customstax.click
Open in
urlscan Pro
104.21.66.41
Malicious Activity!
Public Scan
Effective URL: https://customstax.click/
Submission Tags: @ecarlesi threat #phishing #postvox Search All
Submission: On October 21 via api from AU — Scanned from AU
Summary
TLS certificate: Issued by GTS CA 1P5 on September 9th 2023. Valid for: 3 months.
This is the only time customstax.click was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: An Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 104.21.76.144 104.21.76.144 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 172.67.196.29 172.67.196.29 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 104.21.66.41 104.21.66.41 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
14 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
customstax.click
customstax.click |
2 MB |
2 |
customspost.info
2 redirects
customspost.info |
1 KB |
14 | 2 |
Domain | Requested by | |
---|---|---|
14 | customstax.click |
customstax.click
|
2 | customspost.info | 2 redirects |
14 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
customstax.click GTS CA 1P5 |
2023-09-09 - 2023-12-08 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://customstax.click/
Frame ID: 22C9CC3BB220D2CA3E589CA866B1C8E7
Requests: 21 HTTP requests in this frame
Screenshot
Page Title
Track your post and parcels | Personal | An PostPage URL History Show full URLs
-
http://customspost.info/
HTTP 301
https://customspost.info/ HTTP 302
https://customstax.click/ Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://customspost.info/
HTTP 301
https://customspost.info/ HTTP 302
https://customstax.click/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
customstax.click/ Redirect Chain
|
56 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
core.min.css
customstax.click/assets/ |
5 MB 2 MB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
customstax.click/cntdjs/ |
88 KB 32 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.mask.js
customstax.click/cntdjs/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.js
customstax.click/cntdjs/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.c14fce2ba80c26a0.css
customstax.click/reepay/ |
16 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
infile.css
customstax.click/reepay/ |
18 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
anPostLogo.svg
customstax.click/assets/ |
64 KB 48 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loadblack.svg
customstax.click/reepay/ |
2 KB 944 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
339 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
591 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
588 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
191 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
575 B 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
rawline-400.ea42a37247439622.woff2
customstax.click/reepay/ |
79 KB 80 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AnPostSans-Bold.woff2
customstax.click/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AnPostSans-Regular.woff2
customstax.click/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AnPostSans-Regular.woff
customstax.click/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
AnPostSans-Bold.woff
customstax.click/webfonts/ |
0 0 |
Font
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: An Post (Transportation)6 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery function| check_validity function| showValue1 function| showValue2 function| showValue32 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
customspost.info/ | Name: PHPSESSID Value: 4ht8138s54lgb02miics72c7is |
|
customstax.click/ | Name: PHPSESSID Value: vuuhumgnlua3gn0g3l65l8vnb5 |
4 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
customspost.info
customstax.click
104.21.66.41
104.21.76.144
172.67.196.29
37f2ae330fef28c671b6cbf03d88ef430cd67e41da243dd638551b3d1fa19700
56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c
577839abe20e3b1915725950d51b8d7b8363ccb0b2dbaf2835075893b83739dc
5acb69db0d8275e5fa0a5000bdd413529779277177bcdf90af13a09632f59eb7
752d28e0ed8ba234bf1e696f47c756c8a8843f6940229eba6bbf5bf464f22999
7cd0db0364af9c5f016833323e7a4c884a3a5b6c7ed5c4878693c658710e6c1e
8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
ab82606ba85a53c62dfa7833280a45861b1dc60627a2cec4e4ab52dfb7a3fb8b
bd7d3930d3c7da4bb809eeb3cf92cc5937fd3aa1a0e61cee26cef208dda2f457
bde63cda98d2198a19933540edb43bb53931a352202bffe75067ac9ba722673a
d32cb065414482445f33d9dfba971f8bbd224bf159d03d7e75668bafcb05f1ad
d4da046a6f3e5fa7da0adde486f45170afd7db9ae0261331c59fd5c59b822760
db5cf0db08370f66dfe81f2c25aa8b4d07cb193f62977789ce1dab2c9f6132ee
e841c6f5f8f054f298a9e19a91e0df68808eb3a903a6cb579575429f6872950e
ea6e4eeb0657eaa022da14c547528b40a17e2f84b534fb6790e12c53df57e019
f9f472a3d07ae1e0266ee943531b5f9112275284c02b6c6458ae2f44024e1b3f