ups-tracking-id56237.dynnamn.ru
Open in
urlscan Pro
190.14.37.121
Malicious Activity!
Public Scan
Submitted URL: https://ups-track.id45114.delivery/redelivery#id36781
Effective URL: https://ups-tracking-id56237.dynnamn.ru/us/en/homepage
Submission: On August 08 via api from US — Scanned from PT
Effective URL: https://ups-tracking-id56237.dynnamn.ru/us/en/homepage
Submission: On August 08 via api from US — Scanned from PT
Summary
This website contacted 8 IPs
in 4 countries
across 7 domains to perform 23 HTTP transactions.
The main IP is 190.14.37.121, located in
Panama and
belongs to Offshore Racks S.A, PA.
The main domain is ups-tracking-id56237.dynnamn.ru.
TLS certificate: Issued by R3 on August 7th 2023. Valid for: 3 months.
This is the only time ups-tracking-id56237.dynnamn.ru was scanned on urlscan.io!
TLS certificate: Issued by R3 on August 7th 2023. Valid for: 3 months.
This is the only time ups-tracking-id56237.dynnamn.ru was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 192.99.75.200 192.99.75.200 | 16276 (OVH) (OVH) | |
| 1 | 142.250.186.168 142.250.186.168 | 15169 (GOOGLE) (GOOGLE) | |
| 1 | 142.250.185.170 142.250.185.170 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 157.240.251.9 157.240.251.9 | 32934 (FACEBOOK) (FACEBOOK) | |
| 1 | 142.250.184.238 142.250.184.238 | 15169 (GOOGLE) (GOOGLE) | |
| 2 | 157.240.0.35 157.240.0.35 | 32934 (FACEBOOK) (FACEBOOK) | |
| 1 13 | 190.14.37.121 190.14.37.121 | 52469 (Offshore ...) (Offshore Racks S.A) | |
| 23 | 8 |
1
192.99.75.200
(Montreal, Canada)
ASN16276 (OVH, FR)
PTR: ip200.ip-192-99-75.net
ASN16276 (OVH, FR)
PTR: ip200.ip-192-99-75.net
| ups-track.id45114.delivery |
1
142.250.186.168
(Grosse Pointe, United States)
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f8.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f8.1e100.net
| www.googletagmanager.com |
1
142.250.185.170
(Grosse Pointe, United States)
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f10.1e100.net
| fonts.googleapis.com |
2
157.240.251.9
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net
| connect.facebook.net |
1
142.250.184.238
(Grosse Pointe, United States)
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f14.1e100.net
| www.google-analytics.com |
2
157.240.0.35
(Frankfurt am Main, Germany)
ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com
ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra3.facebook.com
| www.facebook.com |
13
190.14.37.121
(Panama)
ASN52469 (Offshore Racks S.A, PA)
PTR: mta2.expeditedbizfunding.com
ASN52469 (Offshore Racks S.A, PA)
PTR: mta2.expeditedbizfunding.com
| ups-tracking-id56237.dynnamn.ru |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 13 |
dynnamn.ru
ups-tracking-id56237.dynnamn.ru Failed |
1 MB |
| 2 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 107 |
216 B |
| 2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170 |
134 KB |
| 1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 55 |
262 B |
| 1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 77 |
866 B |
| 1 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 73 |
80 KB |
| 1 |
id45114.delivery
ups-track.id45114.delivery |
3 KB |
| 23 | 7 |
| Domain | Requested by | |
|---|---|---|
| 13 | ups-tracking-id56237.dynnamn.ru |
ups-track.id45114.delivery
ups-tracking-id56237.dynnamn.ru |
| 2 | www.facebook.com | |
| 2 | connect.facebook.net |
ups-track.id45114.delivery
connect.facebook.net |
| 1 | www.google-analytics.com |
www.googletagmanager.com
|
| 1 | fonts.googleapis.com |
ups-track.id45114.delivery
|
| 1 | www.googletagmanager.com |
ups-track.id45114.delivery
|
| 1 | ups-track.id45114.delivery | |
| 23 | 7 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| ups-track.id45114.delivery R3 |
