www.express-delivery-id93982347324000380.poisongroup.org Open in urlscan Pro
164.52.196.83 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.express-delivery-id93982347324000380.poisongroup.org/
Effective URL:
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Submission: On June 28 via automatic, source certstream-suspicious (June 28th 2022, 3:46:36 pm UTC) — Scanned from DE

Summary HTTP 25 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 25 HTTP transactions. The main IP is 164.52.196.83, located in Imphal, India and belongs to E2E-NETWORKS-IN 282, Sector 19, IN. The main domain is www.express-delivery-id93982347324000380.poisongroup.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 28th 2022. Valid for: 3 months.

This is the only time www.express-delivery-id93982347324000380.poisongroup.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
2 11	164.52.196.83 164.52.196.83	132420 (E2E-NETWO...) (E2E-NETWORKS-IN 282)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	104.75.89.177 104.75.89.177	16625 (AKAMAI-AS) (AKAMAI-AS)
2	54.228.71.178 54.228.71.178	16509 (AMAZON-02) (AMAZON-02)
4	23.35.237.2 23.35.237.2	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a02:26f0:ef:... 2a02:26f0:ef:296::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:ef:... 2a02:26f0:ef:2a0::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	23.205.239.224 23.205.239.224	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2a03:2880:f12... 2a03:2880:f12d:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
25	11

11 164.52.196.83 (Imphal, India) 2 redirects

ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN)
PTR: server.schoolerpindia.in

www.express-delivery-id93982347324000380.poisongroup.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.75.89.177 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-75-89-177.deploy.static.akamaitechnologies.com

www.ups.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.228.71.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 23.35.237.2 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-2.deploy.static.akamaitechnologies.com

cdns.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdns.us1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ef:296::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:ef:2a0::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.205.239.224 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-205-239-224.deploy.static.akamaitechnologies.com

accounts.us1.gigya.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	poisongroup.org 2 redirects www.express-delivery-id93982347324000380.poisongroup.org	598 KB
6	gigya.com cdns.gigya.com — Cisco Umbrella Rank: 6395 cdns.us1.gigya.com — Cisco Umbrella Rank: 7798 accounts.us1.gigya.com — Cisco Umbrella Rank: 18224	194 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 155	88 KB
2	go-mpulse.net s.go-mpulse.net — Cisco Umbrella Rank: 1204 c.go-mpulse.net — Cisco Umbrella Rank: 513	50 KB
2	iesnare.com mpsnare.iesnare.com — Cisco Umbrella Rank: 5135	14 KB
2	ups.com www.ups.com — Cisco Umbrella Rank: 7050	2 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 96
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 307	31 KB
25	8

	Domain	Requested by
11	www.express-delivery-id93982347324000380.poisongroup.org	2 redirects www.express-delivery-id93982347324000380.poisongroup.org
3	cdns.us1.gigya.com	cdns.gigya.com cdns.us1.gigya.com
2	connect.facebook.net	cdns.gigya.com connect.facebook.net
2	accounts.us1.gigya.com	cdns.us1.gigya.com
2	mpsnare.iesnare.com	www.express-delivery-id93982347324000380.poisongroup.org mpsnare.iesnare.com
2	www.ups.com	www.express-delivery-id93982347324000380.poisongroup.org
1	www.facebook.com	connect.facebook.net
1	c.go-mpulse.net	s.go-mpulse.net
1	s.go-mpulse.net	www.express-delivery-id93982347324000380.poisongroup.org
1	cdns.gigya.com	www.express-delivery-id93982347324000380.poisongroup.org
1	ajax.googleapis.com	www.express-delivery-id93982347324000380.poisongroup.org
25	11

This site contains links to these domains. Also see Links.

