royalmail.delivery-fees.com Open in urlscan Pro
162.0.215.5  Malicious Activity! Public Scan

Submitted URL: https://royalmail.delivery-fees.com/
Effective URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf...
Submission: On March 03 via manual from GB

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 162.0.215.5, located in United States and belongs to NAMECHEAP-NET, US. The main domain is royalmail.delivery-fees.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 2nd 2021. Valid for: a year.
This is the only time royalmail.delivery-fees.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Royal Mail (Government)

Domain & IP information

IP Address AS Autonomous System
1 14 162.0.215.5 22612 (NAMECHEAP...)
1 23.111.9.35 33438 (HIGHWINDS2)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
16 4
Domain Requested by
14 royalmail.delivery-fees.com 1 redirects royalmail.delivery-fees.com
1 maxcdn.bootstrapcdn.com royalmail.delivery-fees.com
1 cdnjs.cloudflare.com royalmail.delivery-fees.com
1 use.fontawesome.com royalmail.delivery-fees.com
16 4
Subject Issuer Validity Valid
royalmail.delivery-fees.com
Sectigo RSA Domain Validation Secure Server CA
2021-03-02 -
2022-03-02
a year crt.sh
*.fontawesome.com
DigiCert TLS RSA SHA256 2020 CA1
2020-11-13 -
2021-12-14
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2020-10-21 -
2021-10-20
a year crt.sh
*.bootstrapcdn.com
Sectigo RSA Domain Validation Secure Server CA
2020-09-22 -
2021-10-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Frame ID: EDD88CF2BEE73871145D7BFFBF047B6A
Requests: 16 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://royalmail.delivery-fees.com/ HTTP 302
    https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPym... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

16
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

761 kB
Transfer

1971 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://royalmail.delivery-fees.com/ HTTP 302
    https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request express.php
royalmail.delivery-fees.com/
Redirect Chain
  • https://royalmail.delivery-fees.com/
  • https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
30 KB
4 KB
Document
General
Full URL
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache / PHP/7.2.34
Resource Hash
65b183f860edfc12c3279e5c656b729868a12c93dc5556d3d6bfcc75b4bad2bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
royalmail.delivery-fees.com
:scheme
https
:path
/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
PHPSESSID=be86c30aeb620c816a26dd792f7494c6
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:08 GMT
server
Apache
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
vary
Accept-Encoding
content-encoding
gzip
content-length
4067
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
referrer-policy
no-referrer-when-downgrade

Redirect headers

date
Wed, 03 Mar 2021 09:11:08 GMT
server
Apache
x-powered-by
PHP/7.2.34
expires
Thu, 19 Nov 1981 08:52:00 GMT
cache-control
no-store, no-cache, must-revalidate
pragma
no-cache
set-cookie
PHPSESSID=be86c30aeb620c816a26dd792f7494c6; path=/
location
express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
content-type
text/html; charset=UTF-8
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload;
referrer-policy
no-referrer-when-downgrade
all.js
use.fontawesome.com/releases/v5.15.1/js/
1 MB
492 KB
Script
General
Full URL
https://use.fontawesome.com/releases/v5.15.1/js/all.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 , United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72

