www.express-delivery-id93982347324000380.poisongroup.org Open in urlscan Pro
164.52.196.83  Malicious Activity! Public Scan

Submitted URL: https://www.express-delivery-id93982347324000380.poisongroup.org/
Effective URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Submission: On June 28 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 25 HTTP transactions. The main IP is 164.52.196.83, located in Imphal, India and belongs to E2E-NETWORKS-IN 282, Sector 19, IN. The main domain is www.express-delivery-id93982347324000380.poisongroup.org.
TLS certificate: Issued by cPanel, Inc. Certification Authority on June 28th 2022. Valid for: 3 months.
This is the only time www.express-delivery-id93982347324000380.poisongroup.org was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

IP Address AS Autonomous System
2 11 164.52.196.83 132420 (E2E-NETWO...)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.75.89.177 16625 (AKAMAI-AS)
2 54.228.71.178 16509 (AMAZON-02)
4 23.35.237.2 16625 (AKAMAI-AS)
1 2a02:26f0:ef:... 20940 (AKAMAI-ASN1)
1 2a02:26f0:ef:... 20940 (AKAMAI-ASN1)
2 23.205.239.224 16625 (AKAMAI-AS)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2a03:2880:f12... 32934 (FACEBOOK)
25 11
Apex Domain
Subdomains
Transfer
11 poisongroup.org
www.express-delivery-id93982347324000380.poisongroup.org
598 KB
6 gigya.com
cdns.gigya.com — Cisco Umbrella Rank: 6395
cdns.us1.gigya.com — Cisco Umbrella Rank: 7798
accounts.us1.gigya.com — Cisco Umbrella Rank: 18224
194 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 155
88 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1204
c.go-mpulse.net — Cisco Umbrella Rank: 513
50 KB
2 iesnare.com
mpsnare.iesnare.com — Cisco Umbrella Rank: 5135
14 KB
2 ups.com
www.ups.com — Cisco Umbrella Rank: 7050
2 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
1 googleapis.com
ajax.googleapis.com — Cisco Umbrella Rank: 307
31 KB
25 8
Domain Requested by
11 www.express-delivery-id93982347324000380.poisongroup.org 2 redirects www.express-delivery-id93982347324000380.poisongroup.org
3 cdns.us1.gigya.com cdns.gigya.com
cdns.us1.gigya.com
2 connect.facebook.net cdns.gigya.com
connect.facebook.net
2 accounts.us1.gigya.com cdns.us1.gigya.com
2 mpsnare.iesnare.com www.express-delivery-id93982347324000380.poisongroup.org
mpsnare.iesnare.com
2 www.ups.com www.express-delivery-id93982347324000380.poisongroup.org
1 www.facebook.com connect.facebook.net
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net www.express-delivery-id93982347324000380.poisongroup.org
1 cdns.gigya.com www.express-delivery-id93982347324000380.poisongroup.org
1 ajax.googleapis.com www.express-delivery-id93982347324000380.poisongroup.org
25 11

This site contains links to these domains. Also see Links.

Domain
www.ups.com
wwwapps.ups.com
about.ups.com
www.investors.ups.com
www.jobs-ups.com
upscapital.com
Subject Issuer Validity Valid
express-delivery-id93982347324000380.poisongroup.org
cPanel, Inc. Certification Authority
2022-06-28 -
2022-09-26
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-06-06 -
2022-08-29
3 months crt.sh
www.ups.com
COMODO RSA Organization Validation Secure Server CA
2022-01-18 -
2023-01-18
a year crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA
2022-04-29 -
2023-05-23
a year crt.sh
cdns.gigya.com
DigiCert SHA2 Secure Server CA
2022-02-04 -
2023-02-04
a year crt.sh
akstat.io
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-04-15 -
2023-04-19
a year crt.sh
gigya.com
GeoTrust RSA CA 2018
2022-02-03 -
2023-02-03
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-04-07 -
2022-07-06
3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Frame ID: E59A54211AA44DE810E545E4F4A666BE
Requests: 20 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Frame ID: 512EA19A1E1A20AEE65D27F5C6FF1A3B
Requests: 2 HTTP requests in this frame

Frame: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Frame ID: 9F0F4DA17DA7975E69A9E0EECB3A6FB5
Requests: 4 HTTP requests in this frame