Domain
www.ups.com
wwwapps.ups.com
about.ups.com
www.investors.ups.com
www.jobs-ups.com
upscapital.com

Subject Issuer	Validity	Valid
express-delivery-id93982347324000380.poisongroup.org cPanel, Inc. Certification Authority	`2022-06-28` - `2022-09-26`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-06-06` - `2022-08-29`	3 months	crt.sh
www.ups.com COMODO RSA Organization Validation Secure Server CA	`2022-01-18` - `2023-01-18`	a year	crt.sh
mpsnare.iesnare.com DigiCert SHA2 High Assurance Server CA	`2022-04-29` - `2023-05-23`	a year	crt.sh
cdns.gigya.com DigiCert SHA2 Secure Server CA	`2022-02-04` - `2023-02-04`	a year	crt.sh
akstat.io DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-04-15` - `2023-04-19`	a year	crt.sh
gigya.com GeoTrust RSA CA 2018	`2022-02-03` - `2023-02-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-04-07` - `2022-07-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Frame ID: E59A54211AA44DE810E545E4F4A666BE
Requests: 20 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Frame ID: 512EA19A1E1A20AEE65D27F5C6FF1A3B
Requests: 2 HTTP requests in this frame

Frame: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Frame ID: 9F0F4DA17DA7975E69A9E0EECB3A6FB5
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

UPS - Germany

Page URL History Show full URLs

https://www.express-delivery-id93982347324000380.poisongroup.org/ HTTP 302
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402 HTTP 301
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/ Page URL

Detected technologies

SAP Customer Data Cloud Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

\.gigya\.com/JS/gigya\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

11
Subdomains

11
IPs

3
Countries

1012 kB
Transfer

2823 kB
Size

8
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.ups.com/ma/en/Home.page

Search URL Search Domain Scan URL

URL: https://www.ups.com/dropoff?loc=de_DE
Title: Standorte

Search URL Search Domain Scan URL

URL: https://wwwapps.ups.com/ppc/ppc.html?loc=de_DE#/profilePage
Title: Mein Profil

Search URL Search Domain Scan URL

URL: https://wwwapps.ups.com/emailEnrollment/signIn?loc=de_DE
Title: Kommunikationseinstellungen

Search URL Search Domain Scan URL

URL: https://about.ups.com/de/de/newsroom.html
Title: MedienarbeitLink in einem neuen Fenster öffnen

Search URL Search Domain Scan URL

URL: http://www.investors.ups.com/
Title: InvestorenLink in einem neuen Fenster öffnen

Search URL Search Domain Scan URL

URL: https://www.jobs-ups.com/location
Title: Karriere @ UPSLink in einem neuen Fenster öffnen

Search URL Search Domain Scan URL

URL: https://about.ups.com/de/de/social-impact.html
Title: Nachhaltigkeit und soziales EngagementLink in einem neuen Fenster öffnen

Search URL Search Domain Scan URL

URL: https://upscapital.com/de-de/
Title: UPS CapitalLink in einem neuen Fenster öffnen

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.express-delivery-id93982347324000380.poisongroup.org/ HTTP 302
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402 HTTP 301
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Redirect Chain

https://www.express-delivery-id93982347324000380.poisongroup.org/
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/

37 KB
9 KB

838ms
837ms

Document
text/html

164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: 7925545533d98b6d62df6134855e304f9b0dc3a2aad9ae398989f683b6762d43

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 9014
Content-Type: text/html; charset=UTF-8
Date: Tue, 28 Jun 2022 15:46:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=1, max=498
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

Redirect headers

Connection: Keep-Alive
Content-Length: 301
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 28 Jun 2022 15:46:29 GMT
Keep-Alive: timeout=1, max=499
Location: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Server: Apache

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 87 KB
31 KB 121ms
38ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 15:07:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31021
x-xss-protection: 0
last-modified: Fri, 08 May 2020 07:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 28 Jun 2023 15:07:12 GMT

GET
H/1.1 200
OK ups.vendor.54f3c2d83b58.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ 134 KB
22 KB 203ms
202ms Stylesheet
text/css 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.vendor.54f3c2d83b58.css
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: 45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding: gzip
Last-Modified: Sun, 19 Dec 2021 21:01:40 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=497
Content-Length: 22638

GET
H/1.1 200
OK ups.styles.980b6f0cd47e.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ 231 KB
100 KB 198ms
197ms Stylesheet
text/css 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: 46fdbe261bb6243b549d1165700de6267f2adf464146950ac4515d5338c53586

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding: gzip
Last-Modified: Sun, 19 Dec 2021 21:09:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, public
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=500

GET
H/1.1 200
OK ups.modules.7159dcc6fb29.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ 738 KB
83 KB 596ms
215ms Stylesheet
text/css 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.modules.7159dcc6fb29.css
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: 709cf508f5136673db4c21624949264d87d2235f057a218827e100066275dc8b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding: gzip
Last-Modified: Sun, 19 Dec 2021 21:01:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, public
Transfer-Encoding: chunked
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=500

