Vulnerability Scan Result

Target:

https://parcel-viewer.us/ (redirect)

Scanned target: https://www.parcel-viewer.us/

Submitted: Mar 24, 2026 from TW

Public Scan

Scan mode: Passive (non-intrusive)

Summary

medium

Info

Low

Medium

High

Critical

Screenshot

Screenshot could not be taken.

Title:	Find Free Parcel Viewers & Property Information \| Parcel Viewer
Description:	Find free parcel viewers and property information from official government sources across the United States.

IP Information

ip_address	75.2.60.5
country	US
network_name	Amazon.com, Inc.
asn	AS16509

ip_address	99.83.231.61
country	US
network_name	Amazon.com, Inc.
asn	AS16509

Open Ports

7/tcp	echo	- -
9/tcp	discard	- -
13/tcp	tcpwrapped	- -
20/tcp	ftp-data	- -
21/tcp	tcpwrapped	- -
22/tcp	tcpwrapped	- -
23/tcp	telnet	- -
25/tcp	smtp	- -
26/tcp	rsftp	- -
37/tcp	tcpwrapped	- -
42/tcp	nameserver	- -
43/tcp	whois	- -
53/tcp	tcpwrapped	- -
70/tcp	gopher	- -
79/tcp	finger	- -
80/tcp	http	Netlify -
88/tcp	kerberos-sec	- -
102/tcp	iso-tsap	- -
106/tcp	pop3pw	- -
110/tcp	pop3	- -
111/tcp	tcpwrapped	- -
113/tcp	tcpwrapped	- -
119/tcp	nntp	- -
135/tcp	msrpc	- -
137/tcp	netbios-ns	- -
138/tcp	netbios-dgm	- -
139/tcp	netbios-ssn	- -
143/tcp	imap	- -
144/tcp	news	- -
179/tcp	bgp	- -
199/tcp	tcpwrapped	- -
201/tcp	at-rtmp	- -
264/tcp	bgmp	- -
318/tcp	tcpwrapped	- -
383/tcp	hp-alarm-mgr	- -
389/tcp	tcpwrapped	- -
411/tcp	rmt	- -
443/tcp	https	Netlify -
444/tcp	tcpwrapped	- -
445/tcp	microsoft-ds	- -
464/tcp	tcpwrapped	- -
465/tcp	tcpwrapped	- -
497/tcp	tcpwrapped	- -
512/tcp	tcpwrapped	- -
513/tcp	tcpwrapped	- -
514/tcp	shell	- -
515/tcp	printer	- -
540/tcp	tcpwrapped	- -
543/tcp	klogin	- -
544/tcp	tcpwrapped	- -
546/tcp	tcpwrapped	- -
547/tcp	tcpwrapped	- -
554/tcp	tcpwrapped	- -
563/tcp	tcpwrapped	- -
587/tcp	tcpwrapped	- -
593/tcp	tcpwrapped	- -
631/tcp	tcpwrapped	- -
639/tcp	tcpwrapped	- -
646/tcp	tcpwrapped	- -
691/tcp	tcpwrapped	- -
860/tcp	iscsi	- -
873/tcp	rsync	- -
902/tcp	tcpwrapped	- -
989/tcp	tcpwrapped	- -
990/tcp	ftps	- -
993/tcp	imaps	- -
995/tcp	tcpwrapped	- -
1025/tcp	NFS-or-IIS	- -
1028/tcp	unknown	- -
1029/tcp	tcpwrapped	- -
1080/tcp	tcpwrapped	- -
1214/tcp	tcpwrapped	- -
1241/tcp	tcpwrapped	- -
1311/tcp	tcpwrapped	- -
1337/tcp	tcpwrapped	- -
1433/tcp	tcpwrapped	- -
1701/tcp	tcpwrapped	- -
1720/tcp	tcpwrapped	- -
1723/tcp	tcpwrapped	- -
1741/tcp	cisco-net-mgmt	- -
1755/tcp	tcpwrapped	- -
1900/tcp	tcpwrapped	- -
2000/tcp	tcpwrapped	- -
2001/tcp	dc	- -
2002/tcp	tcpwrapped	- -
2049/tcp	nfs	- -
2078/tcp	tpcsrvr	- -
2080/tcp	tcpwrapped	- -
2082/tcp	tcpwrapped	- -
2083/tcp	radsec	- -
2086/tcp	tcpwrapped	- -
2087/tcp	tcpwrapped	- -
2100/tcp	tcpwrapped	- -
2121/tcp	ccproxy-ftp	- -
2483/tcp	tcpwrapped	- -
2484/tcp	tcpwrapped	- -
2717/tcp	tcpwrapped	- -
2967/tcp	symantec-av	- -
3000/tcp	ppp	- -
3050/tcp	gds_db	- -
3128/tcp	tcpwrapped	- -
3306/tcp	tcpwrapped	- -
3389/tcp	ms-wbt-server	- -
3690/tcp	tcpwrapped	- -
3784/tcp	tcpwrapped	- -
3986/tcp	tcpwrapped	- -
4280/tcp	vrml-multi-use	- -
4333/tcp	tcpwrapped	- -
4444/tcp	krb524	- -
4445/tcp	upnotifyp	- -
5000/tcp	upnp	- -
5004/tcp	avt-profile-1	- -
5005/tcp	avt-profile-2	- -
5013/tcp	fmpro-v6	- -
5051/tcp	tcpwrapped	- -
5060/tcp	sip	- -
5101/tcp	admdog	- -
5190/tcp	aol	- -
5223/tcp	tcpwrapped	- -
5357/tcp	tcpwrapped	- -
5631/tcp	pcanywheredata	- -
5666/tcp	nrpe	- -
5800/tcp	tcpwrapped	- -
5901/tcp	vnc-1	- -
5985/tcp	tcpwrapped	- -
6000/tcp	X11	- -
6001/tcp	X11:1	- -
6346/tcp	gnutella	- -
6588/tcp	tcpwrapped	- -
6646/tcp	unknown	- -
6665/tcp	tcpwrapped	- -
6679/tcp	tcpwrapped	- -
6699/tcp	napster	- -
7000/tcp	tcpwrapped	- -
7001/tcp	tcpwrapped	- -
7070/tcp	realserver	- -
7199/tcp	None	- -
8000/tcp	http	- -
8008/tcp	http	- -
8009/tcp	ajp13	- -
8081/tcp	blackice-icecap	- -
8200/tcp	tcpwrapped	- -
8443/tcp	https-alt	- -
8500/tcp	tcpwrapped	- -
8888/tcp	tcpwrapped	- -
9000/tcp	tcpwrapped	- -
9042/tcp	tcpwrapped	- -
9100/tcp	jetdirect	- -
9800/tcp	davsrc	- -
9999/tcp	abyss	- -
10000/tcp	snet-sensor-mgmt	- -
10161/tcp	tcpwrapped	- -
10162/tcp	tcpwrapped	- -
19638/tcp	None	- -
20000/tcp	dnp	- -
27017/tcp	tcpwrapped	- -
49152/tcp	unknown	- -
49153/tcp	tcpwrapped	- -
49154/tcp	tcpwrapped	- -
49155/tcp	unknown	- -
49157/tcp	unknown	- -

