvlkmixGp%2BeCWcOWDBKBhf0h%2BqGIZ4EwzAQqxlNjSgfDlh5yfobdMGSJv3%2FU%2F1RVsH7S6%2BCp7XMnYHS4%2FbCXcEhS5eutAwgpPjLYH2zUI3zZwTWK2%2FK6IzeLdSodS8sb9t"}],"group":"cf-nel","max_age":604800} content-type text/html; charset=iso-8859-1 cache-control max-age=14400 cf-ray 808ea98e6d663491-WAW alt-svc h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: An Post (Transportation)

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			customs.unpaid-taxes.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: i3f9dhdbb4doga6iijcclpdt5p

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://customs.unpaid-taxes.info/webfonts/AnPostSans-Regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs.unpaid-taxes.info/webfonts/AnPostSans-Bold.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs.unpaid-taxes.info/webfonts/AnPostSans-Regular.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs.unpaid-taxes.info/webfonts/AnPostSans-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

customs.unpaid-taxes.info
unpaid-taxes.info
104.21.36.82
172.67.190.171
37f2ae330fef28c671b6cbf03d88ef430cd67e41da243dd638551b3d1fa19700
56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c
577839abe20e3b1915725950d51b8d7b8363ccb0b2dbaf2835075893b83739dc
5acb69db0d8275e5fa0a5000bdd413529779277177bcdf90af13a09632f59eb7
752d28e0ed8ba234bf1e696f47c756c8a8843f6940229eba6bbf5bf464f22999
7cd0db0364af9c5f016833323e7a4c884a3a5b6c7ed5c4878693c658710e6c1e
8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
ab82606ba85a53c62dfa7833280a45861b1dc60627a2cec4e4ab52dfb7a3fb8b
bd7d3930d3c7da4bb809eeb3cf92cc5937fd3aa1a0e61cee26cef208dda2f457
bde63cda98d2198a19933540edb43bb53931a352202bffe75067ac9ba722673a
d32cb065414482445f33d9dfba971f8bbd224bf159d03d7e75668bafcb05f1ad
d4da046a6f3e5fa7da0adde486f45170afd7db9ae0261331c59fd5c59b822760
db5cf0db08370f66dfe81f2c25aa8b4d07cb193f62977789ce1dab2c9f6132ee
e841c6f5f8f054f298a9e19a91e0df68808eb3a903a6cb579575429f6872950e
ea6e4eeb0657eaa022da14c547528b40a17e2f84b534fb6790e12c53df57e019
f9f472a3d07ae1e0266ee943531b5f9112275284c02b6c6458ae2f44024e1b3f

customs.unpaid-taxes.info Open in urlscan Pro 104.21.36.82 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

14 Requests

100 %HTTPS

0 %IPv6

1 Domains

2 Subdomains

2 IPs

2 Countries

2273 kBTransfer

5613 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

14 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

7 JavaScript Global Variables

1 Cookies

4 Console Messages

Indicators

customs.unpaid-taxes.info Open in urlscan Pro
104.21.36.82 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

2
Countries

2273 kB
Transfer

5613 kB
Size

1
Cookies

14 HTTP transactions
7 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!