2023-08-07 - 2023-11-05 |
3 months | crt.sh |
| *.google-analytics.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
| upload.video.google.com GTS CA 1C3 |
2023-07-10 - 2023-10-02 |
3 months | crt.sh |
| *.facebook.com DigiCert SHA2 High Assurance Server CA |
2023-05-17 - 2023-08-15 |
3 months | crt.sh |
| ups-tracking-id56237.dynnamn.ru R3 |
2023-08-07 - 2023-11-05 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://ups-tracking-id56237.dynnamn.ru/us/en/homepage
Frame ID: 10C870AB929E677D7488A49A6FCBF5EE
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Global Shipping & Logistics Services | UPS - United StatesPage URL History Show full URLs
- https://ups-track.id45114.delivery/redelivery Page URL
-
https://ups-tracking-id56237.dynnamn.ru/?track
HTTP 302
https://ups-tracking-id56237.dynnamn.ru/us/en/homepage Page URL
Detected technologies
Datadome
(Miscellaneous)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Facebook
(Widgets)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Google Analytics
(Analytics)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
Google Tag Manager
(Tag Managers)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- googletagmanager\.com/gtag/js
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://ups-track.id45114.delivery/redelivery Page URL
-
https://ups-tracking-id56237.dynnamn.ru/?track
HTTP 302
https://ups-tracking-id56237.dynnamn.ru/us/en/homepage Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
23 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H/1.1 |
redelivery
ups-track.id45114.delivery/ |
6 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
js
www.googletagmanager.com/gtag/ |
227 KB 80 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css
fonts.googleapis.com/ |
3 KB 866 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
fbevents.js
connect.facebook.net/en_US/ |
172 KB 47 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
194243278145610
connect.facebook.net/signals/config/ |
305 KB 87 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H2 |
collect
www.google-analytics.com/g/ |
0 262 B |
Ping
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
/
ups-tracking-id56237.dynnamn.ru/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
0 185 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Primary Request
homepage
ups-tracking-id56237.dynnamn.ru/us/en/ Redirect Chain
|
20 KB 21 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
/
www.facebook.com/tr/ |
0 31 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
collect
www.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST |
collect
www.google-analytics.com/g/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ups_0021.css
ups-tracking-id56237.dynnamn.ru/assets/css/ |
149 KB 149 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
ups1.css
ups-tracking-id56237.dynnamn.ru/assets/css/ |
285 KB 286 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
css.css
ups-tracking-id56237.dynnamn.ru/assets/css/ |
7 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
UPS_logo.svg
ups-tracking-id56237.dynnamn.ru/assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
jquery.js
ups-tracking-id56237.dynnamn.ru/assets/js/ |
401 KB 401 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
mask.js
ups-tracking-id56237.dynnamn.ru/assets/js/ |
28 KB 28 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
social.jpg
ups-tracking-id56237.dynnamn.ru/assets/images/ |
6 KB 6 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Regular.woff
ups-tracking-id56237.dynnamn.ru/assets/fonts/ |
92 KB 92 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Medium.woff
ups-tracking-id56237.dynnamn.ru/assets/fonts/ |
92 KB 92 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
