package-tracking-numberid7456.line.pm Open in urlscan Pro
162.240.232.172 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u.li2niu.com/PPDiWb
Effective URL:
https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&cou...
Submission: On July 17 via automatic, source phishtank (July 17th 2024, 3:12:05 am UTC) — Scanned from NL

Summary HTTP 13 Redirects Behaviour Indicators

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 162.240.232.172, located in United States and belongs to UNIFIEDLAYER-AS-1, US. The main domain is package-tracking-numberid7456.line.pm.
TLS certificate: Issued by R11 on July 13th 2024. Valid for: 3 months.

This is the only time package-tracking-numberid7456.line.pm was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: UPS (Transportation)

Domain & IP information

	IP Address	AS Autonomous System
1 1	188.114.96.9 188.114.96.9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 14	162.240.232.172 162.240.232.172	46606 (UNIFIEDLA...) (UNIFIEDLAYER-AS-1)
13	2

1 188.114.96.9 (Amsterdam, Netherlands) 1 redirects

ASN13335 (CLOUDFLARENET, US)

u.li2niu.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 162.240.232.172 (United States) 1 redirects

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 6882484.themovingexperience.com

package-tracking-numberid7456.line.pm	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	line.pm 1 redirects package-tracking-numberid7456.line.pm	910 KB
1	li2niu.com 1 redirects u.li2niu.com	399 B
13	2

	Domain	Requested by
14	package-tracking-numberid7456.line.pm	1 redirects package-tracking-numberid7456.line.pm
1	u.li2niu.com	1 redirects
13	2

This site contains no links.

Subject Issuer	Validity	Valid
www.package-tracking-numberid7456.line.pm R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl
Frame ID: 81AFA8F3C7120E0907C533BBC5B60E52
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Global Shipping & Logistics Services | UPS - United States

Page URL History Show full URLs

https://u.li2niu.com/PPDiWb HTTP 301
https://package-tracking-numberid7456.line.pm/?star HTTP 301
https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&W... Page URL

Detected technologies

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

913 kB
Transfer

912 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u.li2niu.com/PPDiWb HTTP 301
https://package-tracking-numberid7456.line.pm/?star HTTP 301
https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions
1 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response package-tracking-numberid7456.line.pm/ Redirect Chain https://u.li2niu.com/PPDiWb https://package-tracking-numberid7456.line.pm/?star https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl	21 KB 21 KB	535ms 534ms	Document text/html	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `961e87adbba968e6366def58fff2f7bb46ba2015dace28fb7babfef56402c1e9` Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers cache-control no-store, no-cache, must-revalidate content-type text/html; charset=UTF-8 date Wed, 17 Jul 2024 03:11:55 GMT expires Thu, 19 Nov 1981 08:52:00 GMT pragma no-cache server Apache Redirect headers cache-control no-store, no-cache, must-revalidate content-length 0 content-type text/html; charset=UTF-8 date Wed, 17 Jul 2024 03:11:53 GMT expires Thu, 19 Nov 1981 08:52:00 GMT location ?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl pragma no-cache server Apache
GET H2	200	ups_0021.css package-tracking-numberid7456.line.pm/assets/css/	108 KB 108 KB	530ms 530ms	Stylesheet text/css	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/css/ups_0021.css Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `7b9d3bb05c7bb49a2680609ff320fe6526b0cec48f2a0f8c580355352d54cf5d` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:55 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 110745 content-type text/css
GET H2	200	ups1.css package-tracking-numberid7456.line.pm/assets/css/	229 KB 229 KB	1205ms 1205ms	Stylesheet text/css	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `28daf19b1d0bef89f2388ebb2e9d9f44abbdd5ee9894515e5b774b5bcbc1dfbb` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:55 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 234613 content-type text/css
GET H2	200	css.css package-tracking-numberid7456.line.pm/assets/css/	7 KB 7 KB	878ms 878ms	Stylesheet text/css	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/css/css.css Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `d7c386848e3e41f2e3c8f38613bb8c456a710c2159e20f8466e0b23e0e50015e` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:55 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 6828 content-type text/css
GET H2	200	UPS_logo.svg package-tracking-numberid7456.line.pm/assets/img/	2 KB 2 KB	1079ms 1078ms	Image image/svg+xml	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://package-tracking-numberid7456.line.pm/assets/img/UPS_logo.svg Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:55 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 2162 content-type image/svg+xml
GET H2	200	jquery.js Show response package-tracking-numberid7456.line.pm/assets/js/	266 KB 266 KB	1215ms 1214ms	Script text/javascript	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/js/jquery.js Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:56 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 272153 content-type text/javascript
GET H2	200	mask.js Show response package-tracking-numberid7456.line.pm/assets/js/	23 KB 23 KB	1386ms 1386ms	Script text/javascript	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/js/mask.js Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:56 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 23177 content-type text/javascript
GET H2	404	social.jpg package-tracking-numberid7456.line.pm/assets/images/	315 B 315 B	1032ms 1032ms	Image text/html	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://package-tracking-numberid7456.line.pm/assets/images/social.jpg Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3` Request headers Referer https://package-tracking-numberid7456.line.pm/assets/css/ups1.css User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:57 GMT server Apache content-length 315 content-type text/html; charset=iso-8859-1
GET H2	200	Roboto-Regular.woff package-tracking-numberid7456.line.pm/assets/fonts/	92 KB 92 KB	710ms 709ms	Font font/woff	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/fonts/Roboto-Regular.woff Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2` Request headers Referer https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Origin https://package-tracking-numberid7456.line.pm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:57 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 93784 content-type font/woff
GET DATA	200 OK	truncated /	3 KB 3 KB		Font application/x-font-woff
General Check archive.org Show headers Download Go to Full URL data:truncated Protocol DATA Server -, , ASN (), Reverse DNS Software / Resource Hash `34c9719f7d735cabd8a39cc35659e8156e008d790d7813192c2c0ca789e99e44` Request headers Referer Origin https://package-tracking-numberid7456.line.pm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Type application/x-font-woff;charset=utf-8
GET H2	200	Roboto-Medium.woff package-tracking-numberid7456.line.pm/assets/fonts/	92 KB 92 KB	511ms 510ms	Font font/woff	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/fonts/Roboto-Medium.woff Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706` Request headers Referer https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Origin https://package-tracking-numberid7456.line.pm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:57 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 94364 content-type font/woff
GET H2	200	Roboto-Bold.woff package-tracking-numberid7456.line.pm/assets/fonts/	26 KB 26 KB	834ms 834ms	Font font/woff	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/fonts/Roboto-Bold.woff Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36` Request headers Referer https://package-tracking-numberid7456.line.pm/assets/css/ups1.css Origin https://package-tracking-numberid7456.line.pm User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:57 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 26564 content-type font/woff
GET H2	200	20220401-JTBD-US-MAEVE.webp package-tracking-numberid7456.line.pm/assets/img/	41 KB 42 KB	937ms 937ms	Image image/webp	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Show image Full URL https://package-tracking-numberid7456.line.pm/assets/img/20220401-JTBD-US-MAEVE.webp Requested by Host: package-tracking-numberid7456.line.pm URL: https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:57 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 42494 content-type image/webp
GET H2	200	favicon.ico package-tracking-numberid7456.line.pm/assets/img/	2 KB 2 KB	742ms 742ms	Other image/x-icon	162.240.232.172 UNIFIEDLAYER-AS-1
General Check archive.org Show headers Download Go to Full URL https://package-tracking-numberid7456.line.pm/assets/img/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 162.240.232.172 , United States, ASN46606 (UNIFIEDLAYER-AS-1, US), Reverse DNS 6882484.themovingexperience.com Software Apache / Resource Hash `9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8` Request headers Referer https://package-tracking-numberid7456.line.pm/?e050f59e4e5e70b2ae93cdd39550645d67c2ec1a=120f067c16b32be659e0180b31e62841&WebTracking=index&country=NL&lang=nl User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Wed, 17 Jul 2024 03:11:58 GMT last-modified Mon, 27 Jun 2022 05:34:16 GMT server Apache accept-ranges bytes content-length 2238 content-type image/x-icon