Screenshot

Page Title

UPS - Germany

Page URL History Show full URLs

  1. https://www.express-delivery-id93982347324000380.poisongroup.org/ HTTP 302
    https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402 HTTP 301
    https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.gigya\.com/JS/gigya\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

11
Subdomains

11
IPs

3
Countries

1012 kB
Transfer

2823 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.express-delivery-id93982347324000380.poisongroup.org/ HTTP 302
    https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402 HTTP 301
    https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

25 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Redirect Chain
  • https://www.express-delivery-id93982347324000380.poisongroup.org/
  • https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402
  • https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
37 KB
9 KB
Document
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
7925545533d98b6d62df6134855e304f9b0dc3a2aad9ae398989f683b6762d43

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
9014
Content-Type
text/html; charset=UTF-8
Date
Tue, 28 Jun 2022 15:46:29 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=1, max=498
Pragma
no-cache
Server
Apache
Vary
Accept-Encoding

Redirect headers

Connection
Keep-Alive
Content-Length
301
Content-Type
text/html; charset=iso-8859-1
Date
Tue, 28 Jun 2022 15:46:29 GMT
Keep-Alive
timeout=1, max=499
Location
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Server
Apache
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/
87 KB
31 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:07:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2358
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31021
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 28 Jun 2023 15:07:12 GMT
ups.vendor.54f3c2d83b58.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/
134 KB
22 KB
Stylesheet
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.vendor.54f3c2d83b58.css
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding
gzip
Last-Modified
Sun, 19 Dec 2021 21:01:40 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=497
Content-Length
22638
ups.styles.980b6f0cd47e.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/
231 KB
100 KB
Stylesheet
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
46fdbe261bb6243b549d1165700de6267f2adf464146950ac4515d5338c53586

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding
gzip
Last-Modified
Sun, 19 Dec 2021 21:09:18 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, public
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=500
ups.modules.7159dcc6fb29.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/
738 KB
83 KB
Stylesheet
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.modules.7159dcc6fb29.css
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
709cf508f5136673db4c21624949264d87d2235f057a218827e100066275dc8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding
gzip
Last-Modified
Sun, 19 Dec 2021 21:01:36 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, public
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=500
ups.widgets.7e2315c2b219.css
www.express-delivery-id93982347324000380.poisongroup.org/assets/css/
69 KB
9 KB
Stylesheet
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.widgets.7e2315c2b219.css
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
f79a125173bb6cefbbac05c2bb6712487907bf60ea66bc7272631cbd3d06a0ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:30 GMT
Content-Encoding
gzip
Last-Modified
Sun, 19 Dec 2021 21:01:34 GMT
Server
Apache
Vary
Accept-Encoding
Content-Type
text/css
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=496
Content-Length
8522
UPS_logo.svg
www.ups.com/assets/resources/images/
2 KB
1 KB
Image
General
Full URL
https://www.ups.com/assets/resources/images/UPS_logo.svg
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.177 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-177.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:46:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server-timing
cdn-cache; desc=HIT, edge; dur=1
content-length
1086
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
same-origin
last-modified
Thu, 23 Jun 2022 06:22:01 GMT
server
Akamai Resource Optimizer
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
image/svg+xml
cache-control
no-cache="Set-Cookie"
accept-ranges
bytes
expires
Tue, 28 Jun 2022 15:46:31 GMT
snare.js
mpsnare.iesnare.com/
38 KB
13 KB
Script
General
Full URL
https://mpsnare.iesnare.com/snare.js
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ea5ad9dbf40be2f14f4e581727ef790f1defab383d757d5f9be95dde695de1b0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding
gzip
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
0
gigya.js
cdns.gigya.com/JS/
454 KB
149 KB
Script
General
Full URL
https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2eefe7794eb868f0ec76ee8ca2e8a377487553b2f689b84db8856eb784a54437