GET
H/1.1 200
OK ups.widgets.7e2315c2b219.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ 69 KB
9 KB 588ms
194ms Stylesheet
text/css 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.widgets.7e2315c2b219.css
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: f79a125173bb6cefbbac05c2bb6712487907bf60ea66bc7272631cbd3d06a0ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding: gzip
Last-Modified: Sun, 19 Dec 2021 21:01:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/css
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=496
Content-Length: 8522

GET
H2 200 UPS_logo.svg
www.ups.com/assets/resources/images/ 2 KB
1 KB 296ms
45ms Image
image/svg+xml 104.75.89.177
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/assets/resources/images/UPS_logo.svg

Requested by

Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.89.177 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-177.deploy.static.akamaitechnologies.com

Software

Akamai Resource Optimizer /

Resource Hash

a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 15:46:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1086
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
last-modified: Thu, 23 Jun 2022 06:22:01 GMT
server: Akamai Resource Optimizer
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
strict-transport-security: max-age=31536000 ; includeSubDomains
content-type: image/svg+xml
cache-control: no-cache="Set-Cookie"
accept-ranges: bytes
expires: Tue, 28 Jun 2022 15:46:31 GMT

GET
H/1.1 200
OK snare.js Show response
mpsnare.iesnare.com/ 38 KB
13 KB 243ms
58ms Script
text/javascript 54.228.71.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/snare.js

Requested by

Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

ea5ad9dbf40be2f14f4e581727ef790f1defab383d757d5f9be95dde695de1b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

GET
H/1.1 200
OK gigya.js Show response
cdns.gigya.com/JS/ 454 KB
149 KB 181ms
41ms Script
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2eefe7794eb868f0ec76ee8ca2e8a377487553b2f689b84db8856eb784a54437

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: bd97080592544df68211ed7dc00f6abf
Cache-Control: public, max-age=900, s-maxage=3600
x-server: us1d-nomad-g1
Connection: keep-alive
x-robots-tag: none
Content-Length: 151823
Expires: Tue, 28 Jun 2022 16:01:31 GMT

GET
H2 200 icp.gif
www.ups.com/img/ 43 B
381 B 348ms
98ms Image
image/gif 104.75.89.177
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.ups.com/img/icp.gif

Requested by

Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

104.75.89.177 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-75-89-177.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 28 Jun 2022 15:46:31 GMT
x-content-type-options: nosniff
last-modified: Wed, 29 Apr 2015 19:29:01 GMT
server: Apache
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000 ; includeSubDomains
content-type: image/gif
cache-control: no-cache="Set-Cookie"
debug-ak-tls: No bypass
server-timing: cdn-cache; desc=HIT, edge; dur=1
accept-ranges: bytes
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 28 Jun 2022 15:46:31 GMT

GET
H2 200 TADEN-6MDCS-UHH5M-YHPKQ-2GBH3 Show response
s.go-mpulse.net/boomerang/ Frame 512E 205 KB
49 KB 133ms
42ms Script
application/javascript 2a02:26f0:ef:296::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:ef:296::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date: Tue, 28 Jun 2022 15:46:31 GMT
content-encoding: br
last-modified: Mon, 06 Jun 2022 03:54:34 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50393

GET
DATA 200
OK truncated
/ 36 KB
36 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a48e55eba408d92c3a2653ca845937678c75eabe60cad691debf89c0a2b94872

Request headers

Referer
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

GET
H/1.1 200
OK Roboto-Light.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/ 91 KB
92 KB 191ms
191ms Font
font/woff 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Light.woff
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: c578b41854a095f3a7abc3f5413977d05e4e01239225ed53eb23e8c72cc19c5c

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified: Sun, 19 Dec 2021 21:05:40 GMT
Server: Apache
Content-Type: font/woff
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=499
Content-Length: 93472

GET
H/1.1 200
OK Roboto-Regular.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/ 92 KB
92 KB 193ms
192ms Font
font/woff 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Regular.woff
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified: Sun, 19 Dec 2021 21:08:40 GMT
Server: Apache
Content-Type: font/woff
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=499
Content-Length: 93784

GET
H/1.1 200
OK Roboto-Italic.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/ 97 KB
97 KB 194ms
193ms Font
font/woff 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Italic.woff
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: a3ebbe5cccfbabf1e67669b3dc6dc3792f55cf0153bc6f99a39a8d6328c24b98

