usps-parcel-trackingid02934993.surge.sh Open in urlscan Pro
188.166.132.94 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bit.ly/39y9hd3
Effective URL:
https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Submission: On September 19 via manual (September 19th 2021, 6:16:48 am UTC) from US — Scanned from DE

Summary HTTP 19 Redirects Behaviour Indicators

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 19 HTTP transactions. The main IP is 188.166.132.94, located in Amsterdam, Netherlands and belongs to DIGITALOCEAN-ASN, US. The main domain is usps-parcel-trackingid02934993.surge.sh.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 28th 2021. Valid for: a year.

This is the only time usps-parcel-trackingid02934993.surge.sh was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-PR...) (GOOGLE-PRIVATE-CLOUD)
3	142.250.186.46 142.250.186.46	15169 (GOOGLE) (GOOGLE)
4	142.250.185.163 142.250.185.163	15169 (GOOGLE) (GOOGLE)
1	142.250.74.195 142.250.74.195	15169 (GOOGLE) (GOOGLE)
6	188.166.132.94 188.166.132.94	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	172.67.216.177 172.67.216.177	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.229.221.165 192.229.221.165	15133 (EDGECAST) (EDGECAST)
1	104.19.142.111 104.19.142.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
19	7

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-PRIVATE-CLOUD, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net

redirecturl000.page.link	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.163 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.74.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 188.166.132.94 (Amsterdam, Netherlands)

ASN14061 (DIGITALOCEAN-ASN, US)

usps-parcel-trackingid02934993.surge.sh	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.216.177 (United States)

ASN13335 (CLOUDFLARENET, US)

scampage.cc	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.229.221.165 (United States)

ASN15133 (EDGECAST, US)

www.usps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.19.142.111 (None, )

ASN13335 (CLOUDFLARENET, US)

i.gyazo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	surge.sh usps-parcel-trackingid02934993.surge.sh	106 KB
5	gstatic.com www.gstatic.com fonts.gstatic.com	115 KB
3	usps.com www.usps.com	3 KB
3	page.link redirecturl000.page.link	10 KB
1	gyazo.com i.gyazo.com	23 KB
1	scampage.cc scampage.cc	585 B
1	bit.ly 1 redirects bit.ly	269 B
19	7

	Domain	Requested by
6	usps-parcel-trackingid02934993.surge.sh	www.gstatic.com usps-parcel-trackingid02934993.surge.sh
4	www.gstatic.com	redirecturl000.page.link www.gstatic.com
3	www.usps.com
3	redirecturl000.page.link	redirecturl000.page.link www.gstatic.com
1	i.gyazo.com
1	scampage.cc	usps-parcel-trackingid02934993.surge.sh
1	fonts.gstatic.com	redirecturl000.page.link
1	bit.ly	1 redirects
19	8

This site contains no links.

Subject Issuer	Validity	Valid
*.page.link GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-08-30` - `2021-11-22`	3 months	crt.sh
*.surge.sh Sectigo RSA Domain Validation Secure Server CA	`2021-03-28` - `2022-04-25`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-17` - `2022-09-16`	a year	crt.sh
*.usps.com DigiCert SHA2 Secure Server CA	`2020-05-14` - `2022-05-16`	2 years	crt.sh
*.gyazo.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-03-23` - `2022-04-23`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Frame ID: 9E91D0F366256CDEE29B863B1E7EC135
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

usps

Page URL History Show full URLs

https://bit.ly/39y9hd3 HTTP 301
https://redirecturl000.page.link/Go1D?lidk=FP12C Page URL
https://usps-parcel-trackingid02934993.surge.sh/?ver=92392 Page URL

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<div [^>]*id="__nuxt"
/_nuxt/

Page Statistics

19
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

258 kB
Transfer

666 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bit.ly/39y9hd3 HTTP 301
https://redirecturl000.page.link/Go1D?lidk=FP12C Page URL
https://usps-parcel-trackingid02934993.surge.sh/?ver=92392 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

https://bit.ly/39y9hd3 HTTP 301
https://redirecturl000.page.link/Go1D?lidk=FP12C

19 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Go1D Show response
redirecturl000.page.link/
Redirect Chain

https://bit.ly/39y9hd3
https://redirecturl000.page.link/Go1D?lidk=FP12C

32 KB
10 KB

317ms
263ms

Document
text/html

142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://redirecturl000.page.link/Go1D?lidk=FP12C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