Web Technologies

Software / Version	Category
Astro 4.16.18	Static site generator, JavaScript frameworks
Google Analytics GA4	Analytics
Google Font API	Font scripts
Leaflet 1.9.4	Maps
Livefyre 1.9.4	Comment systems
Open Graph	Miscellaneous
Unpkg	CDN
Priority Hints	Performance
Google Tag Manager	Tag managers
Netlify	PaaS, CDN
HSTS	Security

Web Application Vulnerabilities

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	Summary
CVE-2025-64765	6.9	0.00028	0.07705	Astro is a web framework. Prior to version 5.15.8, a mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI() to determine which route to render, while the middleware uses context.url.pathname without applying the same normalization (decodeURI). This discrepancy may allow attackers to reach protected routes using encoded path variants that pass routing but bypass validation checks. This issue has been patched in version 5.15.8.
CVE-2025-66202	6.5	0.00254	0.48451	Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, the fix is insufficient as it only decodes once. By using double-encoded URLs, attackers can still bypass authentication and access any route protected by middleware pathname checks. This issue is fixed in version 5.15.8.
CVE-2025-64525	6.5	0.01332	0.7982	Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to build the URL. This has several consequences, the most important of which are: middleware-based protected route bypass (only via `x-forwarded-proto`), DoS via cache poisoning (if a CDN is present), SSRF (only via `x-forwarded-proto`), URL pollution (potential SXSS, if a CDN is present), and WAF bypass. Version 5.15.5 contains a patch.
CVE-2025-61925	6.5	0.00046	0.13901	Astro is a web framework. Prior to version 5.14.2, Astro reflects the value in `X-Forwarded-Host` in output when using `Astro.url` without any validation. It is common for web servers such as nginx to route requests via the `Host` header, and forward on other request headers. As such as malicious request can be sent with both a `Host` header and an `X-Forwarded-Host` header where the values do not match and the `X-Forwarded-Host` header is malicious. Astro will then return the malicious value. This could result in any usages of the `Astro.url` value in code being manipulated by a request. For example if a user follows guidance and uses `Astro.url` for a canonical link the canonical link can be manipulated to another site. It is theoretically possible that the value could also be used as a login/registration or other form URL as well, resulting in potential redirecting of login credentials to a malicious party. As this is a per-request attack vector the surface area would only be to the malicious user until one considers that having a caching proxy is a common setup, in which case any page which is cached could persist the malicious value for subsequent users. Many other frameworks have an allowlist of domains to validate against, or do not have a case where the headers are reflected to avoid such issues. This could affect anyone using Astro in an on-demand/dynamic rendering mode behind a caching proxy. Version 5.14.2 contains a fix for the issue.
CVE-2025-65019	5.4	0.00068	0.20777	Astro is a web framework. Prior to version 5.15.9, when using Astro's Cloudflare adapter (@astrojs/cloudflare) with output: 'server', the image optimization endpoint (/_image) contains a critical vulnerability in the isRemoteAllowed() function that unconditionally allows data: protocol URLs. This enables Cross-Site Scripting (XSS) attacks through malicious SVG payloads, bypassing domain restrictions and Content Security Policy protections. This issue has been patched in version 5.15.9.

Vulnerability description

Outdated or vulnerable software components include versions of server-side software that are no longer supported or have known, publicly disclosed vulnerabilities. Using outdated software significantly increases the attack surface of a system and may allow unauthorized access, data leaks, or service disruptions. Vulnerabilities in these components are often well-documented and actively exploited by attackers. Without security patches or vendor support, any weaknesses remain unmitigated, exposing the application to risks. In some cases, even after patching, the reported version may remain unchanged, requiring manual verification.

Risk description

The risk is that an attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the system. Since the vulnerabilities were discovered using only version-based testing, the risk level for this finding will not exceed 'high' severity. Critical risks will be assigned to vulnerabilities identified through accurate active testing methods.

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification

CWE	CWE-1035
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL
https://www.parcel-viewer.us/robots.txt

Vulnerability description

We found the robots.txt on the target server. This file instructs web crawlers what URLs and endpoints of the web application they can visit and crawl. Website administrators often misuse this file while attempting to hide some web pages from the users.

Risk description

There is no particular security risk in having a robots.txt file. However, it's important to note that adding endpoints in it should not be considered a security measure, as this file can be directly accessed and read by anyone.

Recommendation

We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website (ex. administration panels, configuration files, etc).

Evidence

URL Evidence

URL	Evidence
https://www.parcel-viewer.us/	Response headers include the HTTP Content-Security-Policy security header with the following security issues:`script-src: 'self' can be problematic if you host JSONP, Angular or user uploaded files. object-src: We recommend restricting object-src to 'none'. script-src: 'unsafe-eval' allows the execution of code injected into DOM APIs such as eval(). script-src: ''unsafe-inline'' allows the execution of unsafe in-page scripts and event handlers.`

https://www.parcel-viewer.us/

Response headers include the HTTP Content-Security-Policy security header with the following security issues:script-src: 'self' can be problematic if you host JSONP, Angular or user uploaded files. object-src: We recommend restricting object-src to 'none'. script-src: 'unsafe-eval' allows the execution of code injected into DOM APIs such as eval(). script-src: ''unsafe-inline'' allows the execution of unsafe in-page scripts and event handlers.

Vulnerability description

We noticed that the Content-Security-Policy (CSP) header configured for the web application includes unsafe directives. The CSP header activates a protection mechanism implemented in web browsers which prevents exploitation of Cross-Site Scripting vulnerabilities (XSS) by restricting the sources from which content can be loaded or executed.

Risk description

For example, if the unsafe-inline directive is present in the CSP header, the execution of inline scripts and event handlers is allowed. This can be exploited by an attacker to execute arbitrary JavaScript code in the context of the vulnerable application.

Recommendation

Remove the unsafe values from the directives, adopt nonces or hashes for safer inclusion of inline scripts if they are needed, and explicitly define the sources from which scripts, styles, images or other resources can be loaded.

Classification

CWE	CWE-1021
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

Software / Version	Category
Astro 4.16.18	Static site generator, JavaScript frameworks
Google Analytics GA4	Analytics
Google Font API	Font scripts
Leaflet 1.9.4	Maps
Livefyre 1.9.4	Comment systems
Open Graph	Miscellaneous
Unpkg	CDN
Priority Hints	Performance
Google Tag Manager	Tag managers
Netlify	PaaS, CDN
HSTS	Security

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

Classification

CWE	CWE-200
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL
Missing: https://www.parcel-viewer.us/.well-known/security.txt

Vulnerability description

We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.

Risk description

There is no particular risk in not having a security.txt file for your server. However, this file is important because it offers a designated channel for reporting vulnerabilities and security issues.

Recommendation

We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.

Classification

CWE	CWE-1188
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Infrastructure Vulnerabilities

Evidence

Software / Version	Category
Google Analytics GA4	Analytics
Netlify	PaaS, CDN
HSTS	Security

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

Evidence

Domain Queried	DNS Record Type	Description	Value
www.parcel-viewer.us	A	IPv4 address	75.2.60.5
www.parcel-viewer.us	A	IPv4 address	99.83.231.61
www.parcel-viewer.us	CNAME	Canonical name	apex-loadbalancer.netlify.com

Risk description

An initial step for an attacker aiming to learn about an organization involves conducting searches on its domain names to uncover DNS records associated with the organization. This strategy aims to amass comprehensive insights into the target domain, enabling the attacker to outline the organization's external digital landscape. This gathered intelligence may subsequently serve as a foundation for launching attacks, including those based on social engineering techniques. DNS records pointing to services or servers that are no longer in use can provide an attacker with an easy entry point into the network.

Recommendation

We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.