parcel-updater.com Open in urlscan Pro
64.191.166.198  Malicious Activity! Public Scan

34 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
4 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request home.php Show response parcel-updater.com/	188 KB 188 KB	2773ms 2271ms	Document text/html	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash 892b5a66c9dcae3025cf0bffcf9907c12d98aed64d5f2f41c55aba480e3e1237 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection Keep-Alive Content-Type text/html; charset=UTF-8 Date Sat, 01 Oct 2022 02:08:32 GMT Keep-Alive timeout=5, max=100 Server Apache Strict-Transport-Security max-age=31536000; includeSubDomains Transfer-Encoding chunked
GET H/1.1	200 OK	fontawesome.min.css parcel-updater.com/assets/fonts/font-awesome/css/	87 KB 87 KB	371ms 125ms	Stylesheet text/css	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/fonts/font-awesome/css/fontawesome.min.css Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash c73281a7dfb7bf222e4032d23df1751286cbc70382edbe18c22f84c5b398701b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Thu, 26 Dec 2019 14:02:08 GMT Server Apache ETag "15b7b-59a9bd2b1217b" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 88955
GET H/1.1	200 OK	jquery-3.1.1.min.js Show response parcel-updater.com/assets/js/	85 KB 85 KB	380ms 135ms	Script application/javascript	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/js/jquery-3.1.1.min.js Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash 7162e4718b70ab98408c656e6b3404d20df3c0d6facf3c8471c5b1a2a88d5529 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Tue, 27 Jul 2021 10:35:45 GMT Server Apache ETag "152c5-5c8186eb2493d" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 86725
GET H/1.1	200 OK	jquery_ui.js Show response parcel-updater.com/assets/js/	509 KB 509 KB	374ms 129ms	Script application/javascript	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/js/jquery_ui.js?v=1.5 Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash 1bf4686be65431946ebbc1cb07b0be92c7dadd35b31d3189cd5ec9f4c742da15 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Thu, 26 Dec 2019 13:41:34 GMT Server Apache ETag "7f20a-59a9b8915676b" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 520714
GET H/1.1	200 OK	bootstrap.min.css parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/	118 KB 119 KB	373ms 127ms	Stylesheet text/css	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/bootstrap.min.css Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Tue, 27 Jul 2021 10:35:45 GMT Server Apache ETag "1d970-5c8186eb1cc3d" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 121200
GET H/1.1	200 OK	bootstrap-theme.min.css parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/	23 KB 23 KB	375ms 130ms	Stylesheet text/css	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/bootstrap-theme.min.css Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash 653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Tue, 27 Jul 2021 10:35:45 GMT Server Apache ETag "5b71-5c8186eb1bc9d" Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 23409
GET H/1.1	200 OK	bootstrap.min.js Show response parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/js/	36 KB 37 KB	379ms 133ms	Script application/javascript	64.191.166.198 QX-NET-ASN-1
General Check archive.org Show headers Download Go to Full URL https://parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/js/bootstrap.min.js Requested by Host: parcel-updater.com URL: https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 64.191.166.198 Lexington, United States, ASN13776 (QX-NET-ASN-1, US), Reverse DNS landing.phishingbox.com Software Apache / Resource Hash 53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers accept-language de-DE,de;q=0.9 Referer https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Date Sat, 01 Oct 2022 02:08:34 GMT Strict-Transport-Security max-age=31536000; includeSubDomains Last-Modified Tue, 27 Jul 2021 10:35:45 GMT Server Apache ETag "90b5-5c8186eb1dbdd" Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 37045
GET DATA	200 OK	truncated /	2 KB 0		Image image/svg+xml
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash b6f911ba8158fafaac0e01b5c737957f9a334697c5fd7d935a68795e9d9e1c00 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Content-Type image/svg+xml
GET DATA	200 OK	truncated /	34 KB 34 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash fdbdf73deb304c7abf81f5658c948666021b44a9d503f866645e8d4304ab8386 Request headers Referer Origin https://parcel-updater.com accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Content-Type application/x-font-woff;charset=utf-8
GET DATA	200 OK	truncated /	43 B 0		Image image/gif
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506 Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Content-Type image/gif
GET DATA	200 OK	truncated /	882 B 0		Image image/webp
General Check archive.org Show headers Download Go to Show image Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash a95cccb9b4b1b5b2d1d5a599c70662117e629c9525f2e9d9b9f1cd6a73052e5a Request headers accept-language de-DE,de;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36 Response headers Content-Type image/webp

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| anchorClickHandler object| rawData function| nullifyInputs function| resetInputsToRawData function| displayCompletionMessage function| submitHandler

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

parcel-updater.com
64.191.166.198
1bf4686be65431946ebbc1cb07b0be92c7dadd35b31d3189cd5ec9f4c742da15
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
7162e4718b70ab98408c656e6b3404d20df3c0d6facf3c8471c5b1a2a88d5529
892b5a66c9dcae3025cf0bffcf9907c12d98aed64d5f2f41c55aba480e3e1237
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a95cccb9b4b1b5b2d1d5a599c70662117e629c9525f2e9d9b9f1cd6a73052e5a
b6f911ba8158fafaac0e01b5c737957f9a334697c5fd7d935a68795e9d9e1c00
c73281a7dfb7bf222e4032d23df1751286cbc70382edbe18c22f84c5b398701b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fdbdf73deb304c7abf81f5658c948666021b44a9d503f866645e8d4304ab8386