urlscan.io logo urlscan.io
SecurityTrails logo

ausp-adm864222.is-leet.com Open in urlscan Pro
162.254.33.130  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://swll.to/3mkfg
Effective URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Submission: On October 31 via manual from AU — Scanned from AU
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 162.254.33.130, located in United States and belongs to NAMECHEAP-NET, US. The main domain is ausp-adm864222.is-leet.com.
TLS certificate: Issued by R3 on October 29th 2022. Valid for: 3 months.
This is the only time ausp-adm864222.is-leet.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Australia Post (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 18.196.142.213 16509 (AMAZON-02)
2 11 162.254.33.130 22612 (NAMECHEAP...)
9 2
Apex Domain
Subdomains		 Transfer
11 is-leet.com
ausp-adm864222.is-leet.com
70 KB
1 swll.to
swll.to
415 B
9 2
Domain Requested by
11 ausp-adm864222.is-leet.com 2 redirects ausp-adm864222.is-leet.com
1 swll.to 1 redirects
9 2

This site contains no links.

Subject Issuer Validity Valid
ausp-adm864222.is-leet.com
R3		 2022-10-29 -
2023-01-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Frame ID: A0EDD36754AE37BB1F16F69108E4FD51
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Australia MyPost - Pay a bill

Page URL History Show full URLs

  1. https://swll.to/3mkfg HTTP 301
    https://ausp-adm864222.is-leet.com/ausp8652339925 HTTP 301
    https://ausp-adm864222.is-leet.com/ausp8652339925/ HTTP 302
    https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

70 kB
Transfer

187 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://swll.to/3mkfg HTTP 301
    https://ausp-adm864222.is-leet.com/ausp8652339925 HTTP 301
    https://ausp-adm864222.is-leet.com/ausp8652339925/ HTTP 302
    https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request billing.php
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/
Redirect Chain
  • https://swll.to/3mkfg
  • https://ausp-adm864222.is-leet.com/ausp8652339925
  • https://ausp-adm864222.is-leet.com/ausp8652339925/
  • https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
b07de3fe3335df44b7de7bc73913d19cbc2ee35b140726b450c3fb3c546d4ddb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
en-AU,en;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Mon, 31 Oct 2022 02:28:09 GMT
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding

Redirect headers

content-type
text/html; charset=UTF-8
date
Mon, 31 Oct 2022 02:28:08 GMT
location
auth/204fe6a3/billing.php?token=204fe6a3&local=AU
server
nginx
strict-transport-security
max-age=31536000
style.css
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/style.css
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
a0937f7edd561e7ee7ad79de36261545786d292edffcb805f0998559be246bac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:09 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
W/"635f32b8-c53"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
expires
Mon, 31 Oct 2022 14:28:09 GMT
jq.js
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		87 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/jq.js
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:09 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
W/"635f32b8-15d9d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Mon, 31 Oct 2022 14:28:09 GMT
v.js
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		51 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/v.js
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
c5d85d054886c5b1438c896e06123d5d18a0f530f2da3c46271047b1b40cef00
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:09 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
W/"635f32b8-cd77"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Mon, 31 Oct 2022 14:28:09 GMT
m.js
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/m.js
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
a199620fe981df00a825f78761d3f7c8870f8117daa4a890e08018dec386dae8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:09 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
W/"635f32b8-5a88"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Mon, 31 Oct 2022 14:28:09 GMT
logo-mypost.png
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/logo-mypost.png
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
6695fc58bb36ed9c9ab9473d3c63bcec77dd35c73e3c04fe863c58c73333fd63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:10 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
"635f32b8-752"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1874
expires
Wed, 30 Nov 2022 02:28:10 GMT
post-billpay.png
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/post-billpay.png
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
8d2d6405a951b0dcaeec9566b06813cb2be533064dbe6524ea42dcf48910596b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:10 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
"635f32b8-d22"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
3362
expires
Wed, 30 Nov 2022 02:28:10 GMT
secure.png
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		787 B
993 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/secure.png
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
e5372df7729b1978e1d9c9e161622ae83654a97bb072ccb1c8d96aafdbf1135f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:10 GMT
strict-transport-security
max-age=31536000
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
"635f32b8-313"
content-type
image/png
cache-control
max-age=2592000
accept-ranges
bytes
content-length
787
expires
Wed, 30 Nov 2022 02:28:10 GMT
ccv.js
ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/res/ccv.js
Requested by
Host: ausp-adm864222.is-leet.com
URL: https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.254.33.130 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
8338536908dbf97a2eeaf21a1390f707b867571d222dcf7be3d905e0a882b9aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
en-AU,en;q=0.9
Referer
https://ausp-adm864222.is-leet.com/ausp8652339925/auth/204fe6a3/billing.php?token=204fe6a3&local=AU
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 02:28:10 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
last-modified
Mon, 31 Oct 2022 02:28:08 GMT
server
nginx
etag
W/"635f32b8-2205"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=43200
expires
Mon, 31 Oct 2022 14:28:10 GMT
truncated
/ 		266 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
662294921ca6240beb0f2aecb7f7ac23dd085b782bbe52a369b20226d26afe33

Request headers

accept-language
en-AU,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Type
image/svg+xml

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Australia Post (Transportation)

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery object| ccerror number| ccvalidity object| cc number| mins number| secs object| timer object| loader function| submitcc function| startTimer function| updateTime

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000