trckdlvry-uspscntrhlppdek.work.gd
Open in
urlscan Pro
20.222.68.50
Malicious Activity!
Public Scan
Submitted URL: https://53jewueikj84.swipepages.net/SkcUi
Effective URL: https://trckdlvry-uspscntrhlppdek.work.gd/Find?sslchannel=true&sessionid=1mvm7oB99JS63i62cPCZqutIiOBCoYoLMoxIN8oWRM6YBfmCk8HkumnEZ8TvyqYXG...
Submission: On May 13 via manual from US — Scanned from DE
Effective URL: https://trckdlvry-uspscntrhlppdek.work.gd/Find?sslchannel=true&sessionid=1mvm7oB99JS63i62cPCZqutIiOBCoYoLMoxIN8oWRM6YBfmCk8HkumnEZ8TvyqYXG...
Submission: On May 13 via manual from US — Scanned from DE
Summary
This website contacted 6 IPs
in 4 countries
across 5 domains to perform 21 HTTP transactions.
The main IP is 20.222.68.50, located in
Tokyo, Japan and
belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US.
The main domain is trckdlvry-uspscntrhlppdek.work.gd.
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 12th 2023. Valid for: 3 months.
This is the only time trckdlvry-uspscntrhlppdek.work.gd was scanned on urlscan.io!
TLS certificate: Issued by cPanel, Inc. Certification Authority on May 12th 2023. Valid for: 3 months.
This is the only time trckdlvry-uspscntrhlppdek.work.gd was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: UPS (Transportation)Domain & IP information
| IP Address | AS Autonomous System | ||
|---|---|---|---|
| 1 | 2400:52e0:1e0... 2400:52e0:1e00::1082:1 | 200325 (BUNNYCDN) (BUNNYCDN) | |
| 6 | 2400:52e0:1e0... 2400:52e0:1e00::1055:1 | 200325 (BUNNYCDN) (BUNNYCDN) | |
| 2 2 | 94.76.197.82 94.76.197.82 | 29550 (SIMPLYTRA...) (SIMPLYTRANSIT) | |
| 1 | 192.124.249.16 192.124.249.16 | 30148 (SUCURI-SEC) (SUCURI-SEC) | |
| 1 | 165.227.246.253 165.227.246.253 | 14061 (DIGITALOC...) (DIGITALOCEAN-ASN) | |
| 1 12 | 20.222.68.50 20.222.68.50 | 8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK) | |
| 21 | 6 |
2
94.76.197.82
(United Kingdom)
ASN29550 (SIMPLYTRANSIT, GB)
PTR: carina.dnshostcentral.com
ASN29550 (SIMPLYTRANSIT, GB)
PTR: carina.dnshostcentral.com
| www.lafrench.radio |
1
192.124.249.16
(Menifee, United States)
ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10016.sucuri.net
ASN30148 (SUCURI-SEC, US)
PTR: cloudproxy10016.sucuri.net
| www.dalsaram.com |
12
20.222.68.50
(Tokyo, Japan)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
| trckdlvry-uspscntrhlppdek.work.gd |
| Apex Domain Subdomains |
Transfer | |
|---|---|---|
| 12 |
work.gd
1 redirects
trckdlvry-uspscntrhlppdek.work.gd |
262 KB |
| 7 |
swipepages.com
scripts.swipepages.com — Cisco Umbrella Rank: 195127 app.swipepages.com — Cisco Umbrella Rank: 220680 |
64 KB |
| 2 |
lafrench.radio
2 redirects
www.lafrench.radio |
591 B |
| 1 |
dalsaram.com
www.dalsaram.com |
463 B |
| 1 |
swipepages.net
53jewueikj84.swipepages.net |
4 KB |
| 21 | 5 |
| Domain | Requested by | |
|---|---|---|
| 12 | trckdlvry-uspscntrhlppdek.work.gd |
1 redirects
www.dalsaram.com
trckdlvry-uspscntrhlppdek.work.gd |
| 6 | scripts.swipepages.com |
53jewueikj84.swipepages.net
scripts.swipepages.com |
| 2 | www.lafrench.radio | 2 redirects |
| 1 | app.swipepages.com |
scripts.swipepages.com
|
| 1 | www.dalsaram.com |
53jewueikj84.swipepages.net
|
| 1 | 53jewueikj84.swipepages.net | |
| 21 | 6 |
This site contains no links.