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: UPS (Transportation)

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			package-tracking-numberid7456.line.pm/	1969-12-31 23:59:59	Name: PHPSESSID Value: b5ef582058edfb65adfa8fb7797be0e5

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://package-tracking-numberid7456.line.pm/assets/images/social.jpg Message: Failed to load resource: the server responded with a status of 404 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

package-tracking-numberid7456.line.pm
u.li2niu.com
162.240.232.172
188.114.96.9
28daf19b1d0bef89f2388ebb2e9d9f44abbdd5ee9894515e5b774b5bcbc1dfbb
34c9719f7d735cabd8a39cc35659e8156e008d790d7813192c2c0ca789e99e44
4f543ad26c42709ef00a1921f7dd1aa27a1930a354ecb353196665e43dac3706
5fce1e38ce56a7e63a78d5811e54679dba8cd15d6455cf312f4d2bd886e42d36
7b9d3bb05c7bb49a2680609ff320fe6526b0cec48f2a0f8c580355352d54cf5d
84086bb634fc6fd223918894c6b74641811e06e84007937c5809942b7a02ddff
961e87adbba968e6366def58fff2f7bb46ba2015dace28fb7babfef56402c1e9
9ca2236bb4ec1714e173cecb6bcc95c82e12df204c7d4c87fe4b9f01135efce8
a416370f6f98339e7edf9fe2c70a45bf9cfba93c0520921db47d15c27934ba88
c511a38838f14cd23a3e2a7c7c9b7f2864a2a6b9e548053bb71b432a677966e2
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3
d7c386848e3e41f2e3c8f38613bb8c456a710c2159e20f8466e0b23e0e50015e
fe27203a5bf4ec6df5e01fcaa14cad6376afd0adbe5aca73b282fbdc85cb536b

package-tracking-numberid7456.line.pm Open in urlscan Pro 162.240.232.172 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

13 Requests

100 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

2 Countries

913 kBTransfer

912 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

13 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

2 JavaScript Global Variables

1 Cookies

1 Console Messages

Indicators

package-tracking-numberid7456.line.pm Open in urlscan Pro
162.240.232.172 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

913 kB
Transfer

912 kB
Size

1
Cookies

13 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!