71207d34f54e2f7aa2d85d623df3f892c555c24f87132c39d70a308e480efdd3

Security Headers

Name	Value
Content-Security-Policy	script-src 'nonce-K+PiNKwJbpe84fx4mEnQTw' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

:method: GET
:authority: redirecturl000.page.link
:scheme: https
:path: /Go1D?lidk=FP12C
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
accept-language: de-DE,de;q=0.9
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Accept-Language: de-DE,de;q=0.9

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 19 Sep 2021 06:16:43 GMT
cross-origin-resource-policy: same-site
content-security-policy: script-src 'nonce-K+PiNKwJbpe84fx4mEnQTw' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

server: nginx
date: Sun, 19 Sep 2021 06:16:43 GMT
content-type: text/html; charset=utf-8
content-length: 135
cache-control: private, max-age=90
content-security-policy: referrer always;
location: https://redirecturl000.page.link/Go1D?lidk=FP12C
referrer-policy: unsafe-url
set-cookie: _bit=l8j6gH-1fcd4f4b84c9d8dcdc-00D; Domain=bit.ly; Expires=Fri, 18 Mar 2022 06:16:43 GMT
via: 1.1 google
alt-svc: clear

POST
H2 204 cspreport
redirecturl000.page.link/_/DurableDeepLinkUi/ 0
208 B 43ms
42ms Other
text/html 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://redirecturl000.page.link/_/DurableDeepLinkUi/cspreport

Requested by

Host: redirecturl000.page.link
URL: https://redirecturl000.page.link/Go1D?lidk=FP12C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport script-src 'nonce-rv8t5AtbVaX39ssiFxb/Kg' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-fetch-mode: no-cors
origin: https://redirecturl000.page.link
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: report
content-length: 468
:path: /_/DurableDeepLinkUi/cspreport
pragma: no-cache
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
content-type: application/csp-report
accept: */*
cache-control: no-cache
:authority: redirecturl000.page.link
referer: https://redirecturl000.page.link/Go1D?lidk=FP12C
:scheme: https
sec-fetch-site: same-origin
:method: POST
Referer: https://redirecturl000.page.link/Go1D?lidk=FP12C
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/csp-report

Response headers

pragma: no-cache
date: Sun, 19 Sep 2021 06:16:43 GMT
x-content-type-options: nosniff
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport script-src 'nonce-rv8t5AtbVaX39ssiFxb/Kg' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/am=AgAE/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/esmo=1/rs=ADpVLP5ZoXqrk8khaI7ngmbBchHKS5AcPA/ 157 KB
56 KB 78ms
23ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/am=AgAE/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/esmo=1/rs=ADpVLP5ZoXqrk8khaI7ngmbBchHKS5AcPA/m=_b,_tp

Requested by

Host: redirecturl000.page.link
URL: https://redirecturl000.page.link/Go1D?lidk=FP12C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

0d21f88de69ee9c50e9f639f8fda68f03fb31268861e8e0f8bc49ba8be543493

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirecturl000.page.link/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 14 Sep 2021 15:31:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398718
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 56263
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 23:26:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"boq-infra/devplatform-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/devplatform-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/devplatform-boq-js-css-signers"
expires: Wed, 14 Sep 2022 15:31:25 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 122ms
66ms Font
font/woff2 142.250.74.195
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: redirecturl000.page.link
URL: https://redirecturl000.page.link/Go1D?lidk=FP12C