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified: Sun, 19 Dec 2021 21:08:34 GMT
Server: Apache
Content-Type: font/woff
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=495
Content-Length: 99428

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/script/ 96 B
610 B 58ms
58ms Script
text/javascript 54.228.71.178
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/script/logo.js

Requested by

Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-228-71-178.eu-west-1.compute.amazonaws.com

Software

nginx /

Resource Hash

cc64a775861240dca5d28cc27282c0662691670118eae4918d79376a0beb042c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Wed, 28 Jun 2023 15:46:31 GMT

GET
H/1.1 200
OK Roboto-Medium.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/ 92 KB
92 KB 199ms
198ms Font
font/woff 164.52.196.83
E2E-NETWORKS-IN 282

General

Check archive.org

Show headers Download Go to

Full URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Medium.woff
Requested by: Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS: server.schoolerpindia.in
Software: Apache /
Resource Hash: 4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified: Sun, 19 Dec 2021 21:08:28 GMT
Server: Apache
Content-Type: font/woff
Access-Control-Allow-Origin: *
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=1, max=500
Content-Length: 94364

GET
H/1.1 403
Forbidden config.json Show response
c.go-mpulse.net/api/ Frame 512E 68 B
346 B 156ms
58ms XHR
application/json 2a02:26f0:ef:2a0::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=TADEN-6MDCS-UHH5M-YHPKQ-2GBH3&d=www.express-delivery-id93982347324000380.poisongroup.org&t=5521437&v=1.720.0&if=&sl=0&si=9afcebe5-4b34-44b7-af5e-108d1052db6f-re72hg&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=265833
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:ef:2a0::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 28 Jun 2022 15:46:31 GMT
Cache-Control: public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 68
Content-Type: application/json

GET
H/1.1 200
OK sdk.config.get Show response
cdns.us1.gigya.com/ 2 KB
1 KB 158ms
38ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.us1.gigya.com/sdk.config.get?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&httpStatusCodes=true
Requested by: Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 9b2693f1d7d545258ce1c6619fbb2c62
Cache-Control: public, max-age=86400, s-maxage=60
x-server: us1d-nomad-g18
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 927

GET
H/1.1 200
OK Api.aspx Show response
cdns.us1.gigya.com/gs/webSdk/ Frame 9F0F 113 KB
41 KB 158ms
41ms Document
text/html 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-35-237-2.deploy.static.akamaitechnologies.com

Software

Resource Hash

0941bca7bb191e6221c6ad042de3005324a8e0531adb74ca26b5765e1ecc5515

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400, s-maxage=3600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 41094
Content-Type: text/html; charset=utf-8
Date: Tue, 28 Jun 2022 15:46:32 GMT
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-callid: a533ff8ccbab40249e7c7a904f789975
x-robots-tag: none
x-server: us1d-nomad-g15
x-soa: true, Gator

GET
H/1.1 200
OK sdk.config.get Show response
cdns.us1.gigya.com/ Frame 9F0F 2 KB
1 KB 42ms
42ms Fetch
text/javascript 23.35.237.2
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdns.us1.gigya.com/sdk.config.get?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&httpStatusCodes=true
Requested by: Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-2.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding: gzip
Content-Type: text/javascript; charset=utf-8
x-soa: true, Gator
Vary: Accept-Encoding
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin: *
x-callid: 9b2693f1d7d545258ce1c6619fbb2c62
Cache-Control: public, max-age=86400, s-maxage=60
x-server: us1d-nomad-g18
Connection: keep-alive
Accept-Ranges: bytes
x-robots-tag: none
Content-Length: 927

GET
H/1.1 200
OK accounts.webSdkBootstrap Show response
accounts.us1.gigya.com/ Frame 9F0F 199 B
1 KB 282ms
140ms XHR
text/javascript 23.205.239.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.us1.gigya.com/accounts.webSdkBootstrap?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&pageURL=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&sdk=js_latest&sdkBuild=13186&format=json
Requested by: Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.205.239.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-239-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ad6e7944fb285e0a5237f5d709eb4b8423f1744e8d5c85f740291dcdbfc96fb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.us1.gigya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
x-soa: true, Gator
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Server-Timing: cdn-cache; desc=MISS, edge; dur=82, origin; dur=21
Content-Length: 168
Cache-Control: private
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: https://cdns.us1.gigya.com
x-callid: eb53477112c64c3b93b8a1304bcfc20e
Connection: keep-alive
x-server: us1d-nomad-g11
Access-Control-Allow-Credentials: true
x-robots-tag: none

GET
H/1.1 200
OK sdk.errorReport Show response
accounts.us1.gigya.com/ Frame 9F0F 177 B
834 B 172ms
171ms XHR
text/javascript 23.205.239.224
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.us1.gigya.com/sdk.errorReport?message=untrusted%20domain&apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&page=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&buildVersion=latest&format=json&sdk=js_latest&details=%7B%22domain%22%3A%22www.express-delivery-id93982347324000380.poisongroup.org%22%2C%22trustedDomains%22%3A%22ups.com%22%7D&pageURL=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&sdkBuild=13186
Requested by: Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.205.239.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-205-239-224.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e2298059e6ea4f8d6994b97b5135bee2a5a9d1f243f936380f7da5c5c213b53c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdns.us1.gigya.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date: Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding: gzip
Vary: Origin, Accept-Encoding
x-soa: true, Gator
p3p: CP="IDC COR PSA DEV ADM OUR IND ONL"
Server-Timing: cdn-cache; desc=MISS, edge; dur=97, origin; dur=36
Content-Length: 154
Cache-Control: private
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: https://cdns.us1.gigya.com
x-callid: ee0d115534da41a79a11ac6776336ceb
Connection: keep-alive
x-server: us1d-nomad-g15
Access-Control-Allow-Credentials: true
x-robots-tag: none

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 128ms
38ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1a90bd18b20e0b6846354a551756deb30c49eeb9706fbff0f4af785e62a26b4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: nHHBorJbsIWA897nREAtUA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1685
x-fb-rlafr: 0
x-fb-debug: cEBkJndrFaSqjzGcPOQJ/P0JWhAAqII/IG2CS2KlTaIP3IterbYqwEKkjOrzh+NUXKCmsVqtvqkxgXVs5gBuGw==
x-fb-trip-id: 917726464
x-fb-content-md5: 0248ef499fc175c95a20f5e423b624b1
x-frame-options: DENY
date: Tue, 28 Jun 2022 15:46:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "e9e35e80757354f15436fa209651c7b3"
timing-allow-origin: *
priority: u=3,i
expires: Tue, 28 Jun 2022 16:05:33 GMT

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 299 KB
85 KB 83ms
39ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=7eec24ab1b73104eedc34fb34edb3087

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

ee098499c693847586192f6467bd798542372e40b76c17d984a0132693406282

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
Origin: https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: XE5GG8j3G5Hzr3x/hrZziw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 87406
x-fb-rlafr: 0
x-fb-debug: BoGI3MXPvn2+vWRcrW8K3kJgixImjkwfo7DRAfXEfiFGdFl9pVDziSc7fX23T7DNjke5AEle+iKcPmgzlJuWmQ==
x-fb-content-md5: cc7fe3cfcfc9fd9ee01be5e13db2ac33
x-frame-options: DENY
date: Tue, 28 Jun 2022 15:46:32 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "dd7349fd7cf9af5c76fa628524bbdbcf"
timing-allow-origin: *
priority: u=3,i
expires: Wed, 28 Jun 2023 07:21:20 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 148ms
60ms Fetch
text/plain 2a03:2880:f12d:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=423058457789860&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2FDelivery-Package-ID-6664402%2F&sdk=joey&wants_cookie_data=true

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=7eec24ab1b73104eedc34fb34edb3087