Request headers

Origin
https://royalmail.delivery-fees.com
Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
last-modified
Mon, 05 Oct 2020 15:13:15 GMT
server
NetDNA-cache/2.2
etag
W/"5e1e1bd25a94741b7828800b758b88df"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
styles.css
royalmail.delivery-fees.com/assets/css/
183 KB
26 KB
Stylesheet
General
Full URL
https://royalmail.delivery-fees.com/assets/css/styles.css
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
64d540f12c8ab36f8d43e88f532b850152c12830a00c8547310356b3ee834a51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:43:14 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
26736
x-content-type-options
nosniff
preloader.css
royalmail.delivery-fees.com/assets/css/
1 KB
815 B
Stylesheet
General
Full URL
https://royalmail.delivery-fees.com/assets/css/preloader.css
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
69af92067e4f20b8347788205f2ea3a912d953082fc057b91f80331e2a23490a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:43:10 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
489
x-content-type-options
nosniff
custom_style.css
royalmail.delivery-fees.com/assets/css/
9 KB
2 KB
Stylesheet
General
Full URL
https://royalmail.delivery-fees.com/assets/css/custom_style.css
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
4c5cbe9ba0817ee53eb81915492564dcc2c7c1451302f8eb6e47b57b71596c7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 11 Jan 2021 09:06:48 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
2200
x-content-type-options
nosniff
jquery.js
royalmail.delivery-fees.com/assets/js/
266 KB
77 KB
Script
General
Full URL
https://royalmail.delivery-fees.com/assets/js/jquery.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 24 Aug 2019 12:25:18 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
x-content-type-options
nosniff
jquery.validate.js
royalmail.delivery-fees.com/assets/js/
47 KB
12 KB
Script
General
Full URL
https://royalmail.delivery-fees.com/assets/js/jquery.validate.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
643cec1f3b8b02da905715f06e046d7c03d743b500a09457040503bdcf46f422
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 24 Aug 2019 12:26:16 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
12374
x-content-type-options
nosniff
jquery.maskedinput.js
royalmail.delivery-fees.com/assets/js/
10 KB
3 KB
Script
General
Full URL
https://royalmail.delivery-fees.com/assets/js/jquery.maskedinput.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 24 Aug 2019 12:27:46 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
2660
x-content-type-options
nosniff
jquery.payment.js
royalmail.delivery-fees.com/assets/js/
17 KB
4 KB
Script
General
Full URL
https://royalmail.delivery-fees.com/assets/js/jquery.payment.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
95d434ce5101fa0215bc35d3422c524705f6cd7998b728fcc6d8277b07f39730
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 24 Aug 2019 12:28:32 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
vary
Accept-Encoding
content-length
3513
x-content-type-options
nosniff
logo.png
royalmail.delivery-fees.com/assets/img/
12 KB
13 KB
Image
General
Full URL
https://royalmail.delivery-fees.com/assets/img/logo.png
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:45:38 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
content-length
12718
x-content-type-options
nosniff
SafeSpace-logo.png
royalmail.delivery-fees.com/assets/img/
6 KB
7 KB
Image
General
Full URL
https://royalmail.delivery-fees.com/assets/img/SafeSpace-logo.png?itok=2nxp_ipP
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:10 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:45:06 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
content-length
6588
x-content-type-options
nosniff
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1404867
cross-origin-resource-policy
cross-origin
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27958
cf-request-id
0898f40de7000016e6d7135000000001
timing-allow-origin
*
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2Esn%2FxSPNqpC0qBNwzlHKhPtZCbY9PIQH2yyejF8wkehoWyNFCEDOBkE02fJZAJ%2B2MvR%2FP7cKIeUzl6LfDf%2BwozPqn%2B8Dh7gD6TJgx6roeNcaCEcYu6E41k4%2Bkw4WUgMNw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
62a1bc5caa1216e6-FRA
expires
Mon, 21 Feb 2022 09:11:09 GMT
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/
59 KB
15 KB
Script
General
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac19::1:b:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Aug 2020 16:43:44 GMT
etag
"1596732224"
vary
Accept-Encoding
x-cache
HIT
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
timing-allow-origin
*
content-length
14811
keep-me-posted.png
royalmail.delivery-fees.com/assets/img/
11 KB
11 KB
Image
General
Full URL
https://royalmail.delivery-fees.com/assets/img/keep-me-posted.png
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/assets/css/custom_style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
9314ec2d98780f916a6357eaee875203f4fb04438313c111fafa9a36ba579997
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://royalmail.delivery-fees.com/assets/css/custom_style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:10 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:45:32 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
content-length
10897
x-content-type-options
nosniff
pfdintextstd-reg-webfont.woff
royalmail.delivery-fees.com/assets/fonts/
32 KB
32 KB
Font
General
Full URL
https://royalmail.delivery-fees.com/assets/fonts/pfdintextstd-reg-webfont.woff
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/assets/css/custom_style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
88211e92e8f1aab3e65f5a0954ce4ec8fc7c77ccfadeecd1b4ec64e57e113026
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://royalmail.delivery-fees.com
Referer
https://royalmail.delivery-fees.com/assets/css/custom_style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:10 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:44:56 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
content-length
32764
x-content-type-options
nosniff
chevin-medium.woff
royalmail.delivery-fees.com/assets/fonts/
34 KB
34 KB
Font
General
Full URL
https://royalmail.delivery-fees.com/assets/fonts/chevin-medium.woff
Requested by
Host: royalmail.delivery-fees.com
URL: https://royalmail.delivery-fees.com/assets/css/custom_style.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
162.0.215.5 , United States, ASN22612 (NAMECHEAP-NET, US),
Reverse DNS
business127-4.web-hosting.com
Software
Apache /
Resource Hash
59b1b91d85d2c035f814c3bf2022b2b45cff6f816dfb9e918e1820d4e527d451
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://royalmail.delivery-fees.com
Referer
https://royalmail.delivery-fees.com/assets/css/custom_style.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 03 Mar 2021 09:11:10 GMT
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 07 Jan 2021 06:44:46 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
font/woff
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000; includeSubDomains; preload;
accept-ranges
bytes
content-length
34566
x-content-type-options
nosniff

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Royal Mail (Government)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome function| $ function| jQuery object| bootstrap

1 Cookies

Domain/Path Name / Value
royalmail.delivery-fees.com/ Name: PHPSESSID
Value: be86c30aeb620c816a26dd792f7494c6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block