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f3.1e100.net

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://redirecturl000.page.link/
Origin: https://redirecturl000.page.link
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Mon, 13 Sep 2021 15:25:14 GMT
x-content-type-options: nosniff
age: 485489
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10748
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 13 Sep 2022 15:25:14 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=_b,_tp/excm=_b,_tp,vie... 35 KB
13 KB 70ms
37ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=_b,_tp/excm=_b,_tp,viewddl/esmo=1/ed=1/wt=2/rs=ADpVLP5WiE_XipOYrpI0VJ1KrPfXr8BlXQ/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/am=AgAE/d=1/excm=_b,_tp,viewddl/ed=1/dg=0/wt=2/esmo=1/rs=ADpVLP5ZoXqrk8khaI7ngmbBchHKS5AcPA/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirecturl000.page.link/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Fri, 17 Sep 2021 13:47:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 145781
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13201
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 23:26:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"boq-infra/devplatform-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/devplatform-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/devplatform-boq-js-css-signers"
expires: Sat, 17 Sep 2022 13:47:02 GMT

GET
H3 200 m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,xcPxA
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=LEikZe,_b,_tp,byfTOb,l... 79 KB
28 KB 54ms
25ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,viewddl/esmo=1/ed=1/wt=2/rs=ADpVLP5WiE_XipOYrpI0VJ1KrPfXr8BlXQ/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,xcPxA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirecturl000.page.link/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 14 Sep 2021 15:35:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29138
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 23:26:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"boq-infra/devplatform-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/devplatform-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/devplatform-boq-js-css-signers"
expires: Wed, 14 Sep 2022 15:35:47 GMT

POST
H3 200 batchexecute
redirecturl000.page.link/_/DurableDeepLinkUi/data/ 140 B
174 B 53ms
53ms XHR
application/json 142.250.186.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://redirecturl000.page.link/_/DurableDeepLinkUi/data/batchexecute?rpcids=C2fiEc&f.sid=5483357576307572243&bl=boq_durabledeeplinkserver_20210913.12_p0&hl=en-US&_reqid=22604&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f14.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-fetch-mode: cors
x-same-domain: 1
origin: https://redirecturl000.page.link
accept-encoding: gzip, deflate, br
accept-language: de-DE,de;q=0.9
sec-fetch-dest: empty
content-length: 432
:path: /_/DurableDeepLinkUi/data/batchexecute?rpcids=C2fiEc&f.sid=5483357576307572243&bl=boq_durabledeeplinkserver_20210913.12_p0&hl=en-US&_reqid=22604&rt=c
pragma: no-cache
user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
content-type: application/x-www-form-urlencoded;charset=UTF-8
accept: */*
cache-control: no-cache
:authority: redirecturl000.page.link
referer: https://redirecturl000.page.link/
:scheme: https
sec-fetch-site: same-origin
:method: POST
X-Same-Domain: 1
Referer: https://redirecturl000.page.link/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Sun, 19 Sep 2021 06:16:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin-allow-popups; report-to="DurableDeepLinkUi"
x-frame-options: SAMEORIGIN
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=Wt6vjf,_latency,FCpbqb,WhJNk
www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=COQbmf,KG2eXe,LEikZe,N... 18 KB
7 KB 25ms
25ms Script
text/javascript 142.250.185.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=COQbmf,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,xcPxA,yDVVkb/excm=_b,_tp,viewddl/esmo=1/ed=1/wt=2/rs=ADpVLP5WiE_XipOYrpI0VJ1KrPfXr8BlXQ/m=Wt6vjf,_latency,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f3.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://redirecturl000.page.link/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Tue, 14 Sep 2021 15:35:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 398456
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/devplatform-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7457
x-xss-protection: 0
last-modified: Mon, 13 Sep 2021 23:26:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"boq-infra/devplatform-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/devplatform-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/devplatform-boq-js-css-signers"
expires: Wed, 14 Sep 2022 15:35:47 GMT

GET
H/1.1 200
OK Primary Request / Show response
usps-parcel-trackingid02934993.surge.sh/ 2 KB
1 KB 103ms
27ms Document
text/html 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Requested by: Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-devplatform/_/js/k=boq-devplatform.DurableDeepLinkUi.en_US.YQ7JinZx8Tg.es5.O/ck=boq-devplatform.DurableDeepLinkUi.RTJt8TNAIM0.L.W1.O/am=AgAE/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,viewddl/esmo=1/ed=1/wt=2/rs=ADpVLP5WiE_XipOYrpI0VJ1KrPfXr8BlXQ/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,xcPxA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: bb34cc9e6ec9561b4e2da6c0325b1f7b8065ddc3a600465487a64d17a72135a2

