urlscan.io logo urlscan.io
SecurityTrails logo

australiapost10.web.app Open in urlscan Pro
2620:0:890::100  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://kendalo.ro/aus
Effective URL: https://australiapost10.web.app/billing
Submission: On April 21 via manual from AU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2620:0:890::100, located in United States and belongs to FASTLY, US. The main domain is australiapost10.web.app.
TLS certificate: Issued by GTS CA 1D4 on April 12th 2022. Valid for: 3 months.
This is the only time australiapost10.web.app was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australia Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
3 3 173.212.230.222 51167 (CONTABO)
6 2620:0:890::100 54113 (FASTLY)
6 2
Apex Domain
Subdomains		 Transfer
6 web.app
australiapost10.web.app
189 KB
3 kendalo.ro
kendalo.ro
408 B
6 2
Domain Requested by
6 australiapost10.web.app australiapost10.web.app
3 kendalo.ro 3 redirects
6 2

This site contains no links.

Subject Issuer Validity Valid
web.app
GTS CA 1D4		 2022-04-12 -
2022-07-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://australiapost10.web.app/billing
Frame ID: 0B259FF18A7CFBB1ADCACA20F9B22101
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Royal Mail

Page URL History Show full URLs

  1. http://kendalo.ro/aus HTTP 301
    https://kendalo.ro/aus HTTP 301
    https://kendalo.ro/aus/ HTTP 302
    https://australiapost10.web.app/billing Page URL

Page Statistics

6
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

189 kB
Transfer

1002 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://kendalo.ro/aus HTTP 301
    https://kendalo.ro/aus HTTP 301
    https://kendalo.ro/aus/ HTTP 302
    https://australiapost10.web.app/billing Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request billing
australiapost10.web.app/
Redirect Chain
  • http://kendalo.ro/aus
  • https://kendalo.ro/aus
  • https://kendalo.ro/aus/
  • https://australiapost10.web.app/billing
3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6ede2f366f1c621e4655dcddaf326e8482afc6532854dfd8b592458506646b75
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=3600
content-encoding
br
content-length
1238
content-type
text/html; charset=utf-8
date
Thu, 21 Apr 2022 08:13:52 GMT
etag
"a5bc074e4c6d37170b02009ece77d7fece7d99d95088a0625d9a8911b0b9af04-br"
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
x-cache-hits
1
x-served-by
cache-muc13960-MUC
x-timer
S1650528832.338250,VS0,VE0

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Thu, 21 Apr 2022 08:13:52 GMT
location
https://australiapost10.web.app/billing
server
nginx
vary
User-Agent
2.1d694c59.chunk.css
australiapost10.web.app/static/css/ 		515 KB
47 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://australiapost10.web.app/static/css/2.1d694c59.chunk.css
Requested by
Host: australiapost10.web.app
URL: https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
32bef47b4c97a769b25ef62501956fd1b6f51fbea54d827ae590257e1de8d12e
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://australiapost10.web.app/billing
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
x-timer
S1650528832.395436,VS0,VE1
etag
"60a904b6853008e51ba4bb930109246c1cf2b7c279d1a2a7e2b6d79941e2a84c-br"
x-served-by
cache-muc13960-MUC
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
date
Thu, 21 Apr 2022 08:13:52 GMT
accept-ranges
bytes
content-length
47747
x-cache-hits
1
main.e6b1f1f7.chunk.css
australiapost10.web.app/static/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://australiapost10.web.app/static/css/main.e6b1f1f7.chunk.css
Requested by
Host: australiapost10.web.app
URL: https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c811e694bf152e5030da90a3612371df91124392f8dfeae437f7d88c279a2036
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://australiapost10.web.app/billing
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
x-timer
S1650528832.395526,VS0,VE1
etag
"daea1023d32c7c580127507b1a4b12b81fc14582911ad667eb1a58db1aabbcb9-br"
x-served-by
cache-muc13960-MUC
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/css; charset=utf-8
cache-control
max-age=3600
date
Thu, 21 Apr 2022 08:13:52 GMT
accept-ranges
bytes
content-length
2310
x-cache-hits
1
2.ab809735.chunk.js
australiapost10.web.app/static/js/ 		433 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://australiapost10.web.app/static/js/2.ab809735.chunk.js
Requested by
Host: australiapost10.web.app
URL: https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
51cce355b569dea259c253094e168fa5d7b4c3d9962bad3f8315b5a12ead002b
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://australiapost10.web.app/billing
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
x-timer
S1650528832.395571,VS0,VE44
etag
"2abd958b878de1d00943091b833735d29593b4d41c4a4441a37201b9e70c3141-br"
x-served-by
cache-muc13960-MUC
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
date
Thu, 21 Apr 2022 08:13:52 GMT
accept-ranges
bytes
content-length
117970
x-cache-hits
1
main.ad69f566.chunk.js
australiapost10.web.app/static/js/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://australiapost10.web.app/static/js/main.ad69f566.chunk.js
Requested by
Host: australiapost10.web.app
URL: https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2b4ad74100fa01573d04b7281ea5f20d9ae0a5a9d3fd5df1c6cfce849655fc89
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://australiapost10.web.app/billing
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
x-timer
S1650528832.395604,VS0,VE1
etag
"d67d3617a5d5a5fbdf53f957232484ca764bcb1e72a6796b60bdc6dcb635e690-br"
x-served-by
cache-muc13960-MUC
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
date
Thu, 21 Apr 2022 08:13:52 GMT
accept-ranges
bytes
content-length
5891
x-cache-hits
1
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
73cb9c3374f6cdcd486a34b3216b744a4b21d2afcb6cccd82206844043e5173e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type
image/png
background.dfe9ebf8.png
australiapost10.web.app/static/media/ 		21 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://australiapost10.web.app/static/media/background.dfe9ebf8.png
Requested by
Host: australiapost10.web.app
URL: https://australiapost10.web.app/billing
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:0:890::100 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ff2271a4f385a3b2713a209f9a8285df4af8a4cf8832c3536e756206cd62ad49
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://australiapost10.web.app/billing
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
last-modified
Tue, 19 Apr 2022 05:16:55 GMT
x-timer
S1650528833.582080,VS0,VE1
etag
"d131e3980143e238e730b844fb1689831ab97fc2e9a54cf32779ad263d57e302-br"
x-served-by
cache-muc13960-MUC
vary
x-fh-requested-host, accept-encoding
x-cache
HIT
content-type
image/png
cache-control
max-age=3600
date
Thu, 21 Apr 2022 08:13:52 GMT
accept-ranges
bytes
content-length
16947
x-cache-hits
1

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australia Post (Transportation)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails object| webpackJsonpscjob object| regeneratorRuntime

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload