ups-tracking-id96578.dynnamn.ru
Open in
urlscan Pro
190.14.37.121
Malicious Activity!
Public Scan
Effective URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Submission Tags: falconsandbox
Submission: On August 09 via api from US — Scanned from ES
Summary
TLS certificate: Issued by R3 on August 9th 2023. Valid for: 3 months.
This is the only time ups-tracking-id96578.dynnamn.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 | 192.99.75.200 192.99.75.200 | 16276 (OVH) (OVH) | |
1 | 2a00:1450:400... 2a00:1450:4001:809::2008 | 15169 (GOOGLE) (GOOGLE) | |
1 | 2a00:1450:400... 2a00:1450:4001:82b::200a | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3 | 32934 (FACEBOOK) (FACEBOOK) | |
1 | 2001:4860:480... 2001:4860:4802:34::36 | 15169 (GOOGLE) (GOOGLE) | |
2 | 2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de | 32934 (FACEBOOK) (FACEBOOK) | |
1 13 | 190.14.37.121 190.14.37.121 | 52469 (Offshore ...) (Offshore Racks S.A) | |
22 | 8 |
ASN16276 (OVH, FR)
PTR: ip200.ip-192-99-75.net
address.shipment.id92875.services |
ASN15169 (GOOGLE, US)
www.googletagmanager.com |
ASN32934 (FACEBOOK, US)
connect.facebook.net |
ASN32934 (FACEBOOK, US)
www.facebook.com |
ASN52469 (Offshore Racks S.A, PA)
PTR: mta2.expeditedbizfunding.com
ups-tracking-id96578.dynnamn.ru |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
dynnamn.ru
1 redirects
ups-tracking-id96578.dynnamn.ru |
1 MB |
2 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 107 |
239 B |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170 |
135 KB |
1 |
google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2069 |
266 B |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67 |
980 B |
1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65 |
80 KB |
1 |
id92875.services
address.shipment.id92875.services |
3 KB |
22 | 7 |
Domain | Requested by | |
---|---|---|
13 | ups-tracking-id96578.dynnamn.ru |
1 redirects
address.shipment.id92875.services
ups-tracking-id96578.dynnamn.ru |
2 | www.facebook.com |
address.shipment.id92875.services
|
2 | connect.facebook.net |
address.shipment.id92875.services
connect.facebook.net |
1 | region1.google-analytics.com |
www.googletagmanager.com
|
1 | fonts.googleapis.com |
address.shipment.id92875.services
|
1 | www.googletagmanager.com |
address.shipment.id92875.services
|
1 | address.shipment.id92875.services | |
22 | 7 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
i.feltlikesharing.com R3 |
2023-06-29 - 2023-09-27 |
3 months | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-17 - 2023-10-09 |
3 months | crt.sh |
upload.video.google.com GTS CA 1C3 |
2023-07-17 - 2023-10-09 |
3 months | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-05-19 - 2023-08-17 |
3 months | crt.sh |
ups-tracking-id96578.dynnamn.ru R3 |
2023-08-09 - 2023-11-07 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Frame ID: 53EE9667A2258936490FD4CD058BAAC4
Requests: 23 HTTP requests in this frame
Screenshot
Page Title
Global Shipping & Logistics Services | UPS - United StatesPage URL History Show full URLs
- https://address.shipment.id92875.services/redelivery Page URL
-
https://ups-tracking-id96578.dynnamn.ru/?track
HTTP 302
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage Page URL
Detected technologies
Datadome (Miscellaneous) ExpandDetected patterns
Facebook (Widgets) Expand
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Google Analytics (Analytics) Expand
Detected patterns
Google Tag Manager (Tag Managers) Expand
Detected patterns
- googletagmanager\.com/gtag/js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://address.shipment.id92875.services/redelivery Page URL
-
https://ups-tracking-id96578.dynnamn.ru/?track
HTTP 302
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
22 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
redelivery
address.shipment.id92875.services/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js
www.googletagmanager.com/gtag/ |
228 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
3 KB 980 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
172 KB 47 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
194243278145610
connect.facebook.net/signals/config/ |
305 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST H2 |
collect
region1.google-analytics.com/g/ |
0 266 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Primary Request
homepage
ups-tracking-id96578.dynnamn.ru/us/en/ Redirect Chain
|
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
/
www.facebook.com/tr/ |
0 54 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