| Subject Issuer | Validity | Valid | |
|---|---|---|---|
| swipepages.net R3 |
2023-04-17 - 2023-07-16 |
3 months | crt.sh |
| *.swipepages.com R3 |
2023-04-13 - 2023-07-12 |
3 months | crt.sh |
| dalsaram.com Starfield Secure Certificate Authority - G2 |
2022-07-17 - 2023-07-17 |
a year | crt.sh |
| trckdlvry-uspscntrhlppdek.work.gd cPanel, Inc. Certification Authority |
2023-05-12 - 2023-08-10 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://trckdlvry-uspscntrhlppdek.work.gd/Find?sslchannel=true&sessionid=1mvm7oB99JS63i62cPCZqutIiOBCoYoLMoxIN8oWRM6YBfmCk8HkumnEZ8TvyqYXG81ZPj4S7PeCHZivmc0ZuebmfOieYG6NOHPABcf9EwBXgrz4cvvyFPzuvvMQhUdas8
Frame ID: 9C6C1F8874D9CC4FBF788EAEA4E1DEF1
Requests: 24 HTTP requests in this frame
Screenshot
Page Title
Global Shipping & Logistics Services | UPS - United StatesPage URL History Show full URLs
- https://53jewueikj84.swipepages.net/SkcUi Page URL
-
https://www.lafrench.radio/acser
HTTP 301
https://www.lafrench.radio/acser/ HTTP 302
https://www.dalsaram.com/redirect.php?code=banner&id=289&href=https://trckdlvry-uspscntrhlppdek.work.gd/ Page URL
-
https://trckdlvry-uspscntrhlppdek.work.gd/
HTTP 302
https://trckdlvry-uspscntrhlppdek.work.gd/Find?sslchannel=true&sessionid=1mvm7oB99JS63i62cPCZqutIiOBCoYoLMoxIN8oWRM6YB... Page URL
Detected technologies
jQuery
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
jQuery UI
(JavaScript Libraries)
Expand
Overall confidence: 100%
Detected patterns
Detected patterns
- jquery-ui.*\.js
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
- https://53jewueikj84.swipepages.net/SkcUi Page URL
-
https://www.lafrench.radio/acser
HTTP 301
https://www.lafrench.radio/acser/ HTTP 302
https://www.dalsaram.com/redirect.php?code=banner&id=289&href=https://trckdlvry-uspscntrhlppdek.work.gd/ Page URL
-
https://trckdlvry-uspscntrhlppdek.work.gd/
HTTP 302
https://trckdlvry-uspscntrhlppdek.work.gd/Find?sslchannel=true&sessionid=1mvm7oB99JS63i62cPCZqutIiOBCoYoLMoxIN8oWRM6YBfmCk8HkumnEZ8TvyqYXG81ZPj4S7PeCHZivmc0ZuebmfOieYG6NOHPABcf9EwBXgrz4cvvyFPzuvvMQhUdas8 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 6- https://www.lafrench.radio/acser HTTP 301
- https://www.lafrench.radio/acser/ HTTP 302
- https://www.dalsaram.com/redirect.php?code=banner&id=289&href=https://trckdlvry-uspscntrhlppdek.work.gd/
21 HTTP transactions
| Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
GET H2 |
SkcUi
53jewueikj84.swipepages.net/ |
13 KB 4 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.min.js
scripts.swipepages.com/js/ |
86 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
asyncloader.min.js
scripts.swipepages.com/js/vendor/ |
571 B 900 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
helpers.min.js
scripts.swipepages.com/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
tatsu.min.js
scripts.swipepages.com/js/ |
54 KB 16 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
analytics.min.js
scripts.swipepages.com/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
redirect.php
www.dalsaram.com/ Redirect Chain
|
230 B 463 B |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery-ui.min.js
scripts.swipepages.com/js/vendor/ |
28 KB 10 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
44 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
POST H/1.1 |
analytics
app.swipepages.com/api/ |
36 B 249 B |
XHR
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
82 B 0 |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Primary Request
Find
trckdlvry-uspscntrhlppdek.work.gd/ Redirect Chain
|
21 KB 3 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ups_0021.css
