www.canadapostredelivery.com
Open in
urlscan Pro
208.109.79.3
Malicious Activity!
Public Scan
Submitted URL: https://www.canadapostredelivery.com/
Effective URL: https://www.canadapostredelivery.com/postcode.php?sessionid=ee1af9a84ae098a2c559b0cc137fc711
Submission: On August 12 via automatic, source certstream-suspicious — Scanned from DE
Effective URL: https://www.canadapostredelivery.com/postcode.php?sessionid=ee1af9a84ae098a2c559b0cc137fc711
Submission: On August 12 via automatic, source certstream-suspicious — Scanned from DE
Summary
This website contacted 3 IPs
in 2 countries
across 3 domains to perform 19 HTTP transactions.
The main IP is 208.109.79.3, located in
United States and
belongs to AS-26496-GO-DADDY-COM-LLC, US.
The main domain is www.canadapostredelivery.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 12th 2022. Valid for: a year.
This is the only time www.canadapostredelivery.com was scanned on urlscan.io!
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 12th 2022. Valid for: a year.
This is the only time www.canadapostredelivery.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Canada Post (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 18 | 208.109.79.3 208.109.79.3 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
| 1 | 2a00:1450:400... 2a00:1450:4001:801::200a | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 2606:4700::68... 2606:4700::6811:190e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
| 19 | 3 |
18
208.109.79.3
(United States)
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-208-109-79-3.ip.secureserver.net
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-208-109-79-3.ip.secureserver.net
| www.canadapostredelivery.com |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 18 |
canadapostredelivery.com
1 redirects
www.canadapostredelivery.com |
42 KB |
| 1 |
cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 231 |
8 KB |
| 1 |
googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 267 |
31 KB |
| 19 | 3 |
| Domain | Requested by | |
|---|---|---|
| 18 | www.canadapostredelivery.com |
1 redirects
www.canadapostredelivery.com
|
| 1 | cdnjs.cloudflare.com |
www.canadapostredelivery.com
|
| 1 | ajax.googleapis.com |
www.canadapostredelivery.com
|
| 19 | 3 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| canadapostredelivery.com Go Daddy Secure Certificate Authority - G2 |
2022-08-12 - 2023-08-12 |
a year | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2022-07-18 - 2022-10-10 |
3 months | crt.sh |
| sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-08-03 - 2023-08-02 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://www.canadapostredelivery.com/postcode.php?sessionid=ee1af9a84ae098a2c559b0cc137fc711
Frame ID: 1C2AFCFD89BEF8B068A6626CFC861D11
Requests: 19 HTTP requests in this frame
Screenshot
Page Title
CandaPost | LoginPage URL History Show full URLs
-
https://www.canadapostredelivery.com/
HTTP 302
https://www.canadapostredelivery.com/postcode.php?sessionid=ee1af9a84ae098a2c559b0cc137fc711 Page URL
Detected technologies
PHP
(Programming Languages)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- \.php(?:$|\?)
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://www.canadapostredelivery.com/
HTTP 302
https://www.canadapostredelivery.com/postcode.php?sessionid=ee1af9a84ae098a2c559b0cc137fc711 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
19 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
Primary Request
postcode.php
www.canadapostredelivery.com/ Redirect Chain
|
8 KB 2 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
main2.css
www.canadapostredelivery.com/assets/css/ |
8 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ |
87 KB 31 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.validate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-validate/1.19.4/ |
24 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo2.svg
www.canadapostredelivery.com/assets/img/ |
938 B 646 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo1.svg
www.canadapostredelivery.com/assets/img/ |
12 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
magi.svg
www.canadapostredelivery.com/assets/img/ |
320 B 275 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
target.svg
www.canadapostredelivery.com/assets/img/ |
923 B 455 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
lines3.svg
www.canadapostredelivery.com/assets/img/ |
993 B 466 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
printer.svg
www.canadapostredelivery.com/assets/img/ |
511 B 367 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
logo3.svg
www.canadapostredelivery.com/assets/img/ |
3 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
blueicon.svg
www.canadapostredelivery.com/assets/img/ |
2 KB 685 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
bag.svg
www.canadapostredelivery.com/assets/img/ |
860 B 461 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
greentick.svg
www.canadapostredelivery.com/assets/img/ |
615 B 437 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
cross.svg
www.canadapostredelivery.com/assets/img/ |
625 B 433 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
iconsGrey.jpg
www.canadapostredelivery.com/assets/img/ |
2 KB 2 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
validate.js
www.canadapostredelivery.com/assets/js/ |
253 B 189 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
light.woff2
www.canadapostredelivery.com/assets/fonts/ |
15 KB 16 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
medium.woff2
www.canadapostredelivery.com/assets/fonts/ |
11 KB 11 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Canada Post (Transportation)10 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| www.canadapostredelivery.com/ | Name: PHPSESSID Value: 895051063892a76074059d33ae04c79b |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdnjs.cloudflare.com
www.canadapostredelivery.com
208.109.79.3
2606:4700::6811:190e
2a00:1450:4001:801::200a
29046ebe21dc95f00b650af4e08cf7e58f45ff5e0e64187e52d23cd92306d9c6
2c3ef75ec5c7389ab19835091856419a5e6c220a8446ed5145561705912ac971
3228f4cd6fd28ef733c3d98079f3478b1c4cb3338dcd7b95658ba731b817e113
3c568826d3e3d38ef5f552a8076054e17558571c496d0251d1394d92873ec6d8
4fb69ddb1016cfb494dc95ba59e09e7850f6efb4c0b414f2e353553ea098363b
50537f4b4a252e311cdc7e25fb9f73e478a028f4e9aaec84136547a3e7067d9e
52044e8d2e2dc085d3cff4cb721560e811200cc7ed7ab45f5ee32467f895df0f
6310c7aa2cf8aac6ae05907efdcea34a65517078fb9dcb7182e4061fd61f26ed
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7b8f198fb4ff0aeee2b16424c515e687046032673ea6cf32408a04ed2c5a79ff
98992c1a3f3c2f804ea76c198dd9ed044e088eed9448c75893c3def2620bf5c5
b1d438d6b1ef08dfd61b8a5d92bfb48d12230fc236561780ae25ce9da1b15505
d1612f2fe4165980265579d42939a946950c777a43dc6d2e75022690e6562cd2
e467e89a41e68909313eef448847f3446650158fb5d046295fea70fd7d776b87
eb53bd4dea7062e9a7eb7b5cc56576ac7d773142684850caa93c6f4ae2104a40
f617714c671b9decca6a0e9167e6a5bbce3f1b7e5acf26cd535e70d7e7fa2118
f632c0b8d8296638c7bbaa806661c6394d84d41dbd10e33327ee7434888d15b1
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d