Request headers

Host: usps-parcel-trackingid02934993.surge.sh
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Accept-Language: de-DE,de;q=0.9
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://redirecturl000.page.link/
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Accept-Language: de-DE,de;q=0.9
Referer: https://redirecturl000.page.link/

Response headers

Server: Surge
Surge-Cache: HIT
Surge-Stamp: 24135::1631922035579-dd6730f993113ac3ca49cb74494af4aa
Age: 101754
Date: Sun, 19 Sep 2021 06:15:30 GMT
Cache-Control: public, max-age=0, must-revalidate
ETag: "bb34cc9e6ec9561b4e2da6c0325b1f7b8065ddc3a600465487a64d17a72135a2"
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Response-Time: 1ms
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: close
Transfer-Encoding: chunked

GET
H/1.1 200
OK 5ac4b0c.js Show response
usps-parcel-trackingid02934993.surge.sh/_nuxt/ 2 KB
2 KB 74ms
28ms Script
application/javascript 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/5ac4b0c.js
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 80601618a55e1eaf00eedc8fbef3e5b71b575c3d731ce78c1af9ff153c146a43

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usps-parcel-trackingid02934993.surge.sh
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 19 Sep 2021 06:15:30 GMT
Content-Encoding: gzip
Surge-Stamp: 24135::1631922035579-93373f7f1591a2b8357c4dd5825f6cf4
Server: Surge
Age: 101753
ETag: "80601618a55e1eaf00eedc8fbef3e5b71b575c3d731ce78c1af9ff153c146a43"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Response-Time: 1ms
Cache-Control: public, max-age=0, must-revalidate
Transfer-Encoding: chunked
Connection: close
Accept-Ranges: bytes
Surge-Cache: HIT

GET
H/1.1 200
OK 340edff.js Show response
usps-parcel-trackingid02934993.surge.sh/_nuxt/ 217 KB
76 KB 73ms
25ms Script
application/javascript 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/340edff.js
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 4347c160950bebcafb9acd7ffda30dddeffc95b9cb134a0f7b5147d731f9ec53

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usps-parcel-trackingid02934993.surge.sh
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 19 Sep 2021 06:15:30 GMT
Content-Encoding: gzip
Surge-Stamp: 28122::1631922035579-62b6e285935cd773afe952bc3ae5d57c
Server: Surge
Age: 793395
ETag: "4347c160950bebcafb9acd7ffda30dddeffc95b9cb134a0f7b5147d731f9ec53"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Response-Time: 1ms
Cache-Control: public, max-age=0, must-revalidate
Transfer-Encoding: chunked
Connection: close
Accept-Ranges: bytes
Surge-Cache: HIT

GET
H/1.1 200
OK bddd75b.js Show response
usps-parcel-trackingid02934993.surge.sh/_nuxt/ 74 KB
23 KB 75ms
27ms Script
application/javascript 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/bddd75b.js
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 0703c226883950f47a15504a80f6fc65a0a58c438a4031e19c924bd36ef67638

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usps-parcel-trackingid02934993.surge.sh
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 19 Sep 2021 06:15:30 GMT
Content-Encoding: gzip
Surge-Stamp: 24198::1631922035579-05bc81887868acc6c12e21f4927aedf3
Server: Surge
Age: 793395
ETag: "0703c226883950f47a15504a80f6fc65a0a58c438a4031e19c924bd36ef67638"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Response-Time: 2ms
Cache-Control: public, max-age=0, must-revalidate
Transfer-Encoding: chunked
Connection: close
Accept-Ranges: bytes
Surge-Cache: HIT

GET
H/1.1 200
OK 11ce98c.js Show response
usps-parcel-trackingid02934993.surge.sh/_nuxt/ 119 B
572 B 81ms
34ms Script
application/javascript 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/11ce98c.js
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 3e1e1cfa5f486954c3ca40fdd6e81978f557a1ba5a73d3c99dcead55591481fc

