urlscan.io logo urlscan.io
SecurityTrails logo

ups-tracking-id96578.dynnamn.ru Open in urlscan Pro
190.14.37.121  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://address.shipment.id92875.services/redelivery#ups39825
Effective URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Submission Tags: falconsandbox
Submission: On August 09 via api from US — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 7 domains to perform 22 HTTP transactions. The main IP is 190.14.37.121, located in Panama and belongs to Offshore Racks S.A, PA. The main domain is ups-tracking-id96578.dynnamn.ru.
TLS certificate: Issued by R3 on August 9th 2023. Valid for: 3 months.
This is the only time ups-tracking-id96578.dynnamn.ru was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

1    192.99.75.200 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ip200.ip-192-99-75.net
address.shipment.id92875.services
1    2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
2    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
13    190.14.37.121 (Panama)

ASN52469 (Offshore Racks S.A, PA)
PTR: mta2.expeditedbizfunding.com
ups-tracking-id96578.dynnamn.ru
Apex Domain
Subdomains		 Transfer
13 dynnamn.ru
ups-tracking-id96578.dynnamn.ru
1 MB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
239 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170
135 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2069
266 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
980 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
80 KB
1 id92875.services
address.shipment.id92875.services
3 KB
22 7
Domain Requested by
13 ups-tracking-id96578.dynnamn.ru 1 redirects address.shipment.id92875.services
ups-tracking-id96578.dynnamn.ru
2 www.facebook.com address.shipment.id92875.services
2 connect.facebook.net address.shipment.id92875.services
connect.facebook.net
1 region1.google-analytics.com www.googletagmanager.com
1 fonts.googleapis.com address.shipment.id92875.services
1 www.googletagmanager.com address.shipment.id92875.services
1 address.shipment.id92875.services
22 7

This site contains no links.

Subject Issuer Validity Valid
i.feltlikesharing.com
R3		 2023-06-29 -
2023-09-27		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-05-19 -
2023-08-17		 3 months crt.sh
ups-tracking-id96578.dynnamn.ru
R3		 2023-08-09 -
2023-11-07		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Frame ID: 53EE9667A2258936490FD4CD058BAAC4
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Global Shipping & Logistics Services | UPS - United States

Page URL History Show full URLs

  1. https://address.shipment.id92875.services/redelivery Page URL
  2. https://ups-tracking-id96578.dynnamn.ru/?track HTTP 302
    https://ups-tracking-id96578.dynnamn.ru/us/en/homepage Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

22
Requests

86 %
HTTPS

71 %
IPv6

7
Domains

7
Subdomains

8
IPs

4
Countries

1372 kB
Transfer

1864 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://address.shipment.id92875.services/redelivery Page URL
  2. https://ups-tracking-id96578.dynnamn.ru/?track HTTP 302
    https://ups-tracking-id96578.dynnamn.ru/us/en/homepage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

22 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
redelivery
address.shipment.id92875.services/ 		6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://address.shipment.id92875.services/redelivery
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.75.200 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS
ip200.ip-192-99-75.net
Software
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33
Resource Hash
a95ce23b3ea6571c5032e3252801c67cc9db6b39a74a7a7f09b5695c9738fd8d

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Accept-CH
Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
1942
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Aug 2023 16:29:57 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Server
Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Vary
Accept-Encoding
X-DataDome
protected
X-Powered-By
PHP/7.4.33
js
www.googletagmanager.com/gtag/ 		228 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-1QBJ2GPV5Y
Requested by
Host: address.shipment.id92875.services
URL: https://address.shipment.id92875.services/redelivery
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
65c1973e1b3bfc3672a6e847e0c6b287b8d78fa05d0881e96fa7596268ac53aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 16:29:58 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81677
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 09 Aug 2023 16:29:58 GMT
css
fonts.googleapis.com/ 		3 KB
980 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Ubuntu:400,500
Requested by
Host: address.shipment.id92875.services
URL: https://address.shipment.id92875.services/redelivery
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6d58c1e726f9c0c33808d6bd8a03711b904f093fd0e0121391b5a73d60c5d284
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 09 Aug 2023 16:29:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 16:13:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Aug 2023 16:29:58 GMT
fbevents.js
connect.facebook.net/en_US/ 		172 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: address.shipment.id92875.services
URL: https://address.shipment.id92875.services/redelivery
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 09 Aug 2023 16:29:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
47151
x-xss-protection
0
pragma
public
x-fb-debug
YPhHxo3sNef5jtunJnnVxk+JV4XrB/I6v6GPBzYfNUeoXnOCxXSj45HX0XaxsemDEn9g5R5Q2nK8dLLZlAO5mw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
194243278145610
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/194243278145610?v=2.9.121&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 09 Aug 2023 16:29:58 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
0XXXhlREXpOCkDo5ggJ5PVM2WfVyv04k65dKo/78trIB0zc4wTcNdLH1fKloUn+2c6MRzt8rfiglVIFwumxUgA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.google-analytics.com/g/ 		0
266 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y&gtm=45je3870&_p=455885317&cid=1278109438.1691598599&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691598598&sct=1&seg=0&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery&dt=Pixelfy.me&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-1QBJ2GPV5Y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 16:29:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://address.shipment.id92875.services
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=194243278145610&ev=PageView&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery%23ups39825&rl=&if=false&ts=1691598598730&sw=1600&sh=1200&v=2.9.121&r=stable&ec=0&o=30&fbp=fb.1.1691598598727.1877593713&it=1691598598514&coo=false&exp=a1&rqm=GET
Requested by
Host: address.shipment.id92875.services
URL: https://address.shipment.id92875.services/redelivery
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 09 Aug 2023 16:29:58 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
Primary Request homepage
ups-tracking-id96578.dynnamn.ru/us/en/
Redirect Chain
  • https://ups-tracking-id96578.dynnamn.ru/?track
  • https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
20 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Requested by
Host: address.shipment.id92875.services
URL: https://address.shipment.id92875.services/redelivery
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
1f4eaf5af854276216eb7e4a04e29b9aca3432852367cbd4e87c2d013f1b50c7

Request headers

Referer
https://address.shipment.id92875.services/redelivery#ups39825
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-cache, private
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Aug 2023 16:29:58 GMT
Keep-Alive
timeout=5, max=99
Server
Apache
Transfer-Encoding
chunked
Vary
X-Inertia

Redirect headers

Cache-Control
no-cache, private
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
Date
Wed, 09 Aug 2023 16:29:58 GMT
Keep-Alive
timeout=5, max=100
Location
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Server
Apache
Transfer-Encoding
chunked
Vary
X-Inertia
/
www.facebook.com/tr/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=194243278145610&ev=Microdata&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery%23ups39825&rl=&if=false&ts=1691598599236&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Pixelfy.me%22%7D&cd[OpenGraph]=%7B%22og%3Aurl%22%3A%22https%3A%2F%2Fups-tracking-id96578.dynnamn.ru%2F%3Ftrack%22%2C%22og%3Atitle%22%3A%22Global%20Shipping%20%26%20Logistics%20Services%20%7C%20UPS%20-%20United%20State...%22%2C%22og%3Adescription%22%3A%22Pixelfy.me%22%2C%22og%3Aimage%22%3A%22%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.121&r=stable&ec=1&o=30&fbp=fb.1.1691598598727.1877593713&it=1691598598514&coo=false&es=automatic&tm=3&exp=a1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
es-ES,es;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 09 Aug 2023 16:29:59 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
collect
region1.google-analytics.com/g/ 		0
0
collect
region1.google-analytics.com/g/ 		0
0
ups_0021.css
ups-tracking-id96578.dynnamn.ru/assets/css/ 		149 KB
149 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups_0021.css
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
fe2cee52614c95965daebca42a5be71f84776746aed846f57b4fc7ed29757abc

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:58 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
152529
ups1.css
ups-tracking-id96578.dynnamn.ru/assets/css/ 		285 KB
286 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
d1fb678c9385de1e8451e849016b8a66877ea23488ed34b0ca6f8ad9ba60f4a8

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
292321
css.css
ups-tracking-id96578.dynnamn.ru/assets/css/ 		7 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/css/css.css
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
8982fb287363f6161638cefed6142aec98a25c91e7c999f7ec3b0489c4815f74

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
6699
UPS_logo.svg
ups-tracking-id96578.dynnamn.ru/assets/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/img/UPS_logo.svg
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
2162
jquery.js
ups-tracking-id96578.dynnamn.ru/assets/js/ 		401 KB
401 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/js/jquery.js
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
410866
mask.js
ups-tracking-id96578.dynnamn.ru/assets/js/ 		28 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/js/mask.js
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
28737
social.jpg
ups-tracking-id96578.dynnamn.ru/assets/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/images/social.jpg
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
5e508c9d5f9c7a2947a7a5cc3a3ac5db9fd7963219cd35f48452140fbde31fc3

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:30:00 GMT
Cache-Control
no-cache, private
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Roboto-Regular.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/fonts/Roboto-Regular.woff
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2

Request headers

Referer
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Origin
https://ups-tracking-id96578.dynnamn.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
93784
truncated
/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2d0f4951471ac28bc4084acec16ff110c6de4e76118e836affd556c55f1a392

Request headers

Referer
Origin
https://ups-tracking-id96578.dynnamn.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
Roboto-Medium.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ 		92 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/fonts/Roboto-Medium.woff
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706

Request headers

Referer
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Origin
https://ups-tracking-id96578.dynnamn.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
94364
Roboto-Bold.woff
ups-tracking-id96578.dynnamn.ru/assets/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/fonts/Roboto-Bold.woff
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36

Request headers

Referer
https://ups-tracking-id96578.dynnamn.ru/assets/css/ups1.css
Origin
https://ups-tracking-id96578.dynnamn.ru
accept-language
es-ES,es;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:29:59 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
font/woff
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
26564
20220401-JTBD-US-MAEVE.webp
ups-tracking-id96578.dynnamn.ru/assets/img/ 		41 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups-tracking-id96578.dynnamn.ru/assets/img/20220401-JTBD-US-MAEVE.webp
Requested by
Host: ups-tracking-id96578.dynnamn.ru
URL: https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
190.14.37.121 , Panama, ASN52469 (Offshore Racks S.A, PA),
Reverse DNS
mta2.expeditedbizfunding.com
Software
Apache /
Resource Hash
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://ups-tracking-id96578.dynnamn.ru/us/en/homepage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date
Wed, 09 Aug 2023 16:30:00 GMT
Last-Modified
Tue, 01 Aug 2023 17:03:01 GMT
Server
Apache
Content-Type
image/webp
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
42494

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y&gtm=45je3870&_p=455885317&cid=1278109438.1691598599&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1691598598&sct=1&seg=0&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery&dt=Pixelfy.me&en=scroll&epn.percent_scrolled=90&_et=11
Domain
region1.google-analytics.com
URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y&gtm=45je3870&_p=455885317&cid=1278109438.1691598599&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1691598598&sct=1&seg=0&dl=https%3A%2F%2Faddress.shipment.id92875.services%2Fredelivery&dt=Pixelfy.me&en=user_engagement&_et=2175