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
document-policy: force-load-at-top
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: s7174XcpnA+ojScnRyt3/kB7h6caADO9E7inNT1VIgfz+AytpG+oamAr3FjHix2u9Oj5IqeJpj/eOS/sdu9/NA==
fb-s: unknown
date: Tue, 28 Jun 2022 15:46:32 GMT
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.express-delivery-id93982347324000380.poisongroup.org
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.express-delivery-id93982347324000380.poisongroup.org/	1969-12-31 23:59:59	Name: PHPSESSID Value: ej0pcpc2sc2a1vd2un0k05l241
mpsnare.iesnare.com/	1970-01-20 12:52:47	Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef Value: VjDCOzHgxR3uju/7xeFDtJrsNYrVlHFndX2fteQj7Pw=
.www.express-delivery-id93982347324000380.poisongroup.org/	1969-12-31 23:59:59	Name: gig_canary Value: false
.www.express-delivery-id93982347324000380.poisongroup.org/	1969-12-31 23:59:59	Name: gig_canary_ver Value: 13196-3-27607170
.gigya.com/	1970-01-20 12:52:47	Name: gmid Value: gmid.ver4.AcbHlLovFA.8WqrUfUiKIuGVkQcF_25QI5-cOd_5GQL8Ptd9tEQjdCdjRfGgBqT2S2UrEdU2jKt.SvTUVjW-8Pccm-j3AvAIJTZAaf2LxtIPt7nMOVxIKlA9xpVLVSC8krmXxShNuGkQ1eF9zGAGtu2fQdzDtlzpsw.sc3
.gigya.com/	1970-01-20 12:52:47	Name: ucid Value: tjfNmbRrsZZCsnXqbjOeMw
.gigya.com/	1970-01-20 08:30:45	Name: hasGmid Value: ver4
.www.express-delivery-id93982347324000380.poisongroup.org/	1970-01-20 12:52:47	Name: gig_bootstrap_3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd Value: _gigya_ver4

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://c.go-mpulse.net/api/config.json?key=TADEN-6MDCS-UHH5M-YHPKQ-2GBH3&d=www.express-delivery-id93982347324000380.poisongroup.org&t=5521437&v=1.720.0&if=&sl=0&si=9afcebe5-4b34-44b7-af5e-108d1052db6f-re72hg&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=265833 Message: Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.us1.gigya.com
ajax.googleapis.com
c.go-mpulse.net
cdns.gigya.com
cdns.us1.gigya.com
connect.facebook.net
mpsnare.iesnare.com
s.go-mpulse.net
www.express-delivery-id93982347324000380.poisongroup.org
www.facebook.com
www.ups.com
104.75.89.177
164.52.196.83
23.205.239.224
23.35.237.2
2a00:1450:4001:827::200a
2a02:26f0:ef:296::11a6
2a02:26f0:ef:2a0::11a6
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
54.228.71.178
0941bca7bb191e6221c6ad042de3005324a8e0531adb74ca26b5765e1ecc5515
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
1a90bd18b20e0b6846354a551756deb30c49eeb9706fbff0f4af785e62a26b4e
2eefe7794eb868f0ec76ee8ca2e8a377487553b2f689b84db8856eb784a54437
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e
45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022
46fdbe261bb6243b549d1165700de6267f2adf464146950ac4515d5338c53586
499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
709cf508f5136673db4c21624949264d87d2235f057a218827e100066275dc8b
7925545533d98b6d62df6134855e304f9b0dc3a2aad9ae398989f683b6762d43
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3ebbe5cccfbabf1e67669b3dc6dc3792f55cf0153bc6f99a39a8d6328c24b98
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
a48e55eba408d92c3a2653ca845937678c75eabe60cad691debf89c0a2b94872
ad6e7944fb285e0a5237f5d709eb4b8423f1744e8d5c85f740291dcdbfc96fb8
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c578b41854a095f3a7abc3f5413977d05e4e01239225ed53eb23e8c72cc19c5c
cc64a775861240dca5d28cc27282c0662691670118eae4918d79376a0beb042c
e2298059e6ea4f8d6994b97b5135bee2a5a9d1f243f936380f7da5c5c213b53c
ea5ad9dbf40be2f14f4e581727ef790f1defab383d757d5f9be95dde695de1b0
ee098499c693847586192f6467bd798542372e40b76c17d984a0132693406282
f79a125173bb6cefbbac05c2bb6712487907bf60ea66bc7272631cbd3d06a0ac
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

www.express-delivery-id93982347324000380.poisongroup.org Open in urlscan Pro 164.52.196.83 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

25 Requests

100 %HTTPS

50 %IPv6

8 Domains

11 Subdomains

11 IPs

3 Countries

1012 kBTransfer

2823 kBSize

8 Cookies

9 Outgoing links

Page URL History

Redirected requests

25 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

98 JavaScript Global Variables

www.express-delivery-id93982347324000380.poisongroup.org Open in urlscan Pro
164.52.196.83 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

25
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

11
Subdomains

11
IPs

3
Countries

1012 kB
Transfer

2823 kB
Size

8
Cookies

25 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!