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usps-parcel-trackingid02934993.surge.sh
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 19 Sep 2021 06:15:30 GMT
Surge-Stamp: 21869::1631922035579-0397c8a23edd7edd886fb4218bcff300
Server: Surge
Age: 793395
ETag: "3e1e1cfa5f486954c3ca40fdd6e81978f557a1ba5a73d3c99dcead55591481fc"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Response-Time: 6ms
Cache-Control: public, max-age=0, must-revalidate
Connection: close
Accept-Ranges: bytes
Content-Length: 119
Surge-Cache: HIT

GET
H/1.1 200
OK 9c83f61.js Show response
usps-parcel-trackingid02934993.surge.sh/_nuxt/ 12 KB
3 KB 74ms
26ms Script
application/javascript 188.166.132.94
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/9c83f61.js
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/5ac4b0c.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 188.166.132.94 Amsterdam, Netherlands, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: Surge /
Resource Hash: 3472856406b1d3f880cb6839ceadb563d4ca44ca04352334aa8eb58bc512c77e

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: usps-parcel-trackingid02934993.surge.sh
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Sec-Fetch-Mode: no-cors
Accept: */*
Cache-Control: no-cache
Sec-Fetch-Dest: script
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
Connection: keep-alive
Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/?ver=92392
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

Date: Sun, 19 Sep 2021 06:15:31 GMT
Content-Encoding: gzip
Surge-Stamp: 21869::1631922035579-bfde24b1ab6348882c625348cdb7830b
Server: Surge
Age: 101752
ETag: "3472856406b1d3f880cb6839ceadb563d4ca44ca04352334aa8eb58bc512c77e"
Vary: Accept-Encoding
Content-Type: application/javascript; charset=UTF-8
Response-Time: 0ms
Cache-Control: public, max-age=0, must-revalidate
Transfer-Encoding: chunked
Connection: close
Accept-Ranges: bytes
Surge-Cache: HIT

GET
H2 200 check Show response
scampage.cc/ 1 B
585 B 1233ms
789ms XHR
text/html 172.67.216.177
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://scampage.cc/check
Requested by: Host: usps-parcel-trackingid02934993.surge.sh
URL: https://usps-parcel-trackingid02934993.surge.sh/_nuxt/340edff.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.216.177 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Accept: application/json, text/plain, */*
Referer: https://usps-parcel-trackingid02934993.surge.sh/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 19 Sep 2021 06:16:45 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2xC9dHlmXUyeK3UnfhKBuqjp9LwPsLav2yFOT5p%2FxyNS9pG%2FAdQe%2BKIjasrdAPr%2FwXdVYykQlI40F6bDRvFl3NgRGaZ8A3ruK4mPc%2BsV2Rd28QS70Af2YvI0fwdZyA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cf-ray: 6910afdf68b1d2cc-EZE
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H2 200 hamburger.svg
www.usps.com/assets/images/home/ 546 B
397 B 124ms
103ms Image
image/svg+xml 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/hamburger.svg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F4A) /

Resource Hash

b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
age: 6549
x-cache: HIT
vary: Accept-Encoding
content-length: 293
etag: "222-5494e7ed94c00+gzip"
access-control-allow-origin: https://www.usps.com
x-ec-custom-error: 1
last-modified: Fri, 24 Feb 2017 22:46:08 GMT
server: ECAcc (dcb/7F4A)
x-frame-options: SAMEORIGIN
date: Sun, 19 Sep 2021 06:16:45 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
content-type: image/svg+xml
x-ruleset-version: 2.2

GET
H2 200 logo_mobile.svg
www.usps.com/assets/images/home/ 2 KB
1012 B 125ms
104ms Image
image/svg+xml 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/logo_mobile.svg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F65) /

Resource Hash

9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
age: 8168
x-cache: HIT
vary: Accept-Encoding
content-length: 908
etag: "80c-547ddea221540+gzip"
access-control-allow-origin: https://www.usps.com
x-ec-custom-error: 1
last-modified: Mon, 06 Feb 2017 15:02:05 GMT
server: ECAcc (dcb/7F65)
x-frame-options: SAMEORIGIN
date: Sun, 19 Sep 2021 06:16:45 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
content-type: image/svg+xml
x-ruleset-version: 2.2

GET
H2 200 search.svg
www.usps.com/assets/images/home/ 1 KB
2 KB 121ms
100ms Image
image/svg+xml 192.229.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/search.svg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

