ScanMalware.com

Security Scan Report: ups-help-support.paymentus.net

Site favicon
Submitted: Feb 25, 2026, 7:35:42 AMCompleted: Feb 25, 2026, 7:37:09 AMpubliccompleted
Loading additional data...

Summary

This website contacted 1 IP in 1 country across 1 domain to perform 5 HTTP transactions. The main domain is ups-help-support.paymentus.net and was registered NaN years ago.

Submitted URL: https://ups-help-support.paymentus.net

The Cisco Umbrella rank of the primary domain is #207,653 of the top 1 million websites

AI Security Verdict

High Risk

Confidence: 78%

7
Risk Score

The site impersonates UPS via a deceptive subdomain and triggers a critical IDS malware alert, indicating high‑risk brand impersonation.

Risk Factors
Deceptive brand‑related subdomain (UPS) on paymentus.net
Low Cisco Umbrella ranking for brand claim
Critical network IDS alert indicating possible malware/data exfiltration
Domain age information unavailable

Details

Page Title

N/A

Scan Type

public

Language

🏳️

UNKNOWN

(0% confidence)

Category

unknown

(0%)

Domain Information

The domain name 'ups-help-support.paymentus.net' uses the network infrastructure generic top-level domain (.net); it also runs on subdomain 'ups-help-support'. Its registrable label 'paymentus' stretches across 9 characters containing 3 vowels alongside 6 consonants. It segments into 2 words: payment, us. Median word length comes out to 4.5 characters. No strong language cues emerged from the frequency lists.

Screenshot

Security scan screenshot of https://ups-help-support.paymentus.net

Page Load Overview

0.66s
Total Load Time
5
HTTP Requests
1
Domains
N/A
Total Size

Language Analysis

Primary Language

🏳️UNKNOWN
Code: unknown
Confidence:0%

Detection Details

Language Code:unknown
Detection Confidence:0%
0
Detector Agreement:0%

Website Classification

Primary Category

unknown0% confidence
Type: static
Method: structural

All Detected Categories

No categories detected

Detected Features

No structural features detected

Domain & IP Information

RequestsIP AddressLocationAS Autonomous System
5104.18.140.104United States
AS13335Cloudflare, Inc.
51--

Content Similarity HashesFor malware variant detection

TLSH (Trend Micro Locality Sensitive Hash)

Security-focused

Specialized for malware detection and similarity analysis

T1402111752E266534CA85504631BEF7A83C3250227E02D044A2ACDC299B1CED308AFDBD

ssdeep (Context Triggered Piecewise Hashing)

Context-aware

Detects similar content even with modifications

24:k6KFGLnxbFGWXRqu1JJSa7oRW7aRWXCunouOvTMOKFId6J39b5Di3Nvc:sGLrGWX1STw2wptI8Id65OC

sdhash (Similarity Digest Hashing)

High-precision

High-precision similarity detection for forensic analysis

sdhash:3:1157:QBAAAAgCAAAAAGAAQgACAEAAIAAAAAAQAIAAACABADQAIAIAAABAEAAAgAAAAACAAhgBEAAAAIAAAAAQBAAAAABAAAQABICA

These hashes enable detection of similar websites and malware variants by comparing content similarity even when exact matches aren't found.

Image Hashes

Perceptual Hashes

Average Hash:0000000000000000
Perceptual Hash:8000000000000000
Difference Hash:0000000000000000
Wavelet Hash:0000000000000000
Color Hash:#ac536b

Other Hashes

Crop Resistant:0000000000000000

Scan History

Scan history not available

Unable to load historical scan data