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding
gzip
Content-Type
text/javascript; charset=utf-8
x-soa
true, Gator
Vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin
*
x-callid
bd97080592544df68211ed7dc00f6abf
Cache-Control
public, max-age=900, s-maxage=3600
x-server
us1d-nomad-g1
Connection
keep-alive
x-robots-tag
none
Content-Length
151823
Expires
Tue, 28 Jun 2022 16:01:31 GMT
icp.gif
www.ups.com/img/
43 B
381 B
Image
General
Full URL
https://www.ups.com/img/icp.gif
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.177 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-177.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Jun 2022 15:46:31 GMT
x-content-type-options
nosniff
last-modified
Wed, 29 Apr 2015 19:29:01 GMT
server
Apache
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000 ; includeSubDomains
content-type
image/gif
cache-control
no-cache="Set-Cookie"
debug-ak-tls
No bypass
server-timing
cdn-cache; desc=HIT, edge; dur=1
accept-ranges
bytes
content-length
43
x-xss-protection
1; mode=block
expires
Tue, 28 Jun 2022 15:46:31 GMT
TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
s.go-mpulse.net/boomerang/ Frame 512E
205 KB
49 KB
Script
General
Full URL
https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/Delivery-Package-ID-6664402/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:ef:296::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

date
Tue, 28 Jun 2022 15:46:31 GMT
content-encoding
br
last-modified
Mon, 06 Jun 2022 03:54:34 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
timing-allow-origin
*
content-length
50393
truncated
/
36 KB
36 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a48e55eba408d92c3a2653ca845937678c75eabe60cad691debf89c0a2b94872

Request headers

Referer
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
Roboto-Light.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/
91 KB
92 KB
Font
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Light.woff
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
c578b41854a095f3a7abc3f5413977d05e4e01239225ed53eb23e8c72cc19c5c

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified
Sun, 19 Dec 2021 21:05:40 GMT
Server
Apache
Content-Type
font/woff
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=499
Content-Length
93472
Roboto-Regular.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/
92 KB
92 KB
Font
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Regular.woff
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified
Sun, 19 Dec 2021 21:08:40 GMT
Server
Apache
Content-Type
font/woff
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=499
Content-Length
93784
Roboto-Italic.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/
97 KB
97 KB
Font
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Italic.woff
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
a3ebbe5cccfbabf1e67669b3dc6dc3792f55cf0153bc6f99a39a8d6328c24b98

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified
Sun, 19 Dec 2021 21:08:34 GMT
Server
Apache
Content-Type
font/woff
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=495
Content-Length
99428
logo.js
mpsnare.iesnare.com/script/
96 B
610 B
Script
General
Full URL
https://mpsnare.iesnare.com/script/logo.js
Requested by
Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cc64a775861240dca5d28cc27282c0662691670118eae4918d79376a0beb042c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Accept-CH
ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control
private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
Wed, 28 Jun 2023 15:46:31 GMT
Roboto-Medium.woff
www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/
92 KB
92 KB
Font
General
Full URL
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/fonts/Roboto-Medium.woff
Requested by
Host: www.express-delivery-id93982347324000380.poisongroup.org
URL: https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
164.52.196.83 Imphal, India, ASN132420 (E2E-NETWORKS-IN 282, Sector 19, IN),
Reverse DNS
server.schoolerpindia.in
Software
Apache /
Resource Hash
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/assets/css/ups.styles.980b6f0cd47e.css
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Last-Modified
Sun, 19 Dec 2021 21:08:28 GMT
Server
Apache
Content-Type
font/woff
Access-Control-Allow-Origin
*
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=1, max=500
Content-Length
94364
config.json
c.go-mpulse.net/api/ Frame 512E
68 B
346 B
XHR
General
Full URL
https://c.go-mpulse.net/api/config.json?key=TADEN-6MDCS-UHH5M-YHPKQ-2GBH3&d=www.express-delivery-id93982347324000380.poisongroup.org&t=5521437&v=1.720.0&if=&sl=0&si=9afcebe5-4b34-44b7-af5e-108d1052db6f-re72hg&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=265833
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/TADEN-6MDCS-UHH5M-YHPKQ-2GBH3
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2a02:26f0:ef:2a0::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 28 Jun 2022 15:46:31 GMT
Cache-Control
public, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
68
Content-Type
application/json
sdk.config.get
cdns.us1.gigya.com/
2 KB
1 KB
Fetch
General
Full URL
https://cdns.us1.gigya.com/sdk.config.get?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&httpStatusCodes=true
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:31 GMT
Content-Encoding
gzip
Content-Type
text/javascript; charset=utf-8
x-soa
true, Gator
Vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin
*
x-callid
9b2693f1d7d545258ce1c6619fbb2c62
Cache-Control
public, max-age=86400, s-maxage=60
x-server
us1d-nomad-g18
Connection
keep-alive
Accept-Ranges
bytes
x-robots-tag
none
Content-Length
927
Api.aspx
cdns.us1.gigya.com/gs/webSdk/ Frame 9F0F
113 KB
41 KB
Document
General
Full URL
https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0941bca7bb191e6221c6ad042de3005324a8e0531adb74ca26b5765e1ecc5515
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400, s-maxage=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Length
41094
Content-Type
text/html; charset=utf-8
Date
Tue, 28 Jun 2022 15:46:32 GMT
Vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-callid
a533ff8ccbab40249e7c7a904f789975
x-robots-tag
none
x-server
us1d-nomad-g15
x-soa
true, Gator
sdk.config.get
cdns.us1.gigya.com/ Frame 9F0F
2 KB
1 KB
Fetch
General
Full URL
https://cdns.us1.gigya.com/sdk.config.get?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&httpStatusCodes=true
Requested by
Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.35.237.2 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-35-237-2.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding
gzip
Content-Type
text/javascript; charset=utf-8
x-soa
true, Gator
Vary
Accept-Encoding
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
Access-Control-Allow-Origin
*
x-callid
9b2693f1d7d545258ce1c6619fbb2c62
Cache-Control
public, max-age=86400, s-maxage=60
x-server
us1d-nomad-g18
Connection
keep-alive
Accept-Ranges
bytes
x-robots-tag
none
Content-Length
927
accounts.webSdkBootstrap
accounts.us1.gigya.com/ Frame 9F0F
199 B
1 KB
XHR
General
Full URL
https://accounts.us1.gigya.com/accounts.webSdkBootstrap?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&pageURL=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&sdk=js_latest&sdkBuild=13186&format=json
Requested by
Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.239.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-239-224.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ad6e7944fb285e0a5237f5d709eb4b8423f1744e8d5c85f740291dcdbfc96fb8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdns.us1.gigya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding
gzip
Vary
Origin, Accept-Encoding
x-soa
true, Gator
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
Server-Timing
cdn-cache; desc=MISS, edge; dur=82, origin; dur=21
Content-Length
168
Cache-Control
private
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
https://cdns.us1.gigya.com
x-callid
eb53477112c64c3b93b8a1304bcfc20e
Connection
keep-alive
x-server
us1d-nomad-g11
Access-Control-Allow-Credentials
true
x-robots-tag
none
sdk.errorReport
accounts.us1.gigya.com/ Frame 9F0F
177 B
834 B
XHR
General
Full URL
https://accounts.us1.gigya.com/sdk.errorReport?message=untrusted%20domain&apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&page=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&buildVersion=latest&format=json&sdk=js_latest&details=%7B%22domain%22%3A%22www.express-delivery-id93982347324000380.poisongroup.org%22%2C%22trustedDomains%22%3A%22ups.com%22%7D&pageURL=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2F&sdkBuild=13186
Requested by
Host: cdns.us1.gigya.com
URL: https://cdns.us1.gigya.com/gs/webSdk/Api.aspx?apiKey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd&version=latest&build=13186
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.239.224 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-239-224.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e2298059e6ea4f8d6994b97b5135bee2a5a9d1f243f936380f7da5c5c213b53c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cdns.us1.gigya.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

Date
Tue, 28 Jun 2022 15:46:32 GMT
Content-Encoding
gzip
Vary
Origin, Accept-Encoding
x-soa
true, Gator
p3p
CP="IDC COR PSA DEV ADM OUR IND ONL"
Server-Timing
cdn-cache; desc=MISS, edge; dur=97, origin; dur=36
Content-Length
154
Cache-Control
private
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,PUT,DELETE,HEAD,OPTIONS,POST,PATCH
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
https://cdns.us1.gigya.com
x-callid
ee0d115534da41a79a11ac6776336ceb
Connection
keep-alive
x-server
us1d-nomad-g15
Access-Control-Allow-Credentials
true
x-robots-tag
none
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: cdns.gigya.com
URL: https://cdns.gigya.com/JS/gigya.js?apikey=3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1a90bd18b20e0b6846354a551756deb30c49eeb9706fbff0f4af785e62a26b4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
nHHBorJbsIWA897nREAtUA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
1685
x-fb-rlafr
0
x-fb-debug
cEBkJndrFaSqjzGcPOQJ/P0JWhAAqII/IG2CS2KlTaIP3IterbYqwEKkjOrzh+NUXKCmsVqtvqkxgXVs5gBuGw==
x-fb-trip-id
917726464
x-fb-content-md5
0248ef499fc175c95a20f5e423b624b1
x-frame-options
DENY
date
Tue, 28 Jun 2022 15:46:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"e9e35e80757354f15436fa209651c7b3"
timing-allow-origin
*
priority
u=3,i
expires
Tue, 28 Jun 2022 16:05:33 GMT
sdk.js
connect.facebook.net/en_US/
299 KB
85 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=7eec24ab1b73104eedc34fb34edb3087
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee098499c693847586192f6467bd798542372e40b76c17d984a0132693406282
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
Origin
https://www.express-delivery-id93982347324000380.poisongroup.org
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
XE5GG8j3G5Hzr3x/hrZziw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
87406
x-fb-rlafr
0
x-fb-debug
BoGI3MXPvn2+vWRcrW8K3kJgixImjkwfo7DRAfXEfiFGdFl9pVDziSc7fX23T7DNjke5AEle+iKcPmgzlJuWmQ==
x-fb-content-md5
cc7fe3cfcfc9fd9ee01be5e13db2ac33
x-frame-options
DENY
date
Tue, 28 Jun 2022 15:46:32 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"dd7349fd7cf9af5c76fa628524bbdbcf"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 28 Jun 2023 07:21:20 GMT
status
www.facebook.com/x/oauth/
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?client_id=423058457789860&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.express-delivery-id93982347324000380.poisongroup.org%2FDelivery-Package-ID-6664402%2F&sdk=joey&wants_cookie_data=true
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=7eec24ab1b73104eedc34fb34edb3087
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.express-delivery-id93982347324000380.poisongroup.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.53 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
s7174XcpnA+ojScnRyt3/kB7h6caADO9E7inNT1VIgfz+AytpG+oamAr3FjHix2u9Oj5IqeJpj/eOS/sdu9/NA==
fb-s
unknown
date
Tue, 28 Jun 2022 15:46:32 GMT
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.express-delivery-id93982347324000380.poisongroup.org
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

98 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| $ function| jQuery string| BOOMR_API_key object| BOOMR number| BOOMR_lstart string| expand string| collapse string| wems_country string| wems_locale string| wems_ts string| wems_ext_locale object| obj_live_chat undefined| $location string| rightRailLabel string| io_operation string| io_bbout_element_id boolean| io_install_flash boolean| io_install_stm number| io_exclude_stm string| io_install_stm_error_handler object| bb string| bb_contents number| bb_min_time number| bb_max_time number| bb_time_incr number| bb_max_upd_time number| start_time number| bb_update_time function| waitforbb string| _i_a string| localObjectName function| __if_a function| __if_b function| __if_c object| _i_d object| _i_o object| _i_z object| _i_aa object| _i_ac object| _i_cr function| __if_d object| io_adp function| __if_e object| _i_dt function| __if_f function| iov_fl_cb function| iov_fl_fn function| iov_fl_get_value function| __if_g object| io_dp function| __if_h function| ioGetBlackbox object| io_cm function| __if_i object| _i_fm object| _i_fn object| _i_fo object| _i_dl object| _i_fp function| __if_j function| __if_k number| _i_fq function| __if_l number| _i_fs function| __if_m string| io_last_error object| IGLOO string| io_stm_cab_url string| io_flash_needs_update_handler boolean| io_enable_rip object| io_flash_blacklist object| io_flash_whitelist string| io_min_flash_in_firefox_version string| io_min_flash_in_firefox_linux_version string| io_min_flash_version string| _i_dw number| _i_g number| _i_bl object| BOOMR_mq object| gigya undefined| pwShown function| login function| onLoad function| onLoginHandler function| onLogoutHandler number| BOOMR_onload function| fbAsyncInit object| FB

