customs-anpost.help Open in urlscan Pro
15.237.110.134 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://customs-anpost.help/e/authID=igAJn/
Effective URL:
https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww4...
Submission: On January 02 via api (January 2nd 2024, 2:15:58 am UTC) from US — Scanned from US

Summary HTTP 35 Redirects Links 27 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 35 HTTP transactions. The main IP is 15.237.110.134, located in Paris, France and belongs to AMAZON-02, US. The main domain is customs-anpost.help.
TLS certificate: Issued by R3 on January 1st 2024. Valid for: 3 months.

This is the only time customs-anpost.help was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: An Post (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 33	15.237.110.134 15.237.110.134	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4006:81c::2003	15169 (GOOGLE) (GOOGLE)
35	4

33 15.237.110.134 (Paris, France) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-15-237-110-134.eu-west-3.compute.amazonaws.com

customs-anpost.help	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81c::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
33	customs-anpost.help 1 redirects customs-anpost.help	515 KB
2	gstatic.com fonts.gstatic.com	16 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 395	5 KB
35	3

	Domain	Requested by
33	customs-anpost.help	1 redirects customs-anpost.help
2	fonts.gstatic.com	customs-anpost.help
1	cdnjs.cloudflare.com	customs-anpost.help
35	3

This site contains links to these domains. Also see Links.

Domain
my.postmobile.ie
addresspal.anpost.ie
personalbanking.anpost.com
money.anpost.com
currencycard.anpost.com
creditcardservices.anpost.com
www.tvlicence.ie
www.anpost.com
www.facebook.com
www.linkedin.com
twitter.com
www.youtube.com
www.instagram.com

Subject Issuer	Validity	Valid
customs-anpost.help R3	`2024-01-01` - `2024-03-31`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091
Frame ID: E00928C58527FAE57CFAFA3E6DD75D38
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Pay Customs Charge | Customs Online | An Post

Page URL History Show full URLs

https://customs-anpost.help/e/authID=igAJn/ HTTP 302
https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+Akau... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

35
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

536 kB
Transfer

1566 kB
Size

1
Cookies

27 Outgoing links

These are links going to different origins than the main page.

URL: https://my.postmobile.ie/Login
Title: Go to An Post Mobile

Search URL Search Domain Scan URL

URL: https://addresspal.anpost.ie/
Title: UK & US Virtual Address (AddressPal)

Search URL Search Domain Scan URL

URL: https://personalbanking.anpost.com/activation
Title: Register for Online Banking

Search URL Search Domain Scan URL

URL: https://money.anpost.com/
Title: Log in to Online Banking

Search URL Search Domain Scan URL

URL: https://currencycard.anpost.com/
Title: Login to Currency Card

Search URL Search Domain Scan URL

URL: https://creditcardservices.anpost.com/
Title: Login to Online Banking

Search URL Search Domain Scan URL

URL: https://www.tvlicence.ie/home/tv-licence-home.html
Title: TV Licence

Search URL Search Domain Scan URL

URL: https://www.anpost.com/About
Title: About An Post

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Working-with-An-Post
Title: Working with An Post

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Media-Centre
Title: Media Centre

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Customer-Charter
Title: Customer Charter

Search URL Search Domain Scan URL

URL: https://www.anpost.com/About/An-Post-Irish-Book-Awards
Title: An Post Irish Book Awards

Search URL Search Domain Scan URL

URL: https://www.anpost.com/An-Post-Rebrand
Title: An Post Brand

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Community/Activitiesforstudents/Writing-Competition
Title: An Post Activities for Students

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Witness-history
Title: GPO Witness History

Search URL Search Domain Scan URL

URL: https://www.facebook.com/AnPost

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/an-post

Search URL Search Domain Scan URL

URL: https://twitter.com/Postvox

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/AnPostIRE

Search URL Search Domain Scan URL

URL: https://www.instagram.com/anpostofficial/

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Post-Parcels/Receiving/Pay-Customs-Charge?lang=ga-ie
Title: Gaeilge

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Security
Title: Security

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Terms-of-Use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Accessibility
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Terms-Conditions
Title: Terms & Conditions

Search URL Search Domain Scan URL

URL: https://www.anpost.com/Sitemap
Title: Sitemap

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://customs-anpost.help/e/authID=igAJn/ HTTP 302
https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

35 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request tracking.php Show response
customs-anpost.help/e/authID=igAJn/
Redirect Chain

https://customs-anpost.help/e/authID=igAJn/
https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091

196 KB
33 KB

129ms
129ms

Document
text/html

15.237.110.134
AMAZON-02

General

Source	Level	URL Text
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: Failed to decode downloaded font: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091#build/webfonts/AnPostSans-Regular.woff2
other	warning	URL: https://customs-anpost.help/e/authID=igAJn/tracking.php?sessionid=+9d+4bg21c7a5hij0386efDTXg+rmOK2p+AkauEHZ+b+F6P5+JB+g8fww47ISCGa9M+L13SYNo12988687091 Message: OTS parsing error: invalid sfntVersion: 1008813135
network	error	URL: https://customs-anpost.help/e/authID=igAJn/sources/html2canvas.min.js?_=1704161752913 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs-anpost.help/e/authID=igAJn/webfonts/AnPostSans-Bold.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs-anpost.help/e/authID=igAJn/webfonts/AnPostSans-Regular.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs-anpost.help/e/authID=igAJn/webfonts/AnPostSans-Bold.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://customs-anpost.help/e/authID=igAJn/webfonts/AnPostSans-Regular.woff Message: Failed to load resource: the server responded with a status of 404 ()

customs-anpost.help Open in urlscan Pro 15.237.110.134 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

100 %HTTPS

67 %IPv6

3 Domains

3 Subdomains

4 IPs

2 Countries

536 kBTransfer

1566 kBSize

1 Cookies

27 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

customs-anpost.help Open in urlscan Pro
15.237.110.134 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

536 kB
Transfer

1566 kB
Size

1
Cookies

35 HTTP transactions
5 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!