parcel-updater.com
Open in
urlscan Pro
64.191.166.198
Malicious Activity!
Public Scan
Submission: On October 01 via manual from PH — Scanned from DE
Summary
TLS certificate: Issued by R3 on August 1st 2022. Valid for: 3 months.
This is the only time parcel-updater.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
7 | 64.191.166.198 64.191.166.198 | 13776 (QX-NET-ASN-1) (QX-NET-ASN-1) | |
7 | 2 |
ASN13776 (QX-NET-ASN-1, US)
PTR: landing.phishingbox.com
parcel-updater.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
7 |
parcel-updater.com
parcel-updater.com |
1 MB |
7 | 1 |
Domain | Requested by | |
---|---|---|
7 | parcel-updater.com |
parcel-updater.com
|
7 | 1 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
parcel-updater.com R3 |
2022-08-01 - 2022-10-30 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://parcel-updater.com/home.php?k=c5497c2fcf3c8b97cd838832d02319be320c2c69&viewed=1
Frame ID: 08CCAACBD902A1934C4921DEF559FA9F
Requests: 11 HTTP requests in this frame
Screenshot
Page Title
Tracking | UPSDetected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Bootstrap (Web Frameworks) Expand
Detected patterns
- <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
- bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Font Awesome (Font Scripts) Expand
Detected patterns
- <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
34 Outgoing links
These are links going to different origins than the main page.
Title: ...More
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Locations
Search URL Search Domain Scan URL
Title: United States - English
Search URL Search Domain Scan URL
Title: Sign up / Log in
Search URL Search Domain Scan URL
Title: Customer Support
Search URL Search Domain Scan URL
Title: Get Started with UPS
Search URL Search Domain Scan URL
Title: Change Delivery
Search URL Search Domain Scan URL
Title: Claims Support
Search URL Search Domain Scan URL
Title: Tracking
Search URL Search Domain Scan URL
Title: Shipping
Search URL Search Domain Scan URL
Title: Services
Search URL Search Domain Scan URL
Title: My Profile
Search URL Search Domain Scan URL
Title: About UPS
Search URL Search Domain Scan URL
Title: Media RelationsOpen the link in a new window
Search URL Search Domain Scan URL
Title: Investor RelationsOpen the link in a new window
Search URL Search Domain Scan URL
Title: CareersOpen the link in a new window
Search URL Search Domain Scan URL
Title: Sustainability & Community InvolvementOpen the link in a new window
Search URL Search Domain Scan URL
Title: The UPS StoreOpen the link in a new window
Search URL Search Domain Scan URL
Title: UPS CapitalOpen the link in a new window
Search URL Search Domain Scan URL
Title: See AllOpen the link in a new window
Search URL Search Domain Scan URL
Title: FacebookOpen the link in a new window
Search URL Search Domain Scan URL
Title: TwitterOpen the link in a new window
Search URL Search Domain Scan URL
Title: LinkedInOpen the link in a new window
Search URL Search Domain Scan URL
Title: YouTubeOpen the link in a new window
Search URL Search Domain Scan URL
Title: UPS Blog: Longitudes
Search URL Search Domain Scan URL
Title: Global Home
Search URL Search Domain Scan URL
Title: Protect Against Fraud
Search URL Search Domain Scan URL
Title: Service Terms and Conditions
Search URL Search Domain Scan URL
Title: Website Terms of Use
Search URL Search Domain Scan URL
Title: Your California Privacy RightsOpen the link in a new window
Search URL Search Domain Scan URL
Title: Privacy NoticeOpen the link in a new window
Search URL Search Domain Scan URL
Title: Do Not Sell My Info
Search URL Search Domain Scan URL
Title: Privacy Notice
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
7 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
home.php
parcel-updater.com/ |
188 KB 188 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
fontawesome.min.css
parcel-updater.com/assets/fonts/font-awesome/css/ |
87 KB 87 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery-3.1.1.min.js
parcel-updater.com/assets/js/ |
85 KB 85 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery_ui.js
parcel-updater.com/assets/js/ |
509 KB 509 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.css
parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/ |
118 KB 119 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap-theme.min.css
parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/css/ |
23 KB 23 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
bootstrap.min.js
parcel-updater.com/assets/bootstrap/bootstrap-3.3.7/js/ |
36 KB 37 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
2 KB 0 |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
34 KB 34 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
43 B 0 |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
882 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery function| anchorClickHandler object| rawData function| nullifyInputs function| resetInputsToRawData function| displayCompletionMessage function| submitHandler0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
parcel-updater.com
64.191.166.198
1bf4686be65431946ebbc1cb07b0be92c7dadd35b31d3189cd5ec9f4c742da15
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
653e073e97423adda5bc3917a241ee8497dd38a48f14bcde0098a4e54fd0fa5e
7162e4718b70ab98408c656e6b3404d20df3c0d6facf3c8471c5b1a2a88d5529
892b5a66c9dcae3025cf0bffcf9907c12d98aed64d5f2f41c55aba480e3e1237
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a95cccb9b4b1b5b2d1d5a599c70662117e629c9525f2e9d9b9f1cd6a73052e5a
b6f911ba8158fafaac0e01b5c737957f9a334697c5fd7d935a68795e9d9e1c00
c73281a7dfb7bf222e4032d23df1751286cbc70382edbe18c22f84c5b398701b
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fdbdf73deb304c7abf81f5658c948666021b44a9d503f866645e8d4304ab8386