Roboto-Bold.woff
ups-tracking-id56237.dynnamn.ru/assets/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H/1.1 |
20220401-JTBD-US-MAEVE.webp
ups-tracking-id56237.dynnamn.ru/assets/img/ |
41 KB 42 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- ups-tracking-id56237.dynnamn.ru
- URL
- https://ups-tracking-id56237.dynnamn.ru/?track
- Domain
- www.google-analytics.com
- URL
- https://www.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y>m=45je3820&_p=928200420&cid=1647147606.1691454638&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1691454637&sct=1&seg=0&dl=https%3A%2F%2Fups-track.id45114.delivery%2Fredelivery&dt=Pixelfy.me&en=scroll&epn.percent_scrolled=90&_et=4
- Domain
- www.google-analytics.com
- URL
- https://www.google-analytics.com/g/collect?v=2&tid=G-1QBJ2GPV5Y>m=45je3820&_p=928200420&cid=1647147606.1691454638&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=3&sid=1691454637&sct=1&seg=0&dl=https%3A%2F%2Fups-track.id45114.delivery%2Fredelivery&dt=Pixelfy.me&en=user_engagement&_et=1445
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery6 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| .id45114.delivery/ | Name: datadome Value: 7rfTSCHaQtMpeHp_ILfV8ip5wuYzTvusRHGNday~vN9jZEXq1bFLASCvYEVF_nHdEAgI4drylDyQT0RiGCINK2bK6OqM7U870rsD1-A41RhCfGbeV6OLTLOlr7yhYtC~ |
|
| .id45114.delivery/ | Name: _ga Value: GA1.1.1647147606.1691454638 |
|
| .id45114.delivery/ | Name: _fbp Value: fb.1.1691454637928.1237382201 |
|
| ups-tracking-id56237.dynnamn.ru/ | Name: XSRF-TOKEN Value: eyJpdiI6IkRqSTZBQk5Qd1BlUDhVMktSajVBSmc9PSIsInZhbHVlIjoia0hHT2UyRlFzZW9FUFpPMllGc3hZeEJCaWE2WkpwejA5ckw0aGZrL0FoUnlpUEJJbFVlVFNmYkhVTE5tT1gvZUFxSmFSV0R5YkJ4VCtNLzB5WTFtU21WajlTWVhqNTZjZ0FyMzRMWTY4aG5QUTN5cGFVemNaNnRoYkZ2K21JRWYiLCJtYWMiOiJmMWM4MjUyNDBkOWY5NWRhM2JlZTUwZTExYTQ1OWFmNzI3NzQ5ZDQwODc3ODJkMWRjZDY1YTExYzY3OWQ2NWU4IiwidGFnIjoiIn0%3D |
|
| ups-tracking-id56237.dynnamn.ru/ | Name: g_project_session Value: eyJpdiI6InhiTDRsRkhmWEZGOUNBeDZ0ckJlL1E9PSIsInZhbHVlIjoiWlk5TmFiaHFleDlRYk10dEZIYUowTEZEZXo5VDRiT2crc0MvOGdZbkVYampNbnFZR1NKRktBcjhBcGdDVHpUTWNmT29ESEdWbHZ6dFV4MDlZblM0bnJqckFZdUI1VE5XVk4xb2VvREY5WmFzUXpBUHUvWk45NFpsSkc4V3ZmYzQiLCJtYWMiOiJlZjlkNzgxN2E3NDBlNDM5ZWYxYzlmMzhiZTEzMWM5ZGQ1ZGNhNTUxNzU5M2VkYjljM2Y5ZGY2NGViMzNiYzljIiwidGFnIjoiIn0%3D |
|
| .id45114.delivery/ | Name: _ga_1QBJ2GPV5Y Value: GS1.1.1691454637.1.0.1691454639.0.0.0 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
connect.facebook.net
fonts.googleapis.com
ups-track.id45114.delivery
ups-tracking-id56237.dynnamn.ru
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
ups-tracking-id56237.dynnamn.ru
www.google-analytics.com
142.250.184.238
142.250.185.170
142.250.186.168
157.240.0.35
157.240.251.9
190.14.37.121
192.99.75.200
0754b9cbd13e7edd9c521709faeeeefc176d3d25050b467f1149213159da12f4
49af6cc91ac5c40d2c7be2ef063aae41ddace19d7cc2f7920aff313be0da969d
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
88a3221583a03c89a4a19fb4511950c9e956d6a469fbd3e0e5cbd275bbf72d5c
8982fb287363f6161638cefed6142aec98a25c91e7c999f7ec3b0489c4815f74
8cbc10ee9755ef972000f666711a5c4d0e025d3cedf53079ba3bfd8f2b19a968
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
a81d6653e6edbd6ce29c63ce4b11c98e2c64ec79d2ab980a0ffbeb2322e14b5a
ba2b07db7325c8d7378441166a09873cd96b053fa315e99933625b97748ba45d
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c525928950f8fef0ff20ee8ebd93e4e22e33db2e5601c6980d760c16bda0a7e7
d1fb678c9385de1e8451e849016b8a66877ea23488ed34b0ca6f8ad9ba60f4a8
d2a00187782e53d0b4e98f8c701550b934641c19962e083df0cf4ff2cf96e6a5
d2d0f4951471ac28bc4084acec16ff110c6de4e76118e836affd556c55f1a392
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b
fe2cee52614c95965daebca42a5be71f84776746aed846f57b4fc7ed29757abc