post-fees.top
Open in
urlscan Pro
185.80.128.157
Malicious Activity!
Public Scan
Submission: On February 20 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by R3 on February 16th 2024. Valid for: 3 months.
This is the only time post-fees.top was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: DHL (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
12 | 185.80.128.157 185.80.128.157 | 61053 (VPSNET-AS) (VPSNET-AS) | |
1 | 2606:4700::68... 2606:4700::6810:5814 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:80b::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a02:26f0:350... 2a02:26f0:3500:11::215:14c7 | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
1 | 2a04:4e42:600... 2a04:4e42:600::649 | 54113 (FASTLY) (FASTLY) | |
1 | 2a00:1450:400... 2a00:1450:4001:80f::200a | 15169 (GOOGLE) (GOOGLE) | |
6 | 2a00:1450:400... 2a00:1450:4001:830::2003 | 15169 (GOOGLE) (GOOGLE) | |
24 | 7 |
ASN20940 (AKAMAI-ASN1, NL)
cdn-uicons.flaticon.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
12 |
post-fees.top
post-fees.top |
504 KB |
6 |
gstatic.com
fonts.gstatic.com |
48 KB |
2 |
flaticon.com
cdn-uicons.flaticon.com — Cisco Umbrella Rank: 192261 |
244 KB |
2 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 48 ajax.googleapis.com — Cisco Umbrella Rank: 434 |
92 KB |
1 |
jquery.com
code.jquery.com — Cisco Umbrella Rank: 940 |
82 KB |
1 |
jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 353 |
21 KB |
24 | 6 |
Domain | Requested by | |
---|---|---|
12 | post-fees.top |
post-fees.top
ajax.googleapis.com |
6 | fonts.gstatic.com |
fonts.googleapis.com
|
2 | cdn-uicons.flaticon.com |
post-fees.top
cdn-uicons.flaticon.com |
1 | ajax.googleapis.com |
post-fees.top
|
1 | code.jquery.com |
post-fees.top
|
1 | fonts.googleapis.com |
post-fees.top
|
1 | cdn.jsdelivr.net |
post-fees.top
|
24 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.post-fees.top R3 |
2024-02-16 - 2024-05-16 |
3 months | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-02 - 2024-05-01 |
a year | crt.sh |
upload.video.google.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
*.flaticon.com R3 |
2024-01-29 - 2024-04-28 |
3 months | crt.sh |
*.jquery.com Sectigo RSA Domain Validation Secure Server CA |
2023-07-11 - 2024-07-14 |
a year | crt.sh |
*.gstatic.com GTS CA 1C3 |
2024-01-29 - 2024-04-22 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://post-fees.top/delivery/TRACK/index.php?brand=dhl
Frame ID: C9E3285A06F2F380A93B7100622D8F2B
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
POSTDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Google Font API (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
- googleapis\.com/.+webfont
SweetAlert2 (JavaScript Libraries) Expand
Detected patterns
- /npm/sweetalert2@([\d.]+)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- /([\d.]+)/jquery(?:\.min)?\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jsDelivr (CDN) Expand
Detected patterns
- //cdn\.jsdelivr\.net/
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
24 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
index.php
post-fees.top/delivery/TRACK/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
post-fees.top/delivery/TRACK/assets/ |
8 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sweetalert2@11
cdn.jsdelivr.net/npm/ |
75 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
check.js
post-fees.top/delivery/blocker/ |
2 KB 749 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css2
fonts.googleapis.com/ |
159 KB 5 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uicons-regular-rounded.css
cdn-uicons.flaticon.com/uicons-regular-rounded/css/ |
144 KB 19 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.7.0.js
code.jquery.com/ |
278 KB 82 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
veri.png
post-fees.top/delivery/TRACK/assets/ |
48 KB 48 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
crd.png
post-fees.top/delivery/TRACK/assets/ |
111 KB 111 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
parcel.png
post-fees.top/delivery/TRACK/assets/ |
159 KB 160 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
barcode.png
post-fees.top/delivery/TRACK/assets/ |
4 KB 4 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
app.png
post-fees.top/delivery/TRACK/assets/ |
170 KB 171 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.4.1/ |
86 KB 87 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
dhl.svg
post-fees.top/delivery/TRACK/assets/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLDz8Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
uicons-regular-rounded.woff2
cdn-uicons.flaticon.com/uicons-regular-rounded/webfonts/ |
225 KB 225 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLFj_Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 8 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pxiGyp8kv8JHgFVrJJLucHtA.woff2
fonts.gstatic.com/s/poppins/v20/ |
8 KB 9 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loaddata.php
post-fees.top/delivery/TRACK/ |
34 B 448 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loaddata.php
post-fees.top/delivery/TRACK/ |
0 402 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loaddata.php
post-fees.top/delivery/TRACK/ |
34 B 447 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: DHL (Transportation)16 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| Sweetalert2 function| SweetAlert function| Swal function| sweetAlert function| swal function| $ function| jQuery function| emptyinput function| fullsubmit function| codesubmit function| exslash function| space function| startonline function| startidle function| startoffline function| loadlink1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
post-fees.top/ | Name: PHPSESSID Value: 8v3gb6ej2tlm29b3ji47b9gff3 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
ajax.googleapis.com
cdn-uicons.flaticon.com
cdn.jsdelivr.net
code.jquery.com
fonts.googleapis.com
fonts.gstatic.com
post-fees.top
185.80.128.157
2606:4700::6810:5814
2a00:1450:4001:80b::200a
2a00:1450:4001:80f::200a
2a00:1450:4001:830::2003
2a02:26f0:3500:11::215:14c7
2a04:4e42:600::649
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
265a924c42de4784cba8fd0e1bd77133bc833ea5f5a31fc77e08922c18fcfa43
2dd96abf540f4a40413f24288c30d82a2ac030cd146344c122d5cc85f0bc0c3c
362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419
40698a104ed646989a6ab35d25afe9e0c6b4e09db733d5f7f5206b88c2a4146e
41e33355ab17979b595aaf65d1631a2f57920432d397d7cf992a4090055c941f
50d0c1742d80ac71f4cde20e8c04d41a24806af342831f479938b527fbff0972
562ee8003f0759e0297af7ba1af01108d7b5fe1481079c85db09e7c5647d601d
6f0c572590421075878908e0b380c5a6d404f72aa7d6d125385943be658f8399
78bc3aa78faec288bbb3bf26c9a0fa4eb67b1e69da94a17233c5cab60525efdb
7adce3ec4bf8bac7ed6f9379126c46bacacf261c5ed482d9df11568266ce5a74
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
a76a5680185e1be224111779c2b7452877b4583e8c70a2be3ff2e9b51dd793c0
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d272b9612e72ac744606376332bdfe7f58c72ad4c3fb01dc73d27155127de835
d8fa6154fb4c4d0795b0a109b6f78b1c2e82333e97d066437aaba9ad5e79b6b2
db11a4fc22d5a46006394f263f5291e44b6cb969b45dc3bc266be4bb0e2946ba
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98eb8c01425b7c5c959174c9e5f1a1ddfc759b8f7202975c7bc5824719abefe
eac2f6a7ec35b76e2766a7531119f124063c987eb23be8c248a589cdc8393f2a
f2cadbbb5d946f14e43b483baae7ac7438de5b6756c9e893ca8720fdcaf85c4b
fb441ff081cc256b98959da540306b175fb66a28084595c4752bde82d10ba362