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

6 Cookies

Domain/Path Name / Value
.id92875.services/ Name: datadome
Value: 5Nud-7ga-gh64H37Emwjk_xGYvqFq9bChfuXzFmK64-FmqkD-yN10DuiUwKsw48ulyUwIv4IF3070wzMvQdvQ_~QqCjh~Cbikm1Xbs3xwVUIPzRVqA7sKVCmqvXORBAL
.id92875.services/ Name: _ga
Value: GA1.1.1278109438.1691598599
.id92875.services/ Name: _fbp
Value: fb.1.1691598598727.1877593713
ups-tracking-id96578.dynnamn.ru/ Name: XSRF-TOKEN
Value: eyJpdiI6IlQxVWI5VnhqRC9mQngxa0g4V29rQlE9PSIsInZhbHVlIjoiNlNnS2wrN0MyZmhMV3FLOWxNQXZhZUZ0T3ZFaEtRclQxQTR6S0pTdUhnWFp1V2huQ2Q5K1BXTVRRMDBJb0pyTjgrYzJLZkYzT1poTHpmWnkzT0FBR1V2cVEraU5IbUhyWTJ3VVdBc3RVYytNZWVzKzRucndrMkxBVWNaNEEvM0kiLCJtYWMiOiJiNDE0NjlmN2M4MWQzNDIwYmI5OTk1MTEyYjcyMjI4YjhjNWRiZjhlZGI3NGRlZmIyODBjOTg4YTMwN2M2MDdlIiwidGFnIjoiIn0%3D
ups-tracking-id96578.dynnamn.ru/ Name: g_project_session
Value: eyJpdiI6ImdXZGMzM3BKaEIzNGc0TFM0U3ZNbnc9PSIsInZhbHVlIjoiZXI2R2F6cGhiRGR1QWl0ZFUzY3ZIWVk4Mzh4TnBvVnRhV2tQOUlIaHB6MkxsMzJnZVBxWXJqd1MwaDJyZlc3dDU4RHhMQzVTc2Q3WHNnWWlCS2l6YjFZTTZnWVBBcERIRm5hVGRzOEovK2p4cU9Yalo4anRjL3Vmelo0SDAxMTIiLCJtYWMiOiJjYzNjMmQwZTlmZGZhNjViYjRjMTYyZTY3YmI3ZDJiNTMzMWYxZWZlYjJlZGI3MjdkNWIxYmNiMDFjNmFhZGE1IiwidGFnIjoiIn0%3D
.id92875.services/ Name: _ga_1QBJ2GPV5Y
Value: GS1.1.1691598598.1.0.1691598600.0.0.0

1 Console Messages

Source Level URL
Text
network error URL: https://ups-tracking-id96578.dynnamn.ru/assets/images/social.jpg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

address.shipment.id92875.services
connect.facebook.net
fonts.googleapis.com
region1.google-analytics.com
ups-tracking-id96578.dynnamn.ru
www.facebook.com
www.googletagmanager.com
region1.google-analytics.com
190.14.37.121
192.99.75.200
2001:4860:4802:34::36
2a00:1450:4001:809::2008
2a00:1450:4001:82b::200a
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
1f4eaf5af854276216eb7e4a04e29b9aca3432852367cbd4e87c2d013f1b50c7
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
5e508c9d5f9c7a2947a7a5cc3a3ac5db9fd7963219cd35f48452140fbde31fc3
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
65c1973e1b3bfc3672a6e847e0c6b287b8d78fa05d0881e96fa7596268ac53aa
6d58c1e726f9c0c33808d6bd8a03711b904f093fd0e0121391b5a73d60c5d284
8982fb287363f6161638cefed6142aec98a25c91e7c999f7ec3b0489c4815f74
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
a95ce23b3ea6571c5032e3252801c67cc9db6b39a74a7a7f09b5695c9738fd8d
ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7
d1fb678c9385de1e8451e849016b8a66877ea23488ed34b0ca6f8ad9ba60f4a8
d2d0f4951471ac28bc4084acec16ff110c6de4e76118e836affd556c55f1a392
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b
fe2cee52614c95965daebca42a5be71f84776746aed846f57b4fc7ed29757abc