Suspicious

Phishings targeting USPS

Suspicious and active websites


Phishings targeting Usps

Suspicious and active websites


Active
3
New (7d)
2
Trend (7d)
Website
usps.com
About
AIUS parcel-delivery scam pattern. SMS-launched 'undelivered package' lure is the most common entry vector.
Countries
United StatesUnited States (2) · PolandPoland (1)

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

Last check (UTC) First seen (UTC) URL Screenshot Flags Details
2026-07-06 07:30 2026-07-04 01:01
http://uspsaunitedworkforce.com
Screenshot of uspsaunitedworkforce.com OpenPhish Details
2026-07-06 07:30 2026-07-03 01:01
https://uspsmailjourney.com/uspsmailjourney.com/%c3%83%c2%83%c3%82%c2…
Screenshot of uspsmailjourney.com OpenPhish urlscan Details
2026-07-06 07:30 2026-04-16 13:02
http://usps-wa-dev-gedsgvf9gad3g5bp.eastus-01.azurewebsites.net
Screenshot of usps-wa-dev-gedsgvf9gad3g5bp.eastus-01.azurewebsites.net OpenPhish urlscan Details

Suspicious sites — confidence is not always 100%. Use for Threat Hunting or watchlists.

URL Screenshot Details
http://uspsaunitedworkforce.c…
OpenPhish
Screenshot of uspsaunitedworkforce.com Details
https://uspsmailjourney.com/u…
OpenPhish urlscan
Screenshot of uspsmailjourney.com Details
http://usps-wa-dev-gedsgvf9ga…
OpenPhish urlscan
Screenshot of usps-wa-dev-gedsgvf9gad3g5bp.eastus-01.azurewebsites.net Details

AIHow to verify a real USPS URL

  • Legitimate USPS URLs always end in usps.com (e.g. www.usps.com, account.usps.com). Anything else — including look-alike typosquats, hyphenated variations, or unfamiliar TLDs like .xyz / .top / .vip — is not USPS.
  • The padlock icon proves TLS is active, not that the site is safe. Free DV certificates are issued to attackers in minutes; every active site listed above has a valid TLS certificate.
  • If you got the link from email, SMS, or social media, do not click it. Open usps.com from your browser bookmark or type the domain manually.
  • Real USPS pages almost never ask for credentials immediately after clicking from a message — treat any such redirect as a phishing attempt until the domain is verified.