z-royalmail.shop
Open in
urlscan Pro
2606:4700:3033::ac43:9329
Malicious Activity!
Public Scan
Submission: On October 06 via api from GB — Scanned from GB
Summary
This is the only time z-royalmail.shop was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Royal Mail (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
18 | 2606:4700:303... 2606:4700:3033::ac43:9329 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 146.19.4.218 146.19.4.218 | 199242 (MALAKMADZE) (MALAKMADZE) | |
1 | 2606:4700:303... 2606:4700:3032::6815:59ca | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
34 | 4 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
19 |
z-royalmail.shop
z-royalmail.shop |
564 KB |
1 |
9ccc.shop
wss.9ccc.shop |
194 B |
34 | 2 |
Domain | Requested by | |
---|---|---|
19 | z-royalmail.shop |
z-royalmail.shop
|
1 | wss.9ccc.shop |
z-royalmail.shop
|
34 | 2 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
wss.9ccc.shop R3 |
2023-09-19 - 2023-12-18 |
3 months | crt.sh |
z-royalmail.shop GTS CA 1P5 |
2023-10-05 - 2024-01-03 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
http://z-royalmail.shop/
Frame ID: 34786B4CA9F753873E30E77FDA00D6FF
Requests: 35 HTTP requests in this frame
0 Outgoing links
These are links going to different origins than the main page.
Redirected requests
There were HTTP redirect chains for the following requests:
34 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
/
z-royalmail.shop/ |
685 B 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
loading.jpg
z-royalmail.shop/static/images/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
z-royalmail.shop/static/js/ |
83 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
urlConfig.json
z-royalmail.shop/config/ |
861 B 1 KB |
Script
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
axios.js
z-royalmail.shop/static/js/ |
42 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cityjson.php
wss.9ccc.shop/ |
42 B 194 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.js
z-royalmail.shop/config/ |
11 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
update_data.php
z-royalmail.shop/ |
21 B 607 B |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jsonip.php
z-royalmail.shop/ |
49 B 730 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css_iVnPLN_tw_0BwvlHazOAUSxoyWXOjLoP-6KR5pPhpxE.css
z-royalmail.shop/style1/ |
38 KB 9 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css__6NsxoZZPhWfqnbaEQb7wCY6LyRmdblZQ2D8Q7XDSIY.css
z-royalmail.shop/style1/ |
965 KB 146 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
index.css
z-royalmail.shop/css/ |
19 KB 4 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
logo.png
z-royalmail.shop/style1/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
delivered-or-collected.svg
z-royalmail.shop/style1/ |
9 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
SafeSpace-logo.png
z-royalmail.shop/style1/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_659rUnZUNIQFI-RCqXQkVKFn7j0yAUWVPOOlGLdMgrw.js.download
z-royalmail.shop/style1/ |
198 KB 199 KB |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
js_4Q3YWOsi1oWbcPIqgBnqN9y98H5FHa7K95ZAJ_lUn9A.js.download
z-royalmail.shop/style1/ |
42 KB 0 |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.validate.min.js.download
z-royalmail.shop/style1/ |
21 KB 0 |
Script
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
icon-chat.png
z-royalmail.shop/style1/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.min.js
z-royalmail.shop/static/js/ |
83 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
urlConfig.json
z-royalmail.shop/config/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
axios.js
z-royalmail.shop/static/js/ |
42 KB 13 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vue.js
z-royalmail.shop/static/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
cityjson.php
z-royalmail.shop/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
jquery-ui.js
z-royalmail.shop/static/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
vueConfig.js
z-royalmail.shop/static/js/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
10 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-medium.woff
z-royalmail.shop/assets/fonts/chevin/chevin-medium/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
search-white.svg
z-royalmail.shop/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
language-welsh.svg
z-royalmail.shop/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevron-down.svg
z-royalmail.shop/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
scam-guidance.png
z-royalmail.shop/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
keep-me-posted.png
z-royalmail.shop/assets/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
pfdintextstd-bold-webfont.woff
z-royalmail.shop/assets/fonts/pf-din-text-std/pf-din-text-std-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
GET |
chevin-bold.woff
z-royalmail.shop/assets/fonts/chevin/chevin-bold/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/style1/icon-chat.png
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/config/urlConfig.json
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/static/js/vue.js
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/cityjson.php
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/static/js/jquery-ui.js
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/static/js/vueConfig.js
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/fonts/chevin/chevin-medium/chevin-medium.woff
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/img/search-white.svg
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/img/language-welsh.svg
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/img/chevron-down.svg
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/img/scam-guidance.png
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/img/keep-me-posted.png
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/fonts/pf-din-text-std/pf-din-text-std-bold/pfdintextstd-bold-webfont.woff
- Domain
- z-royalmail.shop
- URL
- http://z-royalmail.shop/assets/fonts/chevin/chevin-bold/chevin-bold.woff
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Royal Mail (Government)7 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery object| url function| axios object| returnCitySN boolean| is boolean| isTrue0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
wss.9ccc.shop
z-royalmail.shop
z-royalmail.shop
146.19.4.218
2606:4700:3032::6815:59ca
2606:4700:3033::ac43:9329
05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668
0ad5c411b0e1c2b805eaf76ccfc4319a83decb9b41faba5f0420bc93471daada
0c49a4307509533c758f2a8f4908a93405f9c37adc8192ba722bf4a1c9bc1f44
2eeea39226ff8e508b47acc16dbaaff226c0c5361a938f31b9a42900b8013b38
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
4a087c29c92d6c14c08c5109c669f88f3588771350d1f304e4fde299e94776ec
834cebd37615cdc905e0020deefc80c8d1cb2747de1f112812a9939ed404f997
8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7
96b65382c74cd6255d4628044c5394f2ef3f0662d7d72b10f1bceb50b6ee5455
baf22e1f184e9e1eb6a259211ba7545596334954783d497fcb2d0e1946611dcb
dc330228fcb2df335350b4062b75ba8b1900542d52a7731d3e35a06fb7cbccd3
e1ee1eb92c6acc3fbf821c99963ad92dd9954d576eababe7f6df6800f91bc062
ed342d7da267ab272bf4d2c5292100dc6c221ddb0a9a50eaa7cb9b388ca5aa8e