www.updateadd.co Open in urlscan Pro
43.130.120.148 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://bit.ly/awi8rmo
Effective URL:
https://www.updateadd.co/
Submission: On February 24 via manual (February 24th 2023, 4:15:40 pm UTC) from US — Scanned from DE

Summary HTTP 10 Redirects Links 24 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 10 HTTP transactions. The main IP is 43.130.120.148, located in Ashburn, United States and belongs to TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN. The main domain is www.updateadd.co.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on February 24th 2023. Valid for: 3 months.

This is the only time www.updateadd.co was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: USPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	67.199.248.10 67.199.248.10	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 7	43.130.120.148 43.130.120.148	132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building)
1	2a00:1450:400... 2a00:1450:400d:80c::200a	15169 (GOOGLE) (GOOGLE)
3	2606:2800:233... 2606:2800:233:df95:1212:762c:504b:cf9d	15133 (EDGECAST) (EDGECAST)
10	4

1 67.199.248.10 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: bit.ly

bit.ly	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 43.130.120.148 (Ashburn, United States) 1 redirects

ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)

www.updateadd.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80c::200a (Ireland)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:2800:233:df95:1212:762c:504b:cf9d (United States)

ASN15133 (EDGECAST, US)

www.usps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
7	updateadd.co 1 redirects www.updateadd.co	166 KB
3	usps.com www.usps.com — Cisco Umbrella Rank: 12358	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	1 KB
1	bit.ly 1 redirects bit.ly — Cisco Umbrella Rank: 5165	338 B
10	4

	Domain	Requested by
7	www.updateadd.co	1 redirects www.updateadd.co
3	www.usps.com	www.updateadd.co
1	fonts.googleapis.com	www.updateadd.co
1	bit.ly	1 redirects
10	4

This site contains links to these domains. Also see Links.

Domain
www.usps.com
faq.usps.com
about.usps.com
gateway.usps.com
postalinspectors.uspis.gov
www.uspsoig.gov
pe.usps.com
www.postalmuseum.si.edu
www.facebook.com
twitter.com
pinterest.com
www.youtube.com

Subject Issuer	Validity	Valid
updateadd.co ZeroSSL RSA Domain Secure Site CA	`2023-02-24` - `2023-05-25`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.usps.com DigiCert TLS RSA SHA256 2020 CA1	`2022-05-13` - `2023-05-27`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.updateadd.co/
Frame ID: C16992175CE1EF232F8A7A3684E3F180
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

USPS

Page URL History Show full URLs

http://bit.ly/awi8rmo HTTP 301
http://www.updateadd.co/ HTTP 301
https://www.updateadd.co/ Page URL

Detected technologies

Vue.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<[^>]+\sdata-v(?:ue)?-

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

170 kB
Transfer

182 kB
Size

1
Cookies

24 Outgoing links

These are links going to different origins than the main page.

URL: https://www.usps.com/

Search URL Search Domain Scan URL

URL: https://www.usps.com/help/contact-us.htm
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.usps.com/globals/site-index.htm
Title: Site Index

Search URL Search Domain Scan URL

URL: http://faq.usps.com/
Title: FAQs

Search URL Search Domain Scan URL

URL: http://about.usps.com/
Title: About USPS Home

Search URL Search Domain Scan URL

URL: http://about.usps.com/news/welcome.htm
Title: Newsroom

Search URL Search Domain Scan URL

URL: http://about.usps.com/news/service-alerts/welcome.htm
Title: USPS Service Updates

Search URL Search Domain Scan URL

URL: http://about.usps.com/forms-publications/welcome.htm
Title: Forms & Publications

Search URL Search Domain Scan URL

URL: https://www.usps.com/gov-services/gov-services.htm
Title: Government Services

Search URL Search Domain Scan URL

URL: http://about.usps.com/careers/welcome.htm
Title: Careers

Search URL Search Domain Scan URL

URL: https://gateway.usps.com/
Title: Business Customer Gateway

Search URL Search Domain Scan URL

URL: https://postalinspectors.uspis.gov/
Title: Postal Inspectors

Search URL Search Domain Scan URL

URL: http://www.uspsoig.gov/
Title: Inspector General

Search URL Search Domain Scan URL

URL: http://pe.usps.com/
Title: Postal Explorer

Search URL Search Domain Scan URL

URL: http://www.postalmuseum.si.edu/
Title: National Postal Museum

Search URL Search Domain Scan URL

URL: https://www.usps.com/webtools/welcome.htm
Title: Resources for Developers

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/privacy-policy/privacy-policy-highlights.htm
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: http://about.usps.com/termsofuse.htm
Title: Terms of Use

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/foia/welcome.htm
Title: FOIA

Search URL Search Domain Scan URL

URL: http://about.usps.com/who-we-are/no-fear-act/welcome.htm
Title: No FEAR Act EEO Data

