Submitted URL: http://customspost.info/
Effective URL: https://customstax.click/
Submission Tags: @ecarlesi threat #phishing #postvox Search All
Submission: On October 21 via api from AU — Scanned from AU

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 14 HTTP transactions. The main IP is 104.21.66.41, located in and belongs to CLOUDFLARENET, US. The main domain is customstax.click.
TLS certificate: Issued by GTS CA 1P5 on September 9th 2023. Valid for: 3 months.
This is the only time customstax.click was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: An Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 104.21.76.144 13335 (CLOUDFLAR...)
1 1 172.67.196.29 13335 (CLOUDFLAR...)
14 104.21.66.41 13335 (CLOUDFLAR...)
14 2
Apex Domain
Subdomains
Transfer
14 customstax.click
customstax.click
2 MB
2 customspost.info
customspost.info
1 KB
14 2
Domain Requested by
14 customstax.click customstax.click
2 customspost.info 2 redirects
14 2

This site contains no links.

Subject Issuer Validity Valid
customstax.click
GTS CA 1P5
2023-09-09 -
2023-12-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://customstax.click/
Frame ID: 22C9CC3BB220D2CA3E589CA866B1C8E7
Requests: 21 HTTP requests in this frame

Screenshot

Page Title

Track your post and parcels | Personal | An Post

Page URL History Show full URLs

  1. http://customspost.info/ HTTP 301
    https://customspost.info/ HTTP 302
    https://customstax.click/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

2273 kB
Transfer

5613 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://customspost.info/ HTTP 301
    https://customspost.info/ HTTP 302
    https://customstax.click/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
customstax.click/
Redirect Chain
  • http://customspost.info/
  • https://customspost.info/
  • https://customstax.click/
56 KB
8 KB
Document
General
Full URL
https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea6e4eeb0657eaa022da14c547528b40a17e2f84b534fb6790e12c53df57e019

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
81960d831f5a3e76-ADL
content-encoding
br
content-type
text/html; charset=UTF-8
date
Sat, 21 Oct 2023 02:25:56 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRfvLTxzfQ%2B8pldndIRynBOfwswNe%2FvMr%2Fh9dIl5v6KlRZbeiPi5BmvW%2BZr1InBFCbAp3iHFjucAaQA5uCJ28QfzpGF0eBxlQt1emSGxUlvSYBDL3Px9jytWDXQa5Cyz6mGd"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
81960d7d9fd255f1-ADL
content-type
text/html; charset=UTF-8
date
Sat, 21 Oct 2023 02:25:55 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
https://customstax.click/
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vyD6S6RzI53bt0iO9URzbCaBQk%2Fsbjav6WYS9puaHzLnbt%2FcVgLHGeQoz09ScF0IF5EiZl4Edb3TLmLeHOpeZMKWsx19OQPEXqUW2SwiW%2FNXhqJdPmE50h5LGSZAVUY7uUTR"}],"group":"cf-nel","max_age":604800}
server
cloudflare
core.min.css
customstax.click/assets/
5 MB
2 MB
Stylesheet
General
Full URL
https://customstax.click/assets/core.min.css
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5acb69db0d8275e5fa0a5000bdd413529779277177bcdf90af13a09632f59eb7

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:26:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"4f332f-5fff9b25e0900-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AO6vV7Lwm7x4BFIdZdB10jdBHwuqdsVi2mm57Ipvd48MpKgzkk%2FvSFHOqof3U%2FdiFx5jdU6t1WsLuBr2Fn396OeMfpumvaxzESPJjuJ565n1eDzJT%2BCpYCKSvWKH%2BkzA%2Fv8J"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
81960d86cb663e76-ADL
alt-svc
h3=":443"; ma=86400
jquery.js
customstax.click/cntdjs/
88 KB
32 KB
Script
General
Full URL
https://customstax.click/cntdjs/jquery.js
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bde63cda98d2198a19933540edb43bb53931a352202bffe75067ac9ba722673a

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sun, 17 Sep 2023 14:31:28 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"15f86-6058ee18ef000-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=17pC%2BWQmoCxaVX4XxaPcSv1iYeRIePQkSq0C1JFhqoHE2PwRrCy8p2rVWS1oQ3NtozwUCR8VzBT47%2BfIm3XMqimfIPIMf8DG8ynZIlge%2B4ECu3CxNs2ZwEzHw3vAoEJg85p%2F"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
81960d86cb6d3e76-ADL
alt-svc
h3=":443"; ma=86400
jquery.mask.js
customstax.click/cntdjs/
23 KB
6 KB
Script
General
Full URL
https://customstax.click/cntdjs/jquery.mask.js
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:56 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"5a88-5fff9ac0c9a80-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=auEIGWyMkoVAnaE905YPfYbWgAW7yWRO3iKChlf6cUp%2FlCrR6K3rNjVObb0JwgE02zO16rC1ze0e%2B7oBy1hUUm4ofsCCXMWdZqhL8Xr7ithTP%2Bf5NJKDOaYrsDb%2FRnZ6bOlM"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
81960d86cb6f3e76-ADL
alt-svc
h3=":443"; ma=86400
loading.js
customstax.click/cntdjs/
2 KB
1 KB
Script
General
Full URL
https://customstax.click/cntdjs/loading.js
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
577839abe20e3b1915725950d51b8d7b8363ccb0b2dbaf2835075893b83739dc