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/css/ |
108 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ups1.css
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/css/ |
229 KB 37 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
css.css
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/css/ |
7 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
ups-logo.svg
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/img/ |
2 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
jquery.js
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/js/ |
266 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
mask.js
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/js/ |
23 KB 6 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
social.jpg
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/images/ |
1 KB 1 KB |
Image
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-Bold.woff
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/fonts/ |
26 KB 26 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-Regular.woff
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/fonts/ |
92 KB 92 KB |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET DATA |
truncated
/ |
3 KB 3 KB |
Font
application/x-font-woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET H2 |
Roboto-Medium.woff
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/fonts/ |
32 KB 0 |
Font
font/woff |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
GET |
20220401-JTBD-US-MAEVE.webp
trckdlvry-uspscntrhlppdek.work.gd/us_assetz/img/ |
0 0 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Failed requests
These URLs were requested, but there was no response received. You will also see them in the list above.
- Domain
- trckdlvry-uspscntrhlppdek.work.gd
- URL
- https://trckdlvry-uspscntrhlppdek.work.gd/us_assetz/img/20220401-JTBD-US-MAEVE.webp
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: UPS (Transportation)1 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
boolean| credentialless3 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
| Domain/Path | Expires | Name / Value |
|---|---|---|
| 53jewueikj84.swipepages.net/ | Name: swipepages_user Value: hyvyzakt71klhmkn8io |
|
| 53jewueikj84.swipepages.net/ | Name: 645f7c2dbdcce300101c6a80 Value: 645f7c2dbdcce300101c6a82 |
|
| trckdlvry-uspscntrhlppdek.work.gd/ | Name: PHPSESSID Value: 84fc3fa464b168217d2c8ba991526860 |
1 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
| Source | Level | URL Text |
|---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
53jewueikj84.swipepages.net
app.swipepages.com
scripts.swipepages.com
trckdlvry-uspscntrhlppdek.work.gd
www.dalsaram.com
www.lafrench.radio
trckdlvry-uspscntrhlppdek.work.gd
165.227.246.253
192.124.249.16
20.222.68.50
2400:52e0:1e00::1055:1
2400:52e0:1e00::1082:1
94.76.197.82
28daf19b1d0bef89f2388ebb2e9d9f44abbdd5ee9894515e5b774b5bcbc1dfbb
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
7b9d3bb05c7bb49a2680609ff320fe6526b0cec48f2a0f8c580355352d54cf5d
82e02531ea4f45cbff2c0f71004344e4872380162a8128e9e523f97c73cf8d81
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
9f5ae3f644595dc6c5aa69ae618a108102bb62e1a38a50b89fd7af1b8ffe5eae
a3fb2f88561cfabfc062ba299d29176e3baa4217677348a37aed481e301333e3
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
d2d0f4951471ac28bc4084acec16ff110c6de4e76118e836affd556c55f1a392
d7c386848e3e41f2e3c8f38613bb8c456a710c2159e20f8466e0b23e0e50015e
d7e7e9011c4b157fd800f018124422887f75a321aa85c8eb826558d94773be87
ea512fc3a897eaff1deaf6d00f391e992c9a109067942c658e2fd3627375d026