Search URL Search Domain Scan URL

URL: http://www.facebook.com/usps

Search URL Search Domain Scan URL

URL: http://twitter.com/usps

Search URL Search Domain Scan URL

URL: http://pinterest.com/uspsstamps/

Search URL Search Domain Scan URL

URL: http://www.youtube.com/usps

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://bit.ly/awi8rmo HTTP 301
http://www.updateadd.co/ HTTP 301
https://www.updateadd.co/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.updateadd.co/
Redirect Chain

http://bit.ly/awi8rmo
http://www.updateadd.co/
https://www.updateadd.co/

566 B
637 B

347ms
93ms

Document
text/html

43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.updateadd.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 26c54cb22ad2473540f02b529e4ffcaff0a6cdacd2d7a0b1cbda3c4313f5de0e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 24 Feb 2023 16:15:35 GMT
ETag: W/"63f8ce90-236"
Last-Modified: Fri, 24 Feb 2023 14:49:52 GMT
Server: nginx/1.18.0 (Ubuntu)
Transfer-Encoding: chunked

Redirect headers

Connection: keep-alive
Content-Length: 178
Content-Type: text/html
Date: Fri, 24 Feb 2023 16:15:35 GMT
Location: https://www.updateadd.co/
Server: nginx/1.18.0 (Ubuntu)

GET
H/1.1 200
OK index-2495be29.js Show response
www.updateadd.co/assets/ 116 KB
116 KB 187ms
187ms Script
application/javascript 43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.updateadd.co/assets/index-2495be29.js
Requested by: Host: www.updateadd.co
URL: https://www.updateadd.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: ac3351b0771cf7266765a2bf3797bee49506ed1b62a187d0281c54420768c22e

Request headers

Referer: https://www.updateadd.co/
Origin: https://www.updateadd.co
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 16:15:35 GMT
Last-Modified: Fri, 24 Feb 2023 14:49:52 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63f8ce90-1d083"
Content-Type: application/javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 118915

GET
H/1.1 200
OK index-d31441f7.css
www.updateadd.co/assets/ 20 KB
20 KB 372ms
185ms Stylesheet
text/css 43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.updateadd.co/assets/index-d31441f7.css
Requested by: Host: www.updateadd.co
URL: https://www.updateadd.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: d31441f7ad1290fcad4ceaca8d6827bb6c5dfe7c51c907cd0c748e7d69c48b71

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 16:15:35 GMT
Last-Modified: Fri, 24 Feb 2023 14:49:50 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63f8ce8e-4f44"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20292

GET
H2 200 css
fonts.googleapis.com/ 4 KB
1 KB 108ms
44ms Stylesheet
text/css 2a00:1450:400d:80c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Code+Pro:300,400

Requested by

Host: www.updateadd.co
URL: https://www.updateadd.co/assets/index-d31441f7.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80c::200a , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8a9cc7f2a446b96de2a86ba3f837415a1cea3dc3c649a6a0c3fa5ca10a7fe455

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 24 Feb 2023 16:15:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 24 Feb 2023 16:15:36 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 24 Feb 2023 16:15:36 GMT

GET
H2 200 hamburger.svg
www.usps.com/assets/images/home/ 546 B
1 KB 195ms
98ms Image
image/svg+xml 2606:2800:233:df95:1212:762c:504b:cf9d
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/hamburger.svg

Requested by

Host: www.updateadd.co
URL: https://www.updateadd.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:df95:1212:762c:504b:cf9d , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F4A) /

Resource Hash

b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 16:15:36 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
age: 42295
x-cache: HIT
content-length: 293
x-ec-custom-error: 1
last-modified: Fri, 24 Feb 2017 22:46:08 GMT
server: ECAcc (dcb/7F4A)
etag: "222-5494e7ed94c00+gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: https://www.usps.com
x-ruleset-version: 3.1

GET
H2 200 logo_mobile.svg
www.usps.com/assets/images/home/ 2 KB
1013 B 202ms
105ms Image
image/svg+xml 2606:2800:233:df95:1212:762c:504b:cf9d
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/logo_mobile.svg

Requested by

Host: www.updateadd.co
URL: https://www.updateadd.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:df95:1212:762c:504b:cf9d , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F65) /

Resource Hash

9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 16:15:36 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
age: 43533
x-cache: HIT
content-length: 908
x-ec-custom-error: 1
last-modified: Mon, 06 Feb 2017 15:02:05 GMT
server: ECAcc (dcb/7F65)
etag: "80c-547ddea221540+gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: https://www.usps.com
x-ruleset-version: 3.1

GET
H2 200 search.svg
www.usps.com/assets/images/home/ 1 KB
902 B 201ms
104ms Image
image/svg+xml 2606:2800:233:df95:1212:762c:504b:cf9d
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.usps.com/assets/images/home/search.svg

Requested by

Host: www.updateadd.co
URL: https://www.updateadd.co/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:233:df95:1212:762c:504b:cf9d , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (dcb/7F4B) /

