d-thecourierguy.netlify.app
Category: Phishing
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by RCS LT, the parent company of PCRisk.com.
Description of d-thecourierguy.netlify.app
The domain d-thecourierguy.netlify.app appears to host a webpage presenting itself as a parcel-delivery and shipping payment portal under the name "The Courier Guy." Based on the page title, branding, and screenshot, the site is designed to resemble a courier-service interface with options such as parcel tracking, login, shipment details, and a payment step for delivery fees.
The site is hosted on a Netlify subdomain rather than on a primary branded corporate domain, which may indicate it is a temporary or independently deployed web app rather than an official company website. The page content focuses on collecting or facilitating payment for a shipment, including a fee breakdown and a prompt to proceed to card payment, suggesting that its purpose may be to solicit payment related to parcel delivery.
No operator identity is clearly established in the provided scan data beyond the branding shown on the page. Based on the available content and the strong phishing-related detections, the site appears to imitate a courier brand rather than operate as a clearly verifiable standalone logistics service.
Safety Assessment for d-thecourierguy.netlify.app
This domain was flagged by 19 out of 91 security engines at the time of the scan, with the detections largely classifying it as phishing or otherwise malicious. The screenshot also shows a payment page using courier branding and requesting card payment for shipping fees, which is a pattern commonly associated with delivery-fee phishing campaigns. In addition, the domain name uses a Netlify subdomain while referencing a recognizable courier brand, which may indicate that the site is attempting to resemble a legitimate delivery service rather than operating from an official branded domain.
The malware scan itself did not identify malicious files, and several major threat databases were clean at the time of the scan. However, a clean file scan does not outweigh broad phishing detections when the page behavior and branding pattern are consistent with credential or payment harvesting. The domain's IP address is also listed on one mail-reputation blocklist, which is a weaker signal than phishing detections but still adds a small amount of caution.
Based on these findings, this website may pose potential risks to visitors.
Technical Description
The site uses a valid SSL certificate issued by DigiCert, with expiry listed in 2027, which means the connection appears to be encrypted in transit. It is hosted on Netlify infrastructure backed by AWS EC2 in Frankfurt, Germany, and uses Netlify-related hosting patterns rather than a dedicated branded corporate environment. DNSSEC is unsigned.
From a technical perspective, the page includes common third-party analytics and tag-management resources and did not show flagged files in the malware scan. Even so, the main concern here appears to be social-engineering or phishing content rather than exploit delivery. The use of a hosted subdomain for a branded payment workflow is a notable risk indicator.
Share your experience with this website. Was it safe? Did you encounter any issues?