8 Cookies

Domain/Path Name / Value
www.express-delivery-id93982347324000380.poisongroup.org/ Name: PHPSESSID
Value: ej0pcpc2sc2a1vd2un0k05l241
mpsnare.iesnare.com/ Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef
Value: VjDCOzHgxR3uju/7xeFDtJrsNYrVlHFndX2fteQj7Pw=
.www.express-delivery-id93982347324000380.poisongroup.org/ Name: gig_canary
Value: false
.www.express-delivery-id93982347324000380.poisongroup.org/ Name: gig_canary_ver
Value: 13196-3-27607170
.gigya.com/ Name: gmid
Value: gmid.ver4.AcbHlLovFA.8WqrUfUiKIuGVkQcF_25QI5-cOd_5GQL8Ptd9tEQjdCdjRfGgBqT2S2UrEdU2jKt.SvTUVjW-8Pccm-j3AvAIJTZAaf2LxtIPt7nMOVxIKlA9xpVLVSC8krmXxShNuGkQ1eF9zGAGtu2fQdzDtlzpsw.sc3
.gigya.com/ Name: ucid
Value: tjfNmbRrsZZCsnXqbjOeMw
.gigya.com/ Name: hasGmid
Value: ver4
.www.express-delivery-id93982347324000380.poisongroup.org/ Name: gig_bootstrap_3_iCVSE9Ao6y9HITzXCDEN85YkhAnYbAuW1a6LOUnRKPEcwU_QCjFz7q_a1qfN5Vgd
Value: _gigya_ver4

1 Console Messages

Source Level URL
Text
network error URL: https://c.go-mpulse.net/api/config.json?key=TADEN-6MDCS-UHH5M-YHPKQ-2GBH3&d=www.express-delivery-id93982347324000380.poisongroup.org&t=5521437&v=1.720.0&if=&sl=0&si=9afcebe5-4b34-44b7-af5e-108d1052db6f-re72hg&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=265833
Message:
Failed to load resource: the server responded with a status of 403 (Forbidden)

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.us1.gigya.com
ajax.googleapis.com
c.go-mpulse.net
cdns.gigya.com
cdns.us1.gigya.com
connect.facebook.net
mpsnare.iesnare.com
s.go-mpulse.net
www.express-delivery-id93982347324000380.poisongroup.org
www.facebook.com
www.ups.com
104.75.89.177
164.52.196.83
23.205.239.224
23.35.237.2
2a00:1450:4001:827::200a
2a02:26f0:ef:296::11a6
2a02:26f0:ef:2a0::11a6
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
54.228.71.178
0941bca7bb191e6221c6ad042de3005324a8e0531adb74ca26b5765e1ecc5515
09ebd7f407439990aac227e70da23e1a819e8e30282928e324370805f480bec4
1a90bd18b20e0b6846354a551756deb30c49eeb9706fbff0f4af785e62a26b4e
2eefe7794eb868f0ec76ee8ca2e8a377487553b2f689b84db8856eb784a54437
3217a6955b600825965f424d1cf73bc156ade880bcb4e16760cfe1771e2da89e
45e8aa7ebbca7aa7be5e368b6b3bbb80c5f10fdccadfe603d9126c151991d022
46fdbe261bb6243b549d1165700de6267f2adf464146950ac4515d5338c53586
499ad7cb97bd14b062cd3e4b9a74e530d130e0d7237a6633125a2221b69d5b2f
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
709cf508f5136673db4c21624949264d87d2235f057a218827e100066275dc8b
7925545533d98b6d62df6134855e304f9b0dc3a2aad9ae398989f683b6762d43
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a3ebbe5cccfbabf1e67669b3dc6dc3792f55cf0153bc6f99a39a8d6328c24b98
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
a48e55eba408d92c3a2653ca845937678c75eabe60cad691debf89c0a2b94872
ad6e7944fb285e0a5237f5d709eb4b8423f1744e8d5c85f740291dcdbfc96fb8
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c578b41854a095f3a7abc3f5413977d05e4e01239225ed53eb23e8c72cc19c5c
cc64a775861240dca5d28cc27282c0662691670118eae4918d79376a0beb042c
e2298059e6ea4f8d6994b97b5135bee2a5a9d1f243f936380f7da5c5c213b53c
ea5ad9dbf40be2f14f4e581727ef790f1defab383d757d5f9be95dde695de1b0
ee098499c693847586192f6467bd798542372e40b76c17d984a0132693406282
f79a125173bb6cefbbac05c2bb6712487907bf60ea66bc7272631cbd3d06a0ac
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d