Resource Hash

c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: default-src 'self' https:; connect-src 'self' https:; font-src 'self' https: data:; frame-src 'self' https:; img-src 'self' https: data:; media-src 'self' https:; object-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:;
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 24 Feb 2023 16:15:36 GMT
strict-transport-security: max-age=31536000 ; includeSubDomains
age: 53716
x-cache: HIT
content-length: 795
x-ec-custom-error: 1
last-modified: Fri, 24 Feb 2017 22:46:16 GMT
server: ECAcc (dcb/7F4B)
etag: "5b9-5494e7f535e00+gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: https://www.usps.com
x-ruleset-version: 3.1

GET
H/1.1 200
OK logo-mini-sb-585262db.png
www.updateadd.co/assets/ 23 KB
23 KB 94ms
93ms Image
image/png 43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.updateadd.co/assets/logo-mini-sb-585262db.png
Requested by: Host: www.updateadd.co
URL: https://www.updateadd.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 16:15:36 GMT
Last-Modified: Fri, 24 Feb 2023 14:49:49 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63f8ce8d-5c49"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23625

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 748622d4d088b843e200776ce65e48c3e7e4b3a7c0fc959c691d99def179205e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67a4999a59962445831760592fbdc95e023c6c0884cec51fa7bc7cd22c6e0a8a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK pinterest54x53-59f5e4d4.png
www.updateadd.co/assets/ 5 KB
6 KB 94ms
94ms Image
image/png 43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.updateadd.co/assets/pinterest54x53-59f5e4d4.png
Requested by: Host: www.updateadd.co
URL: https://www.updateadd.co/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 59f5e4d40c77bc5155713bc956ddb8f4c14e3438d906a920f977073a071fb228

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.updateadd.co/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 16:15:36 GMT
Last-Modified: Fri, 24 Feb 2023 14:49:47 GMT
Server: nginx/1.18.0 (Ubuntu)
ETag: "63f8ce8b-1580"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5504

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bcafef03600ff7498457c30861f61146e46c7320c085bc27d540c1e2357bc3dc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200 open Show response
www.updateadd.co/api/generator/order/ 38 B
218 B 190ms
97ms XHR
application/json 43.130.120.148
TENCENT-NET-AP-CN...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.updateadd.co/api/generator/order/open
Requested by: Host: www.updateadd.co
URL: https://www.updateadd.co/assets/index-2495be29.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 43.130.120.148 Ashburn, United States, ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 90fff0d62b24bab551bf6228f4b55b758b1a65c977752532cd5d15e06239c7b2

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.updateadd.co/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Fri, 24 Feb 2023 16:15:36 GMT
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Transfer-Encoding: chunked
Content-Type: application/json

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: USPS (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless boolean| __VUE__

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.bit.ly/	1970-01-20 14:13:27	Name: _bit Value: n1ogfy-08d20ca4cb44b1514d-00a

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bit.ly
fonts.googleapis.com
www.updateadd.co
www.usps.com
2606:2800:233:df95:1212:762c:504b:cf9d
2a00:1450:400d:80c::200a
43.130.120.148
67.199.248.10
26c54cb22ad2473540f02b529e4ffcaff0a6cdacd2d7a0b1cbda3c4313f5de0e
585262db6911000f59795831f9db7bb41477bcafb135c82b51b0473363134fcf
59f5e4d40c77bc5155713bc956ddb8f4c14e3438d906a920f977073a071fb228
67a4999a59962445831760592fbdc95e023c6c0884cec51fa7bc7cd22c6e0a8a
748622d4d088b843e200776ce65e48c3e7e4b3a7c0fc959c691d99def179205e
8a9cc7f2a446b96de2a86ba3f837415a1cea3dc3c649a6a0c3fa5ca10a7fe455
90fff0d62b24bab551bf6228f4b55b758b1a65c977752532cd5d15e06239c7b2
9685d6241f41ac71741d0ee9b242779f640cd3b1e64bb9bbcfb8798c5be503b2
ac3351b0771cf7266765a2bf3797bee49506ed1b62a187d0281c54420768c22e
b95f434286744e3dbaf5bc56f41d4ce2640da3038461502f7ac243a5931e9435
bcafef03600ff7498457c30861f61146e46c7320c085bc27d540c1e2357bc3dc
c8b13b10e28b6b420151db578831a416b7c1805d7672eeb57e69dc697fda1e27
d31441f7ad1290fcad4ceaca8d6827bb6c5dfe7c51c907cd0c748e7d69c48b71

www.updateadd.co Open in urlscan Pro 43.130.120.148 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

10 Requests

100 %HTTPS

50 %IPv6

4 Domains

4 Subdomains

4 IPs

2 Countries

170 kBTransfer

182 kBSize

1 Cookies

24 Outgoing links

Page URL History

Redirected requests

10 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

Indicators

www.updateadd.co Open in urlscan Pro
43.130.120.148 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

170 kB
Transfer

182 kB
Size

1
Cookies

10 HTTP transactions
3 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!