192.229.221.165 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F4B) /

Resource Hash

c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
age: 8194
x-cache: HIT
vary: Accept-Encoding
content-length: 795
etag: "5b9-5494e7f535e00+gzip"
access-control-allow-origin: https://www.usps.com
x-ec-custom-error: 1
last-modified: Fri, 24 Feb 2017 22:46:16 GMT
server: ECAcc (dcb/7F4B)
x-frame-options: SAMEORIGIN
date: Sun, 19 Sep 2021 06:16:45 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
content-type: image/svg+xml
x-ruleset-version: 2.2

GET
H2 200 290b715a39c9f2b9c966442d0849dbe9.png
i.gyazo.com/ 22 KB
23 KB 83ms
37ms Image
image/png 104.19.142.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.gyazo.com/290b715a39c9f2b9c966442d0849dbe9.png
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.142.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 472898f1b4c4574f3d39f21c8ca1ba4b8a80a18b83943c34788f11fb4b259a42

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://usps-parcel-trackingid02934993.surge.sh/
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

date: Sun, 19 Sep 2021 06:16:45 GMT
via: 1.1 google
cf-cache-status: HIT
content-length: 22769
server: cloudflare
etag: "290b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: https://gyazo.com
cache-control: public, max-age=31536000
access-control-allow-credentials: true
content-dpr: 2.0
x-cache-level: ZS
accept-ranges: bytes
cf-ray: 6910afe3fdefc4b8-DUS
expires: Mon, 19 Sep 2022 06:16:45 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USPS (Transportation)

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bit.ly/	1970-01-20 01:39:44	Name: _bit Value: l8j6gH-1fcd4f4b84c9d8dcdc-00D
redirecturl000.page.link/	1970-01-19 22:03:44	Name: OTZ Value: 6162137_56_56__56_
i.gyazo.com/	1970-01-22 21:57:36	Name: Gyazo_cfwoker Value: i

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'nonce-K+PiNKwJbpe84fx4mEnQTw' 'unsafe-inline';object-src 'self';base-uri 'self';report-uri /_/DurableDeepLinkUi/cspreport;worker-src 'self' require-trusted-types-for 'script';report-uri /_/DurableDeepLinkUi/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
fonts.gstatic.com
i.gyazo.com
redirecturl000.page.link
scampage.cc
usps-parcel-trackingid02934993.surge.sh
www.gstatic.com
www.usps.com
104.19.142.111
142.250.185.163
142.250.186.46
142.250.74.195
172.67.216.177
188.166.132.94
192.229.221.165
67.199.248.10
0703c226883950f47a15504a80f6fc65a0a58c438a4031e19c924bd36ef67638
0d21f88de69ee9c50e9f639f8fda68f03fb31268861e8e0f8bc49ba8be543493
3472856406b1d3f880cb6839ceadb563d4ca44ca04352334aa8eb58bc512c77e
3e1e1cfa5f486954c3ca40fdd6e81978f557a1ba5a73d3c99dcead55591481fc
4347c160950bebcafb9acd7ffda30dddeffc95b9cb134a0f7b5147d731f9ec53
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
472898f1b4c4574f3d39f21c8ca1ba4b8a80a18b83943c34788f11fb4b259a42
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
71207d34f54e2f7aa2d85d623df3f892c555c24f87132c39d70a308e480efdd3
80601618a55e1eaf00eedc8fbef3e5b71b575c3d731ce78c1af9ff153c146a43
9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2
b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435
bb34cc9e6ec9561b4e2da6c0325b1f7b8065ddc3a600465487a64d17a72135a2
c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

usps-parcel-trackingid02934993.surge.sh Open in urlscan Pro 188.166.132.94 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

19 Requests

100 %HTTPS

0 %IPv6

7 Domains

8 Subdomains

7 IPs

3 Countries

258 kBTransfer

666 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

19 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

11 JavaScript Global Variables

3 Cookies

1 Console Messages

Security Headers

Indicators

usps-parcel-trackingid02934993.surge.sh Open in urlscan Pro
188.166.132.94 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

19
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

8
Subdomains

7
IPs

3
Countries

258 kB
Transfer

666 kB
Size

3
Cookies

19 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!