royalmail.delivery-fees.com
Open in
urlscan Pro
162.0.215.5
Malicious Activity!
Public Scan
Effective URL: https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf...
Submission: On March 03 via manual from GB
Summary
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 2nd 2021. Valid for: a year.
This is the only time royalmail.delivery-fees.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Royal Mail (Government)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 14 | 162.0.215.5 162.0.215.5 | 22612 (NAMECHEAP...) (NAMECHEAP-NET) | |
1 | 23.111.9.35 23.111.9.35 | 33438 (HIGHWINDS2) (HIGHWINDS2) | |
1 | 2606:4700::68... 2606:4700::6810:135e | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2001:4de0:ac1... 2001:4de0:ac19::1:b:3a | 20446 (HIGHWINDS3) (HIGHWINDS3) | |
16 | 4 |
ASN22612 (NAMECHEAP-NET, US)
PTR: business127-4.web-hosting.com
royalmail.delivery-fees.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
14 |
delivery-fees.com
1 redirects
royalmail.delivery-fees.com |
228 KB |
1 |
bootstrapcdn.com
maxcdn.bootstrapcdn.com |
15 KB |
1 |
cloudflare.com
cdnjs.cloudflare.com |
28 KB |
1 |
fontawesome.com
use.fontawesome.com |
492 KB |
16 | 4 |
Domain | Requested by | |
---|---|---|
14 | royalmail.delivery-fees.com |
1 redirects
royalmail.delivery-fees.com
|
1 | maxcdn.bootstrapcdn.com |
royalmail.delivery-fees.com
|
1 | cdnjs.cloudflare.com |
royalmail.delivery-fees.com
|
1 | use.fontawesome.com |
royalmail.delivery-fees.com
|
16 | 4 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
royalmail.delivery-fees.com Sectigo RSA Domain Validation Secure Server CA |
2021-03-02 - 2022-03-02 |
a year | crt.sh |
*.fontawesome.com DigiCert TLS RSA SHA256 2020 CA1 |
2020-11-13 - 2021-12-14 |
a year | crt.sh |
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2020-10-21 - 2021-10-20 |
a year | crt.sh |
*.bootstrapcdn.com Sectigo RSA Domain Validation Secure Server CA |
2020-09-22 - 2021-10-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw
Frame ID: EDD88CF2BEE73871145D7BFFBF047B6A
Requests: 16 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://royalmail.delivery-fees.com/
HTTP 302
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPym... Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Page Statistics
19 Outgoing links
These are links going to different origins than the main page.
Title: Track your item
Search URL Search Domain Scan URL
Title: Postcode finder
Search URL Search Domain Scan URL
Title: Price finder
Search URL Search Domain Scan URL
Title: Online postage
Search URL Search Domain Scan URL
Title: Book a Redelivery
Search URL Search Domain Scan URL
Title: Help and support
Search URL Search Domain Scan URL
Title: Contact us
Search URL Search Domain Scan URL
Title: Collect a missed delivery
Search URL Search Domain Scan URL
Title: I think my mail is lost
Search URL Search Domain Scan URL
Title: Service updates
Search URL Search Domain Scan URL
Title: How to make a claim
Search URL Search Domain Scan URL
Title: Redirect your mail
Search URL Search Domain Scan URL
Title: Parcelforce Worldwide
Search URL Search Domain Scan URL
Title: Supporting Action for
Search URL Search Domain Scan URL
Title: Keep Me Posted
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Title:
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://royalmail.delivery-fees.com/
HTTP 302
https://royalmail.delivery-fees.com/express.php?ssl=true&session=Np6aaFBE1wdd1UzUl3MHz1unk69Mjexg2GIYVdcbXiMZPymV7B55GfPfYuHjCjdvDUf4hl6SZrzBO8iURHSVVck3gtB38DZXYhd8Tt6eA7NpYDkrtdj9FS2qL1MaMPO0Vw Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
16 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
express.php
royalmail.delivery-fees.com/ Redirect Chain
|
30 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all.js
use.fontawesome.com/releases/v5.15.1/js/ |
1 MB 492 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
royalmail.delivery-fees.com/assets/css/ |
183 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
preloader.css
royalmail.delivery-fees.com/assets/css/ |
1 KB 815 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
custom_style.css
royalmail.delivery-fees.com/assets/css/ |
9 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
royalmail.delivery-fees.com/assets/js/ |
266 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.validate.js
royalmail.delivery-fees.com/assets/js/ |
47 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.maskedinput.js
royalmail.delivery-fees.com/assets/js/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.payment.js
royalmail.delivery-fees.com/assets/js/ |
17 KB 4 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
royalmail.delivery-fees.com/assets/img/ |
12 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
SafeSpace-logo.png
royalmail.delivery-fees.com/assets/img/ |
6 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ |
87 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
bootstrap.min.js
maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/ |
59 KB 15 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
keep-me-posted.png
royalmail.delivery-fees.com/assets/img/ |
11 KB 11 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
pfdintextstd-reg-webfont.woff
royalmail.delivery-fees.com/assets/fonts/ |
32 KB 32 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
chevin-medium.woff
royalmail.delivery-fees.com/assets/fonts/ |
34 KB 34 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Royal Mail (Government)15 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome function| $ function| jQuery object| bootstrap1 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
royalmail.delivery-fees.com/ | Name: PHPSESSID Value: be86c30aeb620c816a26dd792f7494c6 |
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload; |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
X-Xss-Protection | 1; mode=block |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cdnjs.cloudflare.com
maxcdn.bootstrapcdn.com
royalmail.delivery-fees.com
use.fontawesome.com
162.0.215.5
2001:4de0:ac19::1:b:3a
23.111.9.35
2606:4700::6810:135e
20a3ef6979bbe5e4de1afaecc703e1d34cbc5e3ceab36d378539506327692d72
344b29deab56ac203aa9d4c258a097020f4b207da082f1267e2b9a4280903c34
4c5cbe9ba0817ee53eb81915492564dcc2c7c1451302f8eb6e47b57b71596c7f
59b1b91d85d2c035f814c3bf2022b2b45cff6f816dfb9e918e1820d4e527d451
643cec1f3b8b02da905715f06e046d7c03d743b500a09457040503bdcf46f422
64d540f12c8ab36f8d43e88f532b850152c12830a00c8547310356b3ee834a51
65b183f860edfc12c3279e5c656b729868a12c93dc5556d3d6bfcc75b4bad2bb
69af92067e4f20b8347788205f2ea3a912d953082fc057b91f80331e2a23490a
79c599dd760cec0c1621a1af49d9a2a49da5d45e1b37d4575bace0a5e0226582
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
88211e92e8f1aab3e65f5a0954ce4ec8fc7c77ccfadeecd1b4ec64e57e113026
8e5bd63208d0cf73eb49c33fe135dbb66e5fe3d680fac9abeb4a4670a79b01a7
9314ec2d98780f916a6357eaee875203f4fb04438313c111fafa9a36ba579997
95d434ce5101fa0215bc35d3422c524705f6cd7998b728fcc6d8277b07f39730
b134fc3f777a1aeb46d45b7999e88fb655daa62f4fafe5bcaed5f70b4bb7bcef
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d