safebrowser-ups.com-east-us392.xyz Open in urlscan Pro
199.250.204.160  Malicious Activity! Public Scan

Submitted URL: https://mm6emd.us.to/
Effective URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Submission: On April 30 via api from US — Scanned from US

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 199.250.204.160, located in United States and belongs to IMH-IAD, US. The main domain is safebrowser-ups.com-east-us392.xyz.
TLS certificate: Issued by R3 on April 27th 2024. Valid for: 3 months.
This is the only time safebrowser-ups.com-east-us392.xyz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

IP Address AS Autonomous System
1 1 92.205.24.185 21499 (GODADDY-SXB)
1 1 2a02:4780:b:1... 47583 (AS-HOSTINGER)
1 10 199.250.204.160 54641 (IMH-IAD)
9 2
Apex Domain
Subdomains
Transfer
10 com-east-us392.xyz
safebrowser-ups.com-east-us392.xyz
899 KB
1 urles.us
safebrowser.urles.us
438 B
1 us.to
mm6emd.us.to
299 B
9 3
Domain Requested by
10 safebrowser-ups.com-east-us392.xyz 1 redirects safebrowser-ups.com-east-us392.xyz
1 safebrowser.urles.us 1 redirects
1 mm6emd.us.to 1 redirects
9 3

This site contains no links.

Subject Issuer Validity Valid
safebrowser-ups.com-east-us392.xyz
R3
2024-04-27 -
2024-07-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Frame ID: 43A2FD83FA1E02389B55CC917889AD17
Requests: 10 HTTP requests in this frame

Screenshot

Page Title

Gl͏o͏b͏a͏l S͏h͏i͏p͏p͏i͏n͏g & L͏o͏g͏i͏s͏t͏i͏c͏s S͏e͏r͏v͏i͏c͏e͏s | UPS - Un͏i͏t͏e͏d St͏a͏t͏e͏s

Page URL History Show full URLs

  1. https://mm6emd.us.to/ HTTP 302
    https://safebrowser.urles.us/?ID=feda801cd0fe7a87a11afeae102ea63e893ef959cb5500e121f960993bfcf9bf HTTP 302
    https://safebrowser-ups.com-east-us392.xyz/?gass HTTP 302
    https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

2
IPs

2
Countries

901 kB
Transfer

901 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mm6emd.us.to/ HTTP 302
    https://safebrowser.urles.us/?ID=feda801cd0fe7a87a11afeae102ea63e893ef959cb5500e121f960993bfcf9bf HTTP 302
    https://safebrowser-ups.com-east-us392.xyz/?gass HTTP 302
    https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request find
safebrowser-ups.com-east-us392.xyz/track/
Redirect Chain
  • https://mm6emd.us.to/
  • https://safebrowser.urles.us/?ID=feda801cd0fe7a87a11afeae102ea63e893ef959cb5500e121f960993bfcf9bf
  • https://safebrowser-ups.com-east-us392.xyz/?gass
  • https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
26 KB
26 KB
Document
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
02556d0e1e1796dc21f0bd7e3bcd9e0aed303d66f43f123dd53d72bb7aba9eae

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html; charset=UTF-8
date
Tue, 30 Apr 2024 13:22:30 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
Apache

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 30 Apr 2024 13:22:30 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
location
track/find?eventid=e8dfb8cd89744970380b61278e70e906
pragma
no-cache
server
Apache
a1.css
safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/
383 KB
384 KB
Stylesheet
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/a1.css
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
13df30febbf469193f2ef3bb5b895b3fe6235ef1534ada207b631cbc4d2d0acf

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:30 GMT
last-modified
Sun, 01 Oct 2023 03:03:10 GMT
server
Apache
accept-ranges
bytes
content-length
392614
content-type
text/css
b2.css
safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/
153 KB
153 KB
Stylesheet
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/b2.css
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
63c1c2ddd32f7094371d03ef68662a94a410649f84e025fd730cf36e00d3700c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:30 GMT
last-modified
Sun, 01 Oct 2023 00:08:28 GMT
server
Apache
accept-ranges
bytes
content-length
156561
content-type
text/css
fNYZ3beJsC-logo.svg
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/
2 KB
2 KB
Image
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/fNYZ3beJsC-logo.svg
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:30 GMT
last-modified
Mon, 27 Jun 2022 05:34:16 GMT
server
Apache
accept-ranges
bytes
content-length
1964
content-type
image/svg+xml
jquery.js
safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/
266 KB
266 KB
Script
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/jquery.js
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:30 GMT
last-modified
Mon, 07 Aug 2023 20:43:48 GMT
server
Apache
accept-ranges
bytes
content-length
272153
content-type
application/javascript
mask.js
safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/
23 KB
23 KB
Script
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/js/mask.js
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:30 GMT
last-modified
Sun, 06 Aug 2023 21:13:18 GMT
server
Apache
accept-ranges
bytes
content-length
23177
content-type
application/javascript
social-icons-2022.png
safebrowser-ups.com-east-us392.xyz/Resources/Assets/images/
315 B
315 B
Image
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/images/social-icons-2022.png
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/a1.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/css/a1.css
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:31 GMT
server
Apache
content-length
315
content-type
text/html; charset=iso-8859-1
truncated
/
3 KB
3 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6cd12cdc19493452d402a1900867561dcf31dbdc6fa6f70cc77695c973139226

Request headers

Referer
Origin
https://safebrowser-ups.com-east-us392.xyz
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
PU-HHM-JTBD-Q323.webp
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/
42 KB
42 KB
Image
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/PU-HHM-JTBD-Q323.webp
Requested by
Host: safebrowser-ups.com-east-us392.xyz
URL: https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
f10348bdc465c8917e6fa19df5a529e576e9fa966533f933ac33981961ff71d4

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:31 GMT
last-modified
Sat, 30 Sep 2023 16:34:50 GMT
server
Apache
accept-ranges
bytes
content-length
43404
content-type
image/webp
favicon.ico
safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/
2 KB
2 KB
Other
General
Full URL
https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
199.250.204.160 , United States, ASN54641 (IMH-IAD, US),
Reverse DNS
vps105033.inmotionhosting.com
Software
Apache /
Resource Hash
9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://safebrowser-ups.com-east-us392.xyz/track/find?eventid=e8dfb8cd89744970380b61278e70e906
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 30 Apr 2024 13:22:31 GMT
last-modified
Mon, 27 Jun 2022 05:34:16 GMT
server
Apache
accept-ranges
bytes
content-length
2238
content-type
image/x-icon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
safebrowser.urles.us/ Name: PHPSESSID
Value: 73dc511de85b15b88f74c159662a0dc4
safebrowser-ups.com-east-us392.xyz/ Name: PHPSESSID
Value: 0c293a2fc146afaa3a5d0419b14c3aaf

1 Console Messages

Source Level URL
Text
network error URL: https://safebrowser-ups.com-east-us392.xyz/Resources/Assets/images/social-icons-2022.png
Message:
Failed to load resource: the server responded with a status of 404 ()