paris-to.com
Open in
urlscan Pro
2606:4700:3033::ac43:cc39
Malicious Activity!
Public Scan
Effective URL: https://paris-to.com/
Submission: On March 12 via manual from US — Scanned from US
Summary
TLS certificate: Issued by GTS CA 1P5 on February 27th 2024. Valid for: 3 months.
This is the only time paris-to.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: USPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3037::6815:319c | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:10:... 2606:4700:10::ac43:8ee | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 2606:4700:303... 2606:4700:3033::6815:5d27 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
8 | 2606:4700:303... 2606:4700:3033::ac43:cc39 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
9 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
9 |
paris-to.com
1 redirects
paris-to.com |
171 KB |
1 |
cutt.ly
1 redirects
cutt.ly — Cisco Umbrella Rank: 60836 |
386 B |
1 |
usp4b311.co
1 redirects
usp4b311.co |
648 B |
0 |
iplogger.com
Failed
iplogger.com Failed |
|
9 | 4 |
Domain | Requested by | |
---|---|---|
9 | paris-to.com |
1 redirects
paris-to.com
|
1 | cutt.ly | 1 redirects |
1 | usp4b311.co | 1 redirects |
0 | iplogger.com Failed |
paris-to.com
|
9 | 4 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
paris-to.com GTS CA 1P5 |
2024-02-27 - 2024-05-27 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://paris-to.com/
Frame ID: BDD59E6B76D6E4A936CF6510909DE2DA
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
U𝑺𝑷𝑺.com® - U𝑺𝑷𝑺 Tracking® ResultsPage URL History Show full URLs
-
http://usp4b311.co/
HTTP 301
https://cutt.ly/Bw1JyXVp HTTP 301
http://paris-to.com/ HTTP 301
https://paris-to.com/ Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://usp4b311.co/
HTTP 301
https://cutt.ly/Bw1JyXVp HTTP 301
http://paris-to.com/ HTTP 301
https://paris-to.com/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
paris-to.com/ Redirect Chain
|
987 B 987 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET |
1ZmLZ4
iplogger.com/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chunk-vendors.ca913239.js
paris-to.com/js/ |
99 KB 38 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
app.e4905b08.js
paris-to.com/js/ |
8 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
app.9b8d7b51.css
paris-to.com/css/ |
35 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
loading.jpg
paris-to.com/ |
80 KB 80 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
logo_mobile.66d3314d.svg
paris-to.com/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
5 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
6.d26a0f1e.png
paris-to.com/img/ |
9 KB 9 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
7 KB 0 |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
mavenpro.5df981a4.woff
paris-to.com/fonts/ |
12 KB 13 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- iplogger.com
- URL
- https://iplogger.com/1ZmLZ4
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: USPS (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| webpackChunkvue_usps boolean| __VUE__1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
cutt.ly/ | Name: PHPSESSID Value: fkq738o4d0qhbvidar9ec6iv10 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cutt.ly
iplogger.com
paris-to.com
usp4b311.co
iplogger.com
2606:4700:10::ac43:8ee
2606:4700:3033::6815:5d27
2606:4700:3033::ac43:cc39
2606:4700:3037::6815:319c
05eb745176d79ec27d52d544582483fc4d0f6378c7ed2060be24dfc4e8990668
0bb0b33257d0cc3a271566b5e39a81341439a95c8ee4315616b8f1fee52e4ec3
24d2c45bff848313aa65bc56a4203ed1c4b7cd85b7b9f6eb9b85d05648581ff4
4d11f37fae309c522c4c45d9f75cb48f0651a09a9d278cddbd19a1a8e31aa9a3
9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2
aa2a82bbec6afb10324988b2003e61d47a09708b25ac0e2ce3b64950aa2b7a35
b106acf20bd4b5ff01ddb53be3c6f3173682ea42b893f31a1400e09de0be9e49
bee8ee56c3e18aec4ef04b5e5a3dfd6fa6d0de71e9860ad0efeb1c7647092844
d548d32f1acad054d35791fb4494b2f14792ea11199a1d7ce8dd7e1b43ccfd11
e36eaeb05ac9e38a5e6ee0fea36ded8da7707532912f061ef6d445603fb5bfa9
fc8abacb97d2e71cafbfdd4705d6f914e189d7825edff03d7a95acaca7f98ef1
fc9e259669117b3e2c814392798e23871961db27b54ef88731aae886f5c4f58d