safebrowser-ups.com-east-us392.xyz
Open in
urlscan Pro
199.250.204.160
Malicious Activity!
Public Scan
Effective URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Submission: On April 30 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on April 27th 2024. Valid for: 3 months.
This is the only time safebrowser-ups.com-east-us392.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 92.205.24.185 92.205.24.185 | 21499 (GODADDY-SXB) (GODADDY-SXB) | |
1 1 | 2a02:4780:b:1... 2a02:4780:b:1044:0:32b9:49ce:2 | 47583 (AS-HOSTINGER) (AS-HOSTINGER) | |
1 10 | 199.250.204.160 199.250.204.160 | 54641 (IMH-IAD) (IMH-IAD) | |
9 | 2 |
ASN21499 (GODADDY-SXB, DE)
PTR: 185.24.205.92.host.secureserver.net
mm6emd.us.to |
ASN47583 (AS-HOSTINGER, CY)
safebrowser.urles.us |
ASN54641 (IMH-IAD, US)
PTR: vps105033.inmotionhosting.com
safebrowser-ups.com-east-us392.xyz |
Apex Domain Subdomains |
Transfer | |
---|---|---|
10 |
com-east-us392.xyz
1 redirects
safebrowser-ups.com-east-us392.xyz |
899 KB |
1 |
urles.us
1 redirects
safebrowser.urles.us |
438 B |
1 |
us.to
1 redirects
mm6emd.us.to |
299 B |
9 | 3 |
Domain | Requested by | |
---|---|---|
10 | safebrowser-ups.com-east-us392.xyz |
1 redirects
safebrowser-ups.com-east-us392.xyz
|
1 | safebrowser.urles.us | 1 redirects |
1 | mm6emd.us.to | 1 redirects |
9 | 3 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
safebrowser-ups.com-east-us392.xyz R3 |
2024-04-27 - 2024-07-26 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Frame ID: 43A2FD83FA1E02389B55CC917889AD17
Requests: 10 HTTP requests in this frame
Screenshot
Page Title
Gl͏o͏b͏a͏l S͏h͏i͏p͏p͏i͏n͏g & L͏o͏g͏i͏s͏t͏i͏c͏s S͏e͏r͏v͏i͏c͏e͏s | UPS - Un͏i͏t͏e͏d St͏a͏t͏e͏sPage URL History Show full URLs
-
https://mm6emd.us.to/
HTTP 302
https://safebrowser.urles.us/?ID=feda801cd0fe7a87a11afeae102ea63e893ef959cb5500e121f960993bfcf9bf HTTP 302
https://safebrowser-ups.com-east-us392.xyz/?gass HTTP 302
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906 Page URL
Detected technologies
jQuery (JavaScript Libraries) ExpandDetected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://mm6emd.us.to/
HTTP 302
https://safebrowser.urles.us/?ID=feda801cd0fe7a87a11afeae102ea63e893ef959cb5500e121f960993bfcf9bf HTTP 302
https://safebrowser-ups.com-east-us392.xyz/?gass HTTP 302
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
9 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
find
safebrowser-ups.com-east-us392.xyz/track/ Redirect Chain
|
26 KB 26 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
a1.css
safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/ |
383 KB 384 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
b2.css
safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/ |
153 KB 153 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fNYZ3beJsC-logo.svg
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/ |
2 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.js
safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/ |
266 KB 266 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
mask.js
safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/ |
23 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
social-icons-2022.png
safebrowser-ups.com-east-us392.xyz/Resources/Assets/images/ |
315 B 315 B |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
PU-HHM-JTBD-Q323.webp
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/ |
42 KB 42 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
favicon.ico
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/ |
2 KB 2 KB |
Other
image/x-icon |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)2 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
function| $ function| jQuery2 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
safebrowser.urles.us/ | Name: PHPSESSID Value: 73dc511de85b15b88f74c159662a0dc4 |
|
safebrowser-ups.com-east-us392.xyz/ | Name: PHPSESSID Value: 0c293a2fc146afaa3a5d0419b14c3aaf |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
mm6emd.us.to
safebrowser-ups.com-east-us392.xyz
safebrowser.urles.us
199.250.204.160
2a02:4780:b:1044:0:32b9:49ce:2
92.205.24.185
02556d0e1e1796dc21f0bd7e3bcd9e0aed303d66f43f123dd53d72bb7aba9eae
13df30febbf469193f2ef3bb5b895b3fe6235ef1534ada207b631cbc4d2d0acf
63c1c2ddd32f7094371d03ef68662a94a410649f84e025fd730cf36e00d3700c
6cd12cdc19493452d402a1900867561dcf31dbdc6fa6f70cc77695c973139226
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8
9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
f10348bdc465c8917e6fa19df5a529e576e9fa966533f933ac33981961ff71d4