region1.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
POST |
collect
region1.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ups_0021.css
ups-tracking-id96578.dynnamn.ru/assets/css/ |
149 KB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
ups1.css
ups-tracking-id96578.dynnamn.ru/assets/css/ |
285 KB 286 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
css.css
ups-tracking-id96578.dynnamn.ru/assets/css/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
UPS_logo.svg
ups-tracking-id96578.dynnamn.ru/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
jquery.js
ups-tracking-id96578.dynnamn.ru/assets/js/ |
401 KB 401 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
mask.js
ups-tracking-id96578.dynnamn.ru/assets/js/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
social.jpg
ups-tracking-id96578.dynnamn.ru/assets/images/ |
4 KB 4 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Regular.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ |
92 KB 92 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Medium.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ |
92 KB 92 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
Roboto-Bold.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
20220401-JTBD-US-MAEVE.webp
ups-tracking-id96578.dynnamn.ru/assets/img/ |
41 KB 42 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- region1.google-analytics.com
- URL
- https://region1.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y>m=45je3870&_p=455885317&cid=1278109438.1691598599&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1691598598&sct=1&seg=0&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery&dt=Pixelfy.me&en=scroll&epn.percent_scrolled=90&_et=11
- Domain
- region1.google-analytics.com
- URL
- https://region1.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y>m=45je3870&_p=455885317&cid=1278109438.1691598599&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1691598598&sct=1&seg=0&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery&dt=Pixelfy.me&en=user_engagement&_et=2175
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
.id92875.services/ | Name: datadome Value: 5Nud-7ga-gh64H37Emwjk_xGYvqFq9bChfuXzFmK64-FmqkD-yN10DuiUwKsw48ulyUwIv4IF3070wzMvQdvQ_~QqCjh~Cbikm1Xbs3xwVUIPzRVqA7sKVCmqvXORBAL |
|
.id92875.services/ | Name: _ga Value: GA1.1.1278109438.1691598599 |
|
.id92875.services/ | Name: _fbp Value: fb.1.1691598598727.1877593713 |
|
ups-tracking-id96578.dynnamn.ru/ | Name: XSRF-TOKEN Value: eyJpdiI6IlQxVWI5VnhqRC9mQngxa0g4V29rQlE9PSIsInZhbHVlIjoiNlNnS2wrN0MyZmhMV3FLOWxNQXZhZUZ0T3ZFaEtRclQxQTR6S0pTdUhnWFp1V2huQ2Q5K1BXTVRRMDBJb0pyTjgrYzJLZkYzT1poTHpmWnkzT0FBR1V2cVEraU5IbUhyWTJ3VVdBc3RVYytNZWVzKzRucndrMkxBVWNaNEEvM0kiLCJtYWMiOiJiNDE0NjlmN2M4MWQzNDIwYmI5OTk1MTEyYjcyMjI4YjhjNWRiZjhlZGI3NGRlZmIyODBjOTg4YTMwN2M2MDdlIiwidGFnIjoiIn0%3D |
|
ups-tracking-id96578.dynnamn.ru/ | Name: g_project_session Value: eyJpdiI6ImdXZGMzM3BKaEIzNGc0TFM0U3ZNbnc9PSIsInZhbHVlIjoiZXI2R2F6cGhiRGR1QWl0ZFUzY3ZIWVk4Mzh4TnBvVnRhV2tQOUlIaHB6MkxsMzJnZVBxWXJqd1MwaDJyZlc3dDU4RHhMQzVTc2Q3WHNnWWlCS2l6YjFZTTZnWVBBcERIRm5hVGRzOEovK2p4cU9Yalo4anRjL3Vmelo0SDAxMTIiLCJtYWMiOiJjYzNjMmQwZTlmZGZhNjViYjRjMTYyZTY3YmI3ZDJiNTMzMWYxZWZlYjJlZGI3MjdkNWIxYmNiMDFjNmFhZGE1IiwidGFnIjoiIn0%3D |
|
.id92875.services/ | Name: _ga_1QBJ2GPV5Y Value: GS1.1.1691598598.1.0.1691598600.0.0.0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
address.shipment.id92875.services
connect.facebook.net
fonts.googleapis.com
region1.google-analytics.com
ups-tracking-id96578.dynnamn.ru
www.facebook.com
www.googletagmanager.com
region1.google-analytics.com
190.14.37.121
192.99.75.200
2001:4860:4802:34::36
2a00:1450:4001:809::2008
2a00:1450:4001:82b::200a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
1f4eaf5af854276216eb7e4a04e29b9aca3432852367cbd4e87c2d013f1b50c7
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
5e508c9d5f9c7a2947a7a5cc3a3ac5db9fd7963219cd35f48452140fbde31fc3
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
65c1973e1b3bfc3672a6e847e0c6b287b8d78fa05d0881e96fa7596268ac53aa
6d58c1e726f9c0c33808d6bd8a03711b904f093fd0e0121391b5a73d60c5d284
8982fb287363f6161638cefed6142aec98a25c91e7c999f7ec3b0489c4815f74
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
a95ce23b3ea6571c5032e3252801c67cc9db6b39a74a7a7f09b5695c9738fd8d
ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7
d1fb678c9385de1e8451e849016b8a66877ea23488ed34b0ca6f8ad9ba60f4a8
d2d0f4951471ac28bc4084acec16ff110c6de4e76118e836affd556c55f1a392
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b
fe2cee52614c95965daebca42a5be71f84776746aed846f57b4fc7ed29757abc