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:56 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:42 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"91e-5fff9ac0c9a80-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Afnkkq3WmqBNK%2BcOM1KG0DPAosFmtw3j8PNeps5SJRQAU0cYPU9fvA6XS0pdtjtgXk0D0A1eGAwtvRQtLl4JD4gNXlV9hTbH2rdH%2F6j7YTyee6TPu86a7EWYydXXEjOuv6G%2B"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=14400
cf-ray
81960d86cb703e76-ADL
alt-svc
h3=":443"; ma=86400
styles.c14fce2ba80c26a0.css
customstax.click/reepay/
16 KB
4 KB
Stylesheet
General
Full URL
https://customstax.click/reepay/styles.c14fce2ba80c26a0.css
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd7d3930d3c7da4bb809eeb3cf92cc5937fd3aa1a0e61cee26cef208dda2f457

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:56 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:27 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"3f22-5fff9ab27b8c0-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S%2BU0wD28R6s2ZmO7OzM4yFuiXSjtcvwCKqM1akjFJubLMWkYXcJsrQvi2T%2FWxU2tAW5Uw5FUcAjRz1MFhawYFhYp8nyAngO%2Fod1Q6li3LtPMqNfs5A81y1oAZ2FW%2BgE0xv%2Bs"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
81960d86cb693e76-ADL
alt-svc
h3=":443"; ma=86400
infile.css
customstax.click/reepay/
18 KB
3 KB
Stylesheet
General
Full URL
https://customstax.click/reepay/infile.css
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4da046a6f3e5fa7da0adde486f45170afd7db9ae0261331c59fd5c59b822760

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:56 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"49a4-5fff9ab463d40-gzip"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NIB%2FMSzMFna9ElZZjnBWyxi8X8nwZoicxkaAoHl9Q1ktMQChkKTB65KpbG4FZe0ZrK0Hh4OZH0EQFviOPSrd9HFEXwYdFw65bpXaqj1Odtv8wo2rBe62VfDB11pahlElIqbO"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
max-age=14400
cf-ray
81960d86cb6b3e76-ADL
alt-svc
h3=":443"; ma=86400
anPostLogo.svg
customstax.click/assets/
64 KB
48 KB
Image
General
Full URL
https://customstax.click/assets/anPostLogo.svg
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
56070667e7c231cf6d86005febb13929fe5873d327926478c332e5ccfbc9073c

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:25:50 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"10052-5fff9b01a3380"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=maiI%2BC%2FY197WxEEt7IKpFvx47qkZ3xHKrCNvHutO9%2F3dkbndVqDsv7EmE%2FYqLuDh8jlZDgvSGHQMvDMEO0qzUL%2BLriJRSxCsVNC4RV05vajmKwbnLd5CWA1l57KXy%2F11%2Bj1I"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
81960d86cb723e76-ADL
alt-svc
h3=":443"; ma=86400
loadblack.svg
customstax.click/reepay/
2 KB
944 B
Image
General
Full URL
https://customstax.click/reepay/loadblack.svg
Requested by
Host: customstax.click
URL: https://customstax.click/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d32cb065414482445f33d9dfba971f8bbd224bf159d03d7e75668bafcb05f1ad

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://customstax.click/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:57 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:35 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"69d-5fff9aba1cac0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z8Yj1dxyI5RKqyZl5ztg7bNfG8WNNnVBcSznXU%2FWmZwrAZSLs%2F5azujVRB3oQTRsidlnid0nToNnvXXYIP15NtB1y8kSWd%2FBiWSJeO1mbl1kkBBzfCUd8xflGtTh%2Fv4JGnBj"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
81960d86eb973e76-ADL
alt-svc
h3=":443"; ma=86400
truncated
/
339 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db5cf0db08370f66dfe81f2c25aa8b4d07cb193f62977789ce1dab2c9f6132ee

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e841c6f5f8f054f298a9e19a91e0df68808eb3a903a6cb579575429f6872950e

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
591 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7cd0db0364af9c5f016833323e7a4c884a3a5b6c7ed5c4878693c658710e6c1e

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9f472a3d07ae1e0266ee943531b5f9112275284c02b6c6458ae2f44024e1b3f

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
588 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
752d28e0ed8ba234bf1e696f47c756c8a8843f6940229eba6bbf5bf464f22999

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/
191 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
37f2ae330fef28c671b6cbf03d88ef430cd67e41da243dd638551b3d1fa19700

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
575 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab82606ba85a53c62dfa7833280a45861b1dc60627a2cec4e4ab52dfb7a3fb8b

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
rawline-400.ea42a37247439622.woff2
customstax.click/reepay/
79 KB
80 KB
Font
General
Full URL
https://customstax.click/reepay/rawline-400.ea42a37247439622.woff2
Requested by
Host: customstax.click
URL: https://customstax.click/reepay/styles.c14fce2ba80c26a0.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e9d1aba37a102665016fffea61a124e6c385d6783d6cef869f9910c6115a401

Request headers

Referer
https://customstax.click/reepay/styles.c14fce2ba80c26a0.css
Origin
https://customstax.click
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:59 GMT
cf-cache-status
MISS
last-modified
Sat, 08 Jul 2023 13:24:34 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"13d80-5fff9ab928880"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UViy%2FBQGTmwlyNx9Y%2BLE89%2B9V%2Fr2IUsZnJU9%2BLMGIqIx8nDXhvZGdkMMdzL2ErsUAScm%2Bjj7RBhEoHq76TJK8p7STvBXkeSaxEC0wUebpHyWLb9GMjQpv2rjX3wFo0yQSc4"}],"group":"cf-nel","max_age":604800}
content-type
font/woff2
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
81960d9638633e75-ADL
alt-svc
h3=":443"; ma=86400
content-length
81280
AnPostSans-Bold.woff2
customstax.click/webfonts/
0
0
Font
General
Full URL
https://customstax.click/webfonts/AnPostSans-Bold.woff2
Requested by
Host: customstax.click
URL: https://customstax.click/assets/core.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://customstax.click/assets/core.min.css
Origin
https://customstax.click
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:59 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4KcJf0K40BVU8ZQZMjk4W%2BYvCMlwUkbeMXI3CHzpe7kyqF72RKQqPmdwzbtOYcKJPW2F5NipbV2inRRd1KYTb%2FUtL709Me5hzSI%2FlAIuyEIOuHcWGad9r6DlmEWRPhNHQsLr"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
81960d9638643e75-ADL
alt-svc
h3=":443"; ma=86400
AnPostSans-Regular.woff2
customstax.click/webfonts/
0
0
Font
General
Full URL
https://customstax.click/webfonts/AnPostSans-Regular.woff2
Requested by
Host: customstax.click
URL: https://customstax.click/assets/core.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://customstax.click/assets/core.min.css
Origin
https://customstax.click
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:59 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4N5tzbwhXu1FpcZuty7k70ERLoWU71O6EUDqDJkQs9z1N11AGupal7QhhPxYmQdiH2g5ISGtQiu92LBYVX43wMsDrGy5%2B0Es6bBNOEGsQcpKhuSHscprbJQCrk%2F%2B65W3%2BMO"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
81960d9638653e75-ADL
alt-svc
h3=":443"; ma=86400
AnPostSans-Regular.woff
customstax.click/webfonts/
0
0
Font
General
Full URL
https://customstax.click/webfonts/AnPostSans-Regular.woff
Requested by
Host: customstax.click
URL: https://customstax.click/assets/core.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://customstax.click/assets/core.min.css
Origin
https://customstax.click
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:59 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qc%2BWrm6DSNGSmhOhjLM3VGCn%2BEYl0XJMVozOLF7C%2BxE9MuNDOd0n%2Bd3MLgERaAfXWg19J9L4nBbQm6P3RjofBSAuOTYO4AIP3%2BEvC3gbrjH8CEQQtZaUTIwDIrLp1BjgHxMV"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
81960d99ec243e75-ADL
alt-svc
h3=":443"; ma=86400
AnPostSans-Bold.woff
customstax.click/webfonts/
0
0
Font
General
Full URL
https://customstax.click/webfonts/AnPostSans-Bold.woff
Requested by
Host: customstax.click
URL: https://customstax.click/assets/core.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.21.66.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://customstax.click/assets/core.min.css
Origin
https://customstax.click
accept-language
en-AU,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Sat, 21 Oct 2023 02:25:59 GMT
content-encoding
br
cf-cache-status
MISS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYdbExFeSzeojyymk%2FZ09ajWTyLimbZifAW%2BJzNZ0Qn7aupE1WDCKuLPQzNJByXsjB9RFDtKqQKGPk5lJktFzBgbUqz8llmDoEX8xrGkhAZDzhWH5AFJi2f%2FjtVvbuJhthan"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=iso-8859-1
cache-control
max-age=14400
cf-ray
81960d99fc2d3e75-ADL
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: An Post (Transportation)

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| check_validity function| showValue1 function| showValue2 function| showValue3

2 Cookies

Domain/Path Name / Value
customspost.info/ Name: PHPSESSID
Value: 4ht8138s54lgb02miics72c7is
customstax.click/ Name: PHPSESSID
Value: vuuhumgnlua3gn0g3l65l8vnb5

4 Console Messages

Source Level URL
Text
network error URL: https://customstax.click/webfonts/AnPostSans-Regular.woff2
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://customstax.click/webfonts/AnPostSans-Bold.woff2
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://customstax.click/webfonts/AnPostSans-Regular.woff
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://customstax.click/webfonts/AnPostSans-Bold.woff
Message:
Failed to load resource